Repeated Accrual of Biometric Privacy Claims: Insights from Cothron v. White Castle

Repeated Accrual of Biometric Privacy Claims: Insights from Cothron v. White Castle

Introduction

Cothron v. White Castle System, Inc. is a pivotal case adjudicated by the United States Court of Appeals for the Seventh Circuit in December 2021. The case centers on the Illinois Biometric Information Privacy Act (BIPA), a statute designed to regulate the collection, use, and disclosure of biometric data. Latrina Cothron, the plaintiff, alleges that White Castle System, Inc. unlawfully collected and disclosed her biometric information without obtaining her written consent, thereby violating BIPA. The crux of the legal dispute lies in whether each instance of biometric data collection and transmission constitutes a separate violation under BIPA, thereby allowing a claim to accrue multiple times, or if the claim accrues only once upon the initial violation.

Summary of the Judgment

The Seventh Circuit Court of Appeals faced a significant legal question regarding the accrual of claims under BIPA. White Castle System, Inc. argued that Cothron's lawsuit was untimely, asserting that the claim accrued when the first fingerprint scan occurred after BIPA's enactment in 2008, making her suit time-barred under the statute of limitations. Conversely, Cothron contended that each unauthorized fingerprint scan and its subsequent transmission to a third party represented distinct violations, thereby allowing multiple accruals within the limitations period.

The district court rejected White Castle's argument, accepting Cothron's position that each instance of data collection and transmission could constitute separate claims. However, given the novel and complex nature of the legal issues involved, the district judge opted to certify the question to the Illinois Supreme Court for authoritative interpretation. The Seventh Circuit upheld this decision, recognizing the necessity for a definitive ruling from the state's highest court on whether BIPA allows for repeated accrual of claims.

Analysis

Precedents Cited

The judgment references several key precedents that shape the understanding of BIPA and its implications:

  • Bryant v. Compass Group USA, Inc.: Established that violations of BIPA's informed consent provisions inflict a concrete and particularized injury, thereby satisfying Article III standing requirements.
  • Fox v. Dakkota Integrated Systems, LLC: Extended the reasoning in Bryant to other sections of BIPA, confirming that unlawful retention of biometric data constitutes actionable harm.
  • Rosenbach v. Six Flags Entertainment Corp.: Interpreted BIPA's provisions concerning privacy and control over biometric data, emphasizing that any violation aggrieves the plaintiff.
  • Spokeo, Inc. v. Robins and LUJAN v. DEFENDERS OF WILDLIFE: Provided foundational principles on standing and concrete injuries under Article III.

These cases collectively inform the court's analysis of whether repeated violations under BIPA can lead to multiple claims.

Legal Reasoning

The court meticulously dissected the statutory language of BIPA, focusing on sections 15(b) and 15(d), which prohibit the collection and disclosure of biometric data without consent. Cothron's argument hinges on a literal interpretation: each unauthorized scan and transmission is a discrete violation, thus allowing for multiple accruals. White Castle countered by invoking the single-publication rule, suggesting that BIPA should be treated similarly to defamation laws where claims accrue only once per defamatory statement.

However, the court identified key distinctions. While the single-publication rule is well-suited to preventing repetitive litigation over a single defamatory act, BIPA's regulated interactions with biometric data present a different scenario. The court observed that repeated scans and transmissions could individually contribute to invasions of privacy, each potentially exacerbating the risk of data misuse.

Ultimately, the court found the question sufficiently novel and significant to warrant referral to the Illinois Supreme Court, recognizing the need for authoritative clarity on the matter.

Impact

The decision to certify the question to the Illinois Supreme Court underscores the broader legal community's uncertainty regarding the enforcement of BIPA. A ruling affirming repeated accrual would empower plaintiffs by allowing claims for each unauthorized biometric interaction, potentially leading to substantial damages against violators. Conversely, limiting accrual to the initial violation could streamline litigation but might reduce the deterrent effect of BIPA. Future cases involving biometric data collection by employers, businesses, and other entities will hinge on the forthcoming interpretation by the Illinois Supreme Court, influencing compliance practices and privacy protections nationwide.

Complex Concepts Simplified

Biometric Information Privacy Act (BIPA)

BIPA is an Illinois law enacted in 2008 to protect individuals' biometric data—biologically unique identifiers like fingerprints and iris scans. The law mandates that private entities obtain written consent before collecting or disclosing biometric information and provides for legal remedies if these provisions are violated.

Accrual of Claims

Accrual of a claim refers to the point in time when a legal cause of action arises, triggering the statute of limitations—the time frame within which a lawsuit must be filed. Whether a claim accrues once or multiple times affects the timeliness and viability of legal actions.

Article III Standing

Article III of the U.S. Constitution requires that plaintiffs demonstrate a concrete and particularized injury that is actual or imminent. This principle ensures that federal courts hear only actual disputes where the party seeking relief is adequately affected.

Conclusion

Cothron v. White Castle System, Inc. highlights the evolving landscape of biometric privacy law under BIPA. By certifying the question of whether claims accrue repeatedly, the Seventh Circuit acknowledges the complexities inherent in balancing privacy protections with legal procedural norms. The impending decision by the Illinois Supreme Court will have far-reaching implications, potentially redefining how biometric data is regulated and litigated. Stakeholders—from employers implementing biometric systems to employees concerned about their privacy—will keenly await guidance to navigate the legal obligations and protections afforded by BIPA.

Case Details

Year: 2021
Court: United States Court of Appeals, Seventh Circuit

Judge(s)

Sykes, Chief Judge.

Attorney(S)

Teresa M. Becvar, Andrew C. Ficzko, Ryan F. Stephan, James B. Zouras, Attorneys, Stephan Zouras, LLP, Chicago, IL, for Plaintiff-Appellee. Melissa A. Siebert, Erin Bolan Hines, William F. Northrip, Attorneys, Shook, Hardy & Bacon LLP, Chicago, IL, for Defendant-Appellant. Meredith C. Slawe, Attorney, Cozen O'Connor, Philadelphia, PA, for Amici Curiae Retail Litigation Center, Inc., Restaurant Law Center. Debra Rae Bernard, Attorney, Perkins Coie LLP, Chicago, IL, Sopen B. Shah, Attorney, Perkins Coie LLP, Madison, WI, for Amicus Curiae LeadingAge Illinois. Jed Wolf Glickstein, Attorney, Mayer Brown LLP, Chicago, IL, for Amicus Curiae Internet Association. Randall D. Schmidt, Attorney, Mandel Legal Aid Clinic, Chicago, IL, for Amicus Curiae American Association for Justice. Catherine Simmons-Gill, Attorney, Office of Catherine Simmons-Gill, LLC, Chicago, IL, for Amicus Curiae NELA/Illinois. Alan Butler, Attorney, Alan Butler, Washington, DC, for Amicus Curiae Electronic Privacy Information Center.

Comments