Resurgent BIPA More Than Second Fiddle to CCPA?
With so much focus on California’s Consumer Privacy Act, its Jan. 1 effective date, the proposed regulations implementing it, the revisions to those proposed regulations, and so on, it can be tempting to overlook another state privacy law that has been on the books for more than a decade: the Illinois Biometric Information Privacy Act (BIPA).
[…]
What exactly is BIPA?
Put simply, the Illinois law “requires several delineated things with respect to compliance,” says Jeffrey Rosenthal, a partner at the law firm Blank Rome. Think “a privacy policy, notice, written release/consent, and reasonable security practices,” he continues.
[…]
More limited than the CCPA
Interestingly, BIPA “does not seem to have significantly curtailed companies’ desire to collect or use biometric data,” says Ana Tagvoryan, a partner at Blank Rome. “Rather, the impact is seen mostly with respect to how companies collect and use data,” such as by providing notice and obtaining consent before any such data is collected, she continues.
The law’s reach has turned out to have been more extensive than some may have anticipated. “Many companies—especially in the technology sector—have been targeted for allegedly violating Illinois’ biometrics law even though they maintain no physical presence [or] operations within the state,” Rosenthal notes.
[…]
More states join in
At the very least, BIPA “has been effective—both inside and outside Illinois—in raising awareness about the treatment of biometric data,” says Tagvoryan. Indeed, the Illinois law inspired other states to pursue their own biometric privacy laws.
“Resurgent BIPA More Than Second Fiddle to CCPA?” by Lori Tripoli was published in Compliance Week on February 21, 2020.