In a world where a face can unlock a phone and a handprint can open doors, the advent of biometric technology has been seen as a technological advancement that improves security and convenience for the population at large. While largely ignored after it was first passed, a near explosion of litigation of the Illinois Biometric Information Privacy Act (“BIPA”) has had steep consequences for businesses in the last five years. Between the Illinois Supreme Court’s decision in Rosenbach, determining a plaintiff need not show actual harm to establish standing for a BIPA action, and White Castle, determining damages under BIPA accrue per statutory violation, businesses are facing a disastrous future. Threats of potentially multi-billion-dollar judgments for collecting and storing biometric information without an individual’s written consent looms over large and small businesses alike. In response, defendants are using an array of preemption arguments to escape the potentially bankrupting judgments that can be awarded if a company is found liable for BIPA violations. This Note surveys the success and viability of various preemption arguments and recommends that states abdicate a private right of action for violations of biometric information privacy laws in favor of alternative enforcement mechanisms.
* J.D. Candidate, 2024, University of Illinois College of Law; B.S., 2018, University of Utah. My sincerest thanks to the members, editors, and staff of the University of Illinois Law Review for their meticulous and diligent work in publishing this Note.
The full text of this Note is available to download as a PDF.