Following Illinois Governor J.B. Pritzker's signing of an amendment to the state’s Biometric Information Privacy Act (BIPA), the Information Technology and Innovation Foundation (ITIF) released a statement from Senior Policy Manager Ash Johnson.

"BIPA is a prime example of privacy legislation gone too far. With steep fines for even minor violations and a private right of action that has gone out of control, with multiple multi-million-dollar settlements. This has led companies to limit the technology available to Illinois consumers or even pull out of the state entirely," Johnson stated.

The recent amendment allows companies to obtain consent electronically for biometric data collection and reduces penalties for violations from $1,000 per instance to $1,000 per person. However, Johnson noted that these changes do not address the surge in BIPA-related lawsuits since a 2019 ruling determined plaintiffs are not required to show harm. "Companies still have a strong incentive to continue limiting the technology available in Illinois," he added.

Johnson further commented on the broader implications of biometric data collection laws: "Biometric data collection is not the Big Bad Wolf privacy fundamentalists make it out to be. There are countless beneficial uses of biometric data, and overly burdensome laws like BIPA place costly barriers in the way of reaping these benefits."

He advocated for a balanced federal data privacy law that would preempt state laws like BIPA, aiming to protect all forms of personal data without stifling innovation. "In the meantime, states should look to BIPA as a cautionary tale and avoid costly regulation that benefits trial lawyers far more than ordinary consumers," Johnson concluded.

Contact: Nicole Hinojosa, [email protected]