By Jeff Bowen
The Biometric Information Privacy Act (BIPA), a 2008 Illinois law governing the collection, maintenance and disclosure of biometric data, has generated thorny jurisdictional issues for years. The statue places limitations on the collection and use of such data, mandates public disclosure of a plan governing the scope of use, and requires written consent from individuals whose data is obtained. BIPA also provides a private right of action for persons aggrieved by violation of those requirements. Under the 2016 Supreme Court case Spokeo v. Robins, 136 S. Ct. 1540 (2016), the harm alleged under a data privacy statute like this must be both concrete and particularized in order to give rise to standing in federal court. District courts applying Spokeo to BIPA claims have reached quite different results, with some allowing the claims to proceed and others remanding to state court or dismissing the claims outright. Earlier this year, the Seventh Circuit provided significant guidance as to the type of BIPA claims that may trigger federal jurisdiction, with individualized informational injury potentially meeting the standing threshold but violation of general disclosure requirements falling short. Bryant v. Compass Group USA, Inc., 958 F.3d 617 (7th Cir. 2020). The Bryant decision provides important information for both defense counsel and plaintiffs, though several other issues remain in play, such as the scope of preemption under statutes governing collective bargaining agreements and the availability of insurance coverage.