Ill. Supreme Ct. Rules 5-Year Statute of Limitations Applies to Biometric Privacy Claims
Plaintiffs have five years to file claims to allege violations of the Illinois Biometric Privacy Act, the state Supreme Court ruled Thursday, rejecting arguments by business advocates that a one-year statute of limitations should apply.
In a 5-0 decision, the high court reversed a Court of Appeals ruling that held a one-year statute of limitations applies to portions of the act that deal with “publication of matter violating the right of privacy,” but the standard five-year limit applies to other types of violations.
The opinion says “we find that applying two different limitations periods or time-bar standards to different subsections … of the Act would create an unclear, inconvenient, inconsistent, and potentially unworkable regime as it pertains to the administration of justice for claims under the Act.”
Jorome Tims filed a class-action action complaint against his former employer, Black Horse Carriers, alleging that the company violated the Biometric Privacy Act by recording his fingerprints to use as authentication for its time clock. The law, passed in 2008, prohibits businesses from collecting biometric data such as facial geometry, retina images and fingerprints without permission. Organizations that receive permission are required to establish written policies regarding storage and use of the materials.
Tims worked for Black Horse from June 2017 to January 2018. He filed the lawsuit in March 2019. Black Horse argued that the case should be dismissed because Section 13-201 of the Illinois Code of Civil Procedure establishes a one-year statute of limitations for “actions for slander, libel or for publication of matter violating the right of privacy.”
The Cook County Circuit Court ruled that the state’s catch-all five-year statute of limitations for civil complaints, contained in Section 13-205, applies.
Although the lawsuit was not resolved, Black Horse appealed on the statute-of-limitations question. The Illinois 1st District Appellate Court ruled that the one-year statute of limitations didn’t apply to Tims’ lawsuit because there was no allegation that Black Horse published the data it collected.
However, the appellate court held that a one-year statute of limitations does apply to portions of the Biometric Privacy Act that deal with publications, which are subsections 15(c) and 15(d).
That ruling caught the attention of the state’s major employer groups, who saw an opportunity to greatly limit the number of lawsuits that can be filed. The law allows penalties of up to $1,000 per violation, or $5,000 for reckless or intentional violations. What counts as a “violation” has not been resolved, but most lawsuits filed so far assert that each individual whose privacy rights were intruded upon counts as a violation, according to an analysis by the Jackson|Lewis law firm.
The Illinois Chamber of Commerce, the Illinois Trial Lawyers Association, the National Employment Lawyers Association/Illinois, and the Employment Law Clinic filed amicus briefs with the Supreme Court.
The Chamber argued that the one-year statute of limitations should apply to all of the subsections in the Biometric Privacy Act because all of them deal with the public disclosure of private facts.
“Like privacy torts that involve publication, the Privacy Act ‘protects a secrecy interest — here the right of an individual to keep his personal identifying information like fingerprints secret,'” the Chamber’s brief states, quoting a 2021 Supreme Court decision.
The Supreme Court opinion says it agreed that a one-year statute of limitations “could” apply to two subsections of the Privacy Act, but that would not comport with legislative intent. Courts routinely apply the five-year limit on statutes that contain no specific limitations period, the court said. Defamation claims that involve publication have short limitations periods because “aggrieved individuals are expected to become quickly apprised of the injury and act just as quickly when their reputation has been publicly compromised,” the opinion says.
“In contrast, the full ramifications of the harms associated with biometric technology is unknown, and absent the Act’s protections, it is unclear when or if an individual would discover evidence of the disclosure of his or her biometrics in violation of the Act,” the opinion says.
The high court reversed, in part, the appellate court and remanded the case to the Circuit Court for further proceedings.
- Changing the Focus of Claims, Data When Talking About Nuclear Verdicts
- PE Firm Cornell Sued Over $345 Million Instant Brands Dividend
- US High Court Declines Appeal, Upholds Coverage Ruling on Treated Wood
- T-Mobile’s Network Breached as Part of Chinese Hacking Operation