Snapchat’s parent company is defending against a class-action lawsuit in the U.S. District Court for the Northern District of Illinois brought by two platform users identified as Adrian Coss and Maribel Ocampo. 

The lawsuit alleges that the platform violates the Illinois Biometrics Information Privacy Act by failing to provide users with the required disclosures under the act while collecting, storing and sharing users’ unique facial features and voices. 

The Illinois Biometric Information Privacy Act enacted in 2008 was an important first step in developing policy on biometrics. According to the law, a private entity possessing biometric information accessible to the public must have a retention schedule and policy for permanently destroying biometric information. Additionally, there are restrictions on how a private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person's or a customer's biometric identifier or biometric information. Most importantly, this law requires obtaining written consent prior to collecting biometric information as the law provides a private right of action for anyone injured under the Act. 

Lanton Law’s technology practice, which includes biometrics and privacy issues, has been monitoring the Illinois Biometric Information Privacy Act for some time. We have posted several blogs addressing this issue as companies continue to evolve biometrics into their business models. 

Lanton Law is a national healthcare and life science boutique law and government affairs firm that closely monitors legislative, regulatory and legal developments for our clients. Our healthcare practice can help stakeholders understand what’s at issue so that we can help our valued clients reach their goals. Contact us to learn about how either our legal or lobbying services can help you attain your priorities.   

Lanton Law’s publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without prior written consent of us. To request reprint permission for any of our publications, please use our “Let’s Chat” form, which can be found on our website at www.lantonlaw.com. The mailing of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship.

Senator Creem and Senator Lesser have introduced S.46 titled “An Act Establishing the Massachusetts Information Privacy Act.” The bill can be found here. The Act applies to Massachusetts businesses that earn $10,000 or more annual revenue through 300 or more transactions or that process or maintain the personal information of 10,000 or more unique individuals during the course of a calendar year. The bill has protections on the collection of biometric or location information and seeks to prevent companies from discriminating based on consumer personal information. The MA Information Privacy Commission would also be created by this proposal to oversee this bill’s regulatory scheme. 

This bill mirrors the efforts unleashed by the landmark General Data Protection Regulation (GDPR) in Europe which has been followed by efforts in California. Massachusetts did have a predecessor to S.46 in 2019 which stalled in the legislature.

The bill is currently in the Advanced Information Technology, the Internet and Cybersecurity Committee.  If you are a technology, healthcare or commerce stakeholder then this is something to keep a watch on.  

Lanton Law is a national healthcare & technology law and government affairs firm. Our technology practice has been monitoring privacy developments nationwide. If you are a commerce, technology or healthcare/life science stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

On February 26, 2021 in the United States District Court Northern District of California, the Court found that Facebook was ordered to pay $650 million. This issue derived from the underlying lawsuit alleging whether the collection of an individual's biometric data in violation of the Illinois Biometric Information Privacy Act is sufficient to establish Article III standing. As a result of this dispute, the company’s automatic facial recognition tagging features are now an opt-in feature instead of being an opt-out choice. 

The Illinois Biometric Information Privacy Act enacted in 2008 was an important first step in developing policy on biometrics. According to the law, a private entity possessing biometric information accessible to the public must have a retention schedule and policy for permanently destroying biometric information. Additionally, there are restrictions on how a private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person's or a customer's biometric identifier or biometric information. Most importantly, this law requires obtaining written consent prior to collecting biometric information as the law provides a private right of action for anyone injured under the Act. 

Lanton Law’s technology practice which includes biometrics and privacy issues, has been monitoring the Illinois Biometric Information Privacy Act for some time. We have posted several blogs addressing this issue as companies continue to evolve biometrics into the business models. As 2021 unfolds we confidently believe that legislative and regulatory oversight will increase leading to more litigation that fine tunes points left unanswered about this emerging field. 

We at Lanton Law can help. Our legal and policy tools can help offer your organization a clear path forward to navigate what will be changing policies for technology stakeholders. Contact us today to discuss your options.