Follow: Email

On May 5, 2020, the Seventh Circuit held that violations of the section 15(b) disclosure and informed consent provisions of the Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq. (“BIPA”) constitute “an invasion of personal rights that is both concrete and particularized” for the purposes of establishing Article III standing to sue in federal courts.  However, the Seventh Circuit also held that the alleged harms associated with violations of section 15(a) of BIPA were insufficient to establish Article III standing.  Section 15(a) mandates public disclosure of a retention schedule and guidelines for permanent destruction of collected biometric information.

Covington has previously discussed developments in BIPA litigation, which has proliferated in recent years with the advancement of relevant technologies.  The increase in BIPA litigation has been accompanied by a rise in disputes over the nature of the harm required to sustain an action, both in state and federal courts.  Although this issue was seemingly resolved at the state-level by the Illinois Supreme Court’s 2019 Rosenbach decision, federal courts have continued to grapple with the issue for the purposes of Article III standing.
Continue Reading Seventh Circuit Rules on Article III Standing Issues in Illinois BIPA Lawsuit, Allowing Case to Proceed in Federal Court

In response to the COVID-19 outbreak, several U.S. government entities have released warnings about a rise in scams and fraudulent activity connected to the outbreak.  In a recent bulletin, the FBI warned of a rise in phishing emails, counterfeit treatments or equipment for COVID-19 preparedness, and fake emails from the Centers for Disease Control and Prevention (CDC) purporting to provide information about the outbreak.  The FTC, meanwhile, has released not only a general overview of the steps that it is taking to combat scams related to COVID-19, but has also provided a specific list of seven types of COVID-19 scams that it has observed targeting businesses.  More information about these scams, and guidance from the FBI and FTC on how to protect against and respond to some of the most common risks, is below.
Continue Reading COVID-19 Cybersecurity Advice: FTC and FBI Provide Guidance on Cybersecurity Scam Trends and Preventive Measures

On March 21, 2020, the data security requirements of the New York SHIELD Act became effective.  The Act, which amends New York’s General Business Law, represents an expansion of New York’s existing cybersecurity and data breach notification laws.  Its two main impacts on businesses are:

  1. expanding data breach notification requirements under New York law; and

On August 9, 2019, the U.S. Department of Commerce’s National Institute of Standards and Technology (“NIST”) submitted its plan for federal engagement in the development of artificial intelligence standards.  The plan was developed in response to the Executive Order signed by President Trump earlier this year, which required NIST to “issue a plan for Federal engagement in the development of technical standards and related tools in support of reliable, robust, and trustworthy systems that use AI technologies.”  The final plan incorporates comments from over 40 organizations that commented on a draft released in July.     
Continue Reading AI Update: NIST Releases its Plan to Develop AI Standards

On April 24, 2019, the Supreme Court issued its opinion in Lamps Plus, Inc., et al. v. Varela, addressing the question of whether an ambiguous arbitration agreement can be read to compel class arbitration under the Federal Arbitration Act, 9 U.S.C. §§ 1-16 (2000). Underscoring the controversial nature of this decision, the case was decided by a 5-4 split that included dissenting opinions authored by Justices Ginsburg, Breyer, Sotomayor, and Kagan. The majority opinion, authored by Chief Justice Roberts, held that contract ambiguity did not suffice to compel class arbitration.

Continue Reading U.S. Supreme Court Affirms the Necessity of Express Authorization for Class Arbitration

The U.S. Supreme Court issued a per curiam opinion today vacating a Ninth Circuit judgment in Frank v. Gaos.  The decision remands the privacy class action settlement claims involving Google for further proceedings consistent with the Court’s Article III standing ruling in Spokeo, Inc. v. Robins.

Continue Reading Supreme Court Remands Google Privacy Settlement on Standing Grounds

On March 11, 2019, a bipartisan group of lawmakers including Sen. Mark Warner and Sen. Cory Gardner introduced the Internet of Things (IoT) Cybersecurity Improvement Act of 2019. The Act seeks “[t]o leverage Federal Government procurement power to encourage increased cybersecurity for Internet of Things devices.” In other words, this bill aims to shore up cybersecurity requirements for IoT devices purchased and used by the federal government, with the aim of affecting cybersecurity on IoT devices more broadly.

Continue Reading Senate Reintroduces IoT Cybersecurity Improvement Act

The regular session of the Florida Legislature began on March 5, 2019. Over the course of the 60 day session, the Legislature will consider a number of bills on a variety of topics. Among the measures that will be considered are two bills that address biometric information privacy: one from House Representative Bobby DuBose (D) (HB1153) and one from Senator Gary Farmer, Jr. (D) (SB 1270).

Continue Reading Florida Legislature Proposes State Biometric Information Privacy Act

On January 25, 2019, the Illinois Supreme Court published its widely anticipated decision in Rosenbach v. Six Flags Entertainment Corporation et al., addressing the question of what it means to be an “aggrieved” person under the Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq. (“BIPA”). Under BIPA, aggrieved persons are entitled to seek liquidated damages and injunctive relief. In a unanimous decision authored by Chief Judge Karmeier, the court held that individuals seeking relief under BIPA “need not allege some actual injury or adverse effect” to be considered aggrieved persons.

Continue Reading Illinois Supreme Court Decides Actual Harm Not Required to Bring Claim Under BIPA

On December 29, 2018, the Northern District of Illinois dismissed a case brought against Google under the Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq. (“BIPA”) on standing grounds. Plaintiffs, Lindabeth Rivera and Joseph Weiss, alleged that Google violated BIPA by failing to obtain informed consent from users prior to collecting, storing, and utilizing their biometric information to create “face-geometry scans” from photos uploaded on Google Photos.

Continue Reading Federal Court Dismisses Illinois BIPA Suit for Lack of Standing