No End in Sight: Biometrics Litigation Trends

Cybersecurity Law Report
12 minute read | March.16.2022

Modern biometrics applications are myriad with more continually being developed. They allow users to unlock devices, make payments, detect theft, track time and much more. These applications are not overlooked by the plaintiffs' bar. Since 2019, more than 1,000 class action lawsuits have been filed under Illinois' Biometric Information Privacy Act (BIPA), and plaintiffs show no signs of slowing down. The public is also increasingly attuned to biometric privacy risks. The IRS, in response to an outcry last month, abandoned its plans to require facial recognition for online logins.

These are likely still the early innings of biometrics litigation and enforcement activity. Last month, Texas' attorney general entered the fray by filing suit against Facebook under Texas' own biometrics law. Illinois, Texas and Washington are the only states with standalone biometrics laws on the books, but at least 27 other states have introduced biometrics legislation.[1] Another 16 states and the District of Columbia address biometric privacy through existing privacy and data breach notification statutes.[2] Adding to the maze, companies must also be aware of city biometric laws passed in Portland, New York City and Baltimore.

Originally published in Cybersecurity Law Report; reprinted with permission.