In a victory for plaintiffs, the Illinois Supreme Court ruled unanimously Thursday that claims under the Illinois Biometric Information Privacy Act are governed by a five-year, rather than a one-year, statute of limitations.
Defense lawyers, however, say the ruling is likely to have little practical effect, in which case settlements generally already adopt a five-year statute of limitations.
The state Supreme Court, meanwhile, has yet to rule on another landmark BIPA case.
BIPA requires companies that store biometric information to inform the subject in writing that the data is being collected or stored and for what purpose and duration it is being collected. It also requires companies to obtain the subject̵7;s written consent.
The law has led to numerous lawsuits against companies under BIPA, both in Illinois and elsewhere in the country. Illinois remains the only state that allows a private right to speak in biometric cases. The law allows the plaintiff to be awarded $1,000 for each negligent violation, or $5,000 for each willful or reckless violation.
In the case where the state supreme court ruled, Tim’s vs. Black Horse Carriers Inc.had a state appeals court in September 2021 determine that a one-year statute of limitations applies to privacy claims and a five-year period applies to other civil lawsuits under BIPA.
In their ruling, four state Supreme Court justices said the five-year statute of limitations applies across the board because the law does not contain a statute of limitations.
“Illinois courts have routinely applied this five-year limitations period to other statutes that lack a specific statute of limitations,” the ruling said, citing other cases that have issued similar rulings.
“If we apply the same reasoning in the aforementioned cases to the case on trial, we find that, since the law has no statute of limitations of its own; because the subsections are causes of action “not otherwise provided”; and because we must ensure certainty, predictability, and uniformity as to when the statute of limitations expires in each subsection, the statute is subject to the standard found in the Illinois Code of Civil Procedure.
The ruling also said that the General Assembly’s policy concerns are achieved by applying a longer limitation period.
The plaintiff’s attorney i Black horse case, James B. Zouras, of Stephan Zouras LLP in Chicago, issued a statement that said in part, “Today’s decision allows countless victims of biometric privacy abuses to get their day in court.”
He said: “With this verdict, we now look forward to presenting these allegations at trial to a jury.”
Black Horse’s attorney did not respond to a request for comment.
Danielle M. Kays, senior associate at Seyfarth Shaw LLP in Chicago, commented on the ruling, “There’s not a lot of practical impact, just a confirmation of the statute of limitations.”
Jason M. Rosenthal, principal with Much Shelist PC in Chicago, agreed. “I don’t think it’s going to have a significant impact on” the current landscape of cases based on settlements that have been made in those cases, which have adopted a five-year statute of limitations.
Rosenthal said that while the ruling did not go in the companies’ favor, there may be a silver lining to the case, as insurers have in recent years tightened the BIPA-related exclusions in their commercial general liability policies, but establishing a five-year statute of limitations “increases the likelihood because they can have CGL policies that have more favorable language.”
Companies are still awaiting an expected ruling from the Illinois Supreme Court in Latrina Cothron v. White Castle System Inc.on whether BIPA violations occur each time an illegal biometric scan is performed.
Both attorneys said the latest ruling does not provide clues about how the court is likely to rule on the issue Cothran case. Depending on how the court rules, that decision could increase by multiples the damages companies could face, and even result in potential bankruptcies, Rosenthal said.