Expanded Rights under Illinois Biometric Information Privacy Act: Defining "Aggrieved Person"

Expanded Rights under Illinois Biometric Information Privacy Act: Defining "Aggrieved Person"

Introduction

The landmark case Stacy Rosenbach v. Six Flags Entertainment Corporation et al. (432 Ill. Dec. 654) represents a significant development in the interpretation of the Illinois Biometric Information Privacy Act (BIPA). This case revolves around the application of BIPA to individuals who have had their biometric information collected without proper consent, specifically addressing whether an individual must demonstrate actual harm beyond the statutory violation to seek redress.

The parties involved include Stacy Rosenbach, acting as the mother and next friend of her minor son, Alexander Rosenbach (the appellant), and Six Flags Entertainment Corporation along with its subsidiary Great America LLC (the appellees). The central issue was whether Rosenbach could claim damages and injunctive relief under BIPA without alleging specific harm resulting from the unauthorized collection of her son's biometric data.

Summary of the Judgment

The Supreme Court of Illinois reversed the appellate court's decision, holding that an individual does not need to demonstrate actual injury or adverse effect beyond the statutory violation to qualify as an "aggrieved person" under BIPA. The court emphasized that the mere violation of BIPA's provisions constitutes sufficient grounds for an action. Consequently, Rosenbach was entitled to seek liquidated damages and injunctive relief without needing to prove additional harm.

Analysis

Precedents Cited

The judgment extensively referenced prior Illinois cases to elucidate the interpretation of "aggrieved person." Notable cases include:

  • Glos v. People (1913): Defined "aggrieved" as having a substantial grievance or a denial of a personal or property right.
  • People v. Ligon (2016): Highlighted that statutory terms should be interpreted based on their plain and ordinary meaning unless defined otherwise.
  • AMERICAN SURETY CO. v. JONES (1943): Reinforced the understanding that being aggrieved involves a legal right being invaded.

These precedents collectively support the court's interpretation that statutory violations alone can render an individual aggrieved, aligning with the purpose of BIPA to proactively protect biometric privacy.

Legal Reasoning

The court emphasized statutory construction principles, primarily giving effect to the legislature's intent. It analyzed the language of BIPA, specifically section 20, which grants any "aggrieved person" the right to action without mandating the demonstration of additional harm. The court distinguished BIPA from other statutes requiring proof of actual damage, noting that BIPA's objective is to regulate biometric data collection proactively.

Furthermore, the court criticized the appellate court's characterization of statutory violations as merely "technical," arguing that such violations inherently constitute significant harm given the irreversible nature of biometric data misuse.

Impact

This judgment extends the protective scope of BIPA, allowing individuals to seek remedies based solely on statutory violations without the burden of proving additional harm. It enhances the enforceability of biometric privacy rights, encouraging businesses to adhere strictly to consent and disclosure requirements. Future cases involving unauthorized biometric data collection will likely lean on this precedent, strengthening plaintiffs' positions in BIPA-related litigation.

Complex Concepts Simplified

Biometric Information Privacy Act (BIPA)

BIPA is Illinois legislation aimed at regulating the collection, use, storage, and destruction of individuals' biometric data, such as fingerprints and facial recognition data. It mandates that businesses obtain informed consent before collecting biometric information and provides individuals with the right to sue for violations.

Aggrieved Person

Under BIPA, an "aggrieved person" is someone whose legal rights have been violated by the improper handling of their biometric information. Traditionally, this term might require proof of actual harm or damage, but this case establishes that the mere violation of BIPA's provisions suffices.

Private Right of Action

This refers to the ability of individuals to sue for violations of specific statutes in civil court, without needing the government to initiate the lawsuit.

Conclusion

The Supreme Court of Illinois' decision in Rosenbach v. Six Flags significantly broadens the interpretation of "aggrieved person" under BIPA, affirming that statutory violations alone justify legal action. This judgment underscores the importance of biometric privacy and reinforces the need for businesses to comply meticulously with consent and disclosure requirements. By eliminating the necessity to demonstrate additional harm, the court empowers individuals to actively protect their biometric information, aligning legal frameworks with the evolving landscape of digital privacy.

Key Takeaway: Individuals can pursue legal remedies under BIPA solely based on the unauthorized collection of their biometric data, without needing to prove additional injury, thereby strengthening the enforcement of biometric privacy rights.

Case Details

Year: 2019
Court: SUPREME COURT OF THE STATE OF ILLINOIS

Attorney(S)

Phillip A. Bock and David M. Oppenheim, of Bock, Hatch, Lewis & Oppenheim, LLC, of Chicago, and Ilan Chorowsky and Mark Bulgarelli, of Progressive Law Group, LLC, of Evanston, for appellant. Debra R. Bernard, of Perkins Coie LLP, of Chicago, and Kathleen M. O’Sullivan, of Perkins Coie LLP, of Seattle, Washington, for appellees. Rebecca K. Glenberg, Megan Rosenfeld, and Michael C. Landis, all of Chicago, Joseph Jerome, of Washington, D.C., Adam Schwartz, of San Francisco, California, and Nathan Freed Wessler, of New York, New York, for amici curiae American Civil Liberties Union et al. Adam J. Levitt and Amy E. Keller, of DiCello Levitt & Casey LLC, of Chicago, and Marc Rotenberg, Alan Butler, and Natasha Babazadeh, of Washington, D.C., for amicus curiae Electronic Privacy Information Center. Melissa A. Siebert and Bonnie Keane DelGobbo, of Baker Hostetler LLP, of Chicago, and Angelo I. Amador, of Washington, D.C., for amici curiae Restaurant Law Center et al. Gary M. Miller, of Shook, Hardy & Bacon L.L.P., of Chicago, for amici curiae Illinois Retail Merchants Association et al. Michele Odorizzi and Michael A. Scodro, of Mayer Brown LLP, of Chicago, and Lauren R. Goldman and Michael Rayfield, of Mayer Brown LLP, of New York, New York, for amicus curiae Internet Association. Noah A. Finkel and Thomas E. Ahlering, of Seyfarth Shaw LLP, of Chicago, for amicus curiae Illinois Chamber of Commerce.

Comments