On April 1, 2026, the Seventh Circuit in Clay v. Union Pacific Railroad Company held that an amendment to the Illinois Biometric Information Privacy Act (BIPA), limiting damages to a per-person basis, applies retroactively to cases pending when the amendment was enacted in 2024. This decision limits the potential statutory damages plaintiffs may obtain for pending BIPA cases.

In 2024, Illinois enacted an amendment to BIPA which states that an entity that, in more than one instance, obtains the same biometric identifier or biometric information from the same person using the same method of collection in violation of BIPA’s notice and consent requirement has committed a single violation. The amendment overturned an Illinois Supreme Court decision in Cothron v. White Castle Sys., Inc. that had held that “a claim accrues under [BIPA] with every scan or transmission of biometric identifiers or biometric information without prior informed consent.” Thus, as a result of the 2024 amendment, each aggrieved person is entitled to, at most, one recovery for a single collective violation (as opposed to recovering for every instance an identifier was collected from the same aggrieved person).

Several lower courts held that the amendment only applied prospectively and in Clay, the Seventh Circuit consolidated three interlocutory appeals posing the question of whether the amendment should apply prospectively or retroactively. If the statute is silent on its temporal reach, Illinois courts consider whether the amendment is a substantive or procedural change to the law. Illinois law has affirmed the “general principle that remedial changes are procedural,” not substantive changes and apply retroactively. Clay v. Union Pac. R.R. Co., 2026 WL 891902, at *6 (7th Cir. Apr. 1, 2026). The Seventh Circuit determined that the BIPA amendment was a remedial change and therefore applied to pending cases because it amended the liquidated damages section of the law and “the plain language of the amendment focuses on remedies.” Id. at *4. Consequently, the amendment “simply changed the statutory award of damages available to plaintiffs, cabining the discretion of trial court judges when they fashion the remedy.” Id. at *6. Had the court gone the other way, it likely would have subjected businesses with pending cases to significantly higher penalties.

Tags: Biometric Privacy, Seventh Circuit
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on managing privacy, cyber security, and artificial intelligence risks, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with U.S. and global privacy laws.

Libbie Canter represents a wide variety of multinational companies on managing privacy, cyber security, and artificial intelligence risks, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with U.S. and global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state laws, including the California Consumer Privacy Act, the Colorado AI Act, and other state laws. As part of her practice, she also regularly represents clients in strategic transactions involving personal data, cybersecurity, and artificial intelligence risk and represents clients in enforcement and litigation postures.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations.

Chambers USA 2025 ranks Libbie in Band 3 Nationwide for both Privacy & Data Security: Privacy and Privacy & Data Security: Healthcare. Chambers USA notes, Libbie is “incredibly sharp and really thorough. She can do the nitty-gritty, in-the-weeds legal work incredibly well but she also can think of a bigger-picture business context and help to think through practical solutions.”

Read more about Libbie CanterEmail
Show more Show less
Photo of Kathryn Cahoy Kathryn Cahoy

Kate Cahoy co-chairs the firm’s Class Action Litigation Practice Group and serves on the leadership committee for the firm’s Technology Industry Group. A highly skilled litigator, she defends clients in complex, high-stakes class action disputes, securing significant victories across various industries, including technology…

Kate Cahoy co-chairs the firm’s Class Action Litigation Practice Group and serves on the leadership committee for the firm’s Technology Industry Group. A highly skilled litigator, she defends clients in complex, high-stakes class action disputes, securing significant victories across various industries, including technology, entertainment, consumer products, and financial services. Kate also plays a key role in the firm’s mass arbitration defense practice. She regularly advises companies on the risks associated with mass arbitration and has a proven track record of successfully defending clients against these challenges.

Leveraging her success in class action litigation and arbitration, Kate helps clients develop strategic and innovative solutions to their most challenging legal issues. She has extensive experience litigating cases brought under California’s Section 17200 and other consumer protection, competition, and privacy laws, including the Sherman Act, California Consumer Privacy Act (CCPA), California Invasion of Privacy Act (CIPA), Wiretap Act, Stored Communications Act, Children’s Online Privacy Protection Act (COPPA), Video Privacy Protection Act (VPPA), along with common law and constitutional rights of privacy, among others.

Kate’s exceptional legal work has earned widespread recognition. The Daily Journal named her successful defense of Meta and Microsoft cases described below as among its Top Verdicts, recognizing some of the largest and most impactful verdicts in California.

Recent Successes:

Represented Meta (formerly Facebook) in a putative nationwide advertiser class action alleging violations under the California Unfair Competition Law (UCL) related to charges from allegedly “fake” accounts. Successfully narrowed claims at the pleadings stage, defeated class certification, opposed a Rule 23(f) petition, won summary judgment, and defended the victory on appeal to the Ninth Circuit. (Daily Journal, Top Verdicts of 2021. Law.com recognized Kate with a Litigator of the Week Shoutout.
Defeated a landmark class action lawsuit against Microsoft and OpenAI contending that the defendants scraped data from the internet for training generative AI services and incorporated data from users’ prompts, allegedly in violation of CIPA, the Computer Fraud and Abuse Act (CFAA), and other privacy and consumer protection laws. (Daily Journal, Top Verdicts of 2024.)

Kate regularly contributes to the firm’s blog, Inside Class Actions, and was recently featured in a Litigation Daily interview titled “Where Privacy Laws and Litigation Trends Collide.” In recognition of her achievements in privacy and antitrust class action litigation, the Daily Journal named her as one of their Top Antitrust Lawyers (2024), Top Cyber Lawyers (2022), and Top Women Lawyers in California (2023). Additionally, she received the Women of Influence award from the Silicon Valley Business Journal, was recognized by the Daily Journal as a Top Attorney Under 40, and also was named to Bloomberg Law’s They’ve Got Next: The 40 Under 40 list.

Read more about Kathryn CahoyEmail
Show more Show less
Photo of Natalie Dugan Natalie Dugan

Natalie Dugan is an associate in the firm’s Washington, DC office and a member of the Data Privacy and Cybersecurity Practice Group.

Natalie advises clients on a broad range of data privacy and cybersecurity issues and across industries. Natalie’s practice includes helping clients…

Natalie Dugan is an associate in the firm’s Washington, DC office and a member of the Data Privacy and Cybersecurity Practice Group.

Natalie advises clients on a broad range of data privacy and cybersecurity issues and across industries. Natalie’s practice includes helping clients comply with existing and emerging state privacy laws, such as the California Consumer Privacy Act and the California Privacy Rights Act, along with federal privacy frameworks such as those set forth by the Federal Trade Commission and consumer protection laws and guidance.

With a focus on AdTech and related privacy issues, Natalie routinely partners with clients to develop privacy notices and choices, draft and negotiate privacy terms with vendors and third parties, and design related governance programs and new products. Additionally, Natalie helps clients strategically engage with and respond to privacy-related inquiries from regulators like the FTC, the California Privacy Protection Agency, and state attorneys general.

Natalie also counsels clients on various other technology-related consumer protection issues, such as state “right-to-repair” legislation and anti-tying warranty provisions under the Magnuson-Moss Warranty Act.

Read more about Natalie DuganEmail
Show more Show less
Photo of Thea McCullough Thea McCullough

Thea McCullough counsels national and multinational companies across industries as a member of the Data Privacy and Cybersecurity, Litigation, and Public Policy practice groups.

Thea advises clients on a broad range of privacy issues, such as privacy policies and data practices, responses to…

Thea McCullough counsels national and multinational companies across industries as a member of the Data Privacy and Cybersecurity, Litigation, and Public Policy practice groups.

Thea advises clients on a broad range of privacy issues, such as privacy policies and data practices, responses to regulatory inquiries, and compliance obligations under federal and state privacy regulations, including biometric privacy laws. She also represents clients before the Federal Trade Commission in privacy enforcement actions and in consumer protection litigation.

Thea draws on her past experience across all branches of government to inform her practice and to advise clients on public policy matters. Most recently, Thea served as a clerk for the U.S. District Court for the Eastern District of Texas. Prior to beginning her legal career, Thea served as the communications director for the White House National Space Council, where she spearheaded messaging campaigns for Presidential Space Policy Directives and the administration’s civil, commercial, and defense space policy initiatives, and previously as the communications director for the U.S. House Committee on Science, Space, and Technology, where she managed the communications team and developed messaging strategies for policy and legislation covering several issue areas, including cybersecurity, advanced technologies, space, energy, environment, and oversight. She also served as a national spokesperson for President Trump’s 2020 campaign.

Thea is admitted to the DC Bar under DC App. R. 46-A (Emergency Examination Waiver); Practice Supervised by DC Bar members.

Read more about Thea McCulloughEmail
Show more Show less
Photo of Bryan Ramirez Bryan Ramirez

Bryan Ramirez is an associate in the firm’s San Francisco office and is a member of the Data Privacy and Cybersecurity Practice Group. He advises clients on a range of regulatory and compliance issues, including compliance with state privacy laws. Bryan also maintains…

Bryan Ramirez is an associate in the firm’s San Francisco office and is a member of the Data Privacy and Cybersecurity Practice Group. He advises clients on a range of regulatory and compliance issues, including compliance with state privacy laws. Bryan also maintains an active pro bono practice.

Read more about Bryan RamirezEmail
Show more Show less