When Illinois enacted the Biometric Information Privacy Act in 2008 (BIPA), the concept of “biometric privacy protection” was foreign to many observers. Yet less than 20 years later, consumers are familiar with the concept of biometric privacy and class action plaintiffs’ lawyers have spotted an opportunity. As many other states and cities have enacted (or are in the process of enacting) analogous biometric privacy laws, class actions are likely to increase. And like night follows day, insurers will look for ways to avoid their obligations to cover these claims.
Because Illinois’ BIPA is among the most robust biometric privacy laws in the country, developments related to its interpretation and application are likely to impact the evolution of biometric data-related lawsuits across the nation. Notably, 2022 witnessed the first jury verdict involving allegations of BIPA violations, when a federal jury in Chicago awarded $228 million in damages to railroad workers after finding Burlington Northern & Santa Fe Railroad (BNSF) liable for BIPA violations. Although BNSF intends to appeal, the verdict will no doubt incentivize additional class actions against businesses that collect or use biometric data.
As the number of BIPA cases has grown, so, too, have BIPA-related insurance coverage actions under commercial liability policies. By way of background, commercial general liability insurance policies include coverage under what is known as Coverage B for claims arising out of so-called “personal and advertising” injuries, which include claims resulting from the “oral or written publication of material that violates a person’s right of privacy.” Courts generally have found BIPA-claims fall within this Coverage B. However, in 2022 insurers fought to expand the application of exclusions to Coverage B to preclude coverage for BIPA claims under Illinois law.
Most such litigation has resolved in the policyholder’s favor so far. For example, at least four federal district court opinions in the Northern District of Illinois rejected insurers’ attempts to disclaim coverage under “employment related practices” exclusions applicable to Coverage B, finding such exclusions were—at a minimum—ambiguous as to whether they applied to BIPA claims. Additionally, several federal district courts in Illinois ruled against insurers’ attempts to disclaim coverage under “statutory violation” exclusions, finding that the scope of such exclusions did not extend to BIPA. Federal district courts further repudiated arguments that “access and disclosure” exclusions applied to BIPA claims on grounds that biometric data is fundamentally dissimilar from the “confidential or personal information” to which such exclusions were intended apply.
That said, a handful of federal district courts instead ruled in favor of insurers under certain of these exclusions over the past year. While these isolated opinions appear to be outliers and are limited to the specific policy language at issue, they have muddied the waters and jeopardized policyholders’ ability to receive coverage they paid for at a time when they need increased protection amidst an ever-evolving liability landscape. Policyholders must remain vigilant to ensure they purchase insurance policies that will protect them against BIPA-related liability, as well as analyze the most recent authorities to ensure any coverage arguments align with those opinions that resulted in recovery. It is important to retain experienced coverage counsel to help find the right tools and avoid shoddy results.
Biometric Privacy, BIPA and the Battle for EPLI Policy Coverage
Check Your Policies for Privacy Claim Coverage: New York City’s New Biometrics Law Is Now in Effect
The Duty to Defend a Privacy Claim Arises from Even Limited Publication of Biometric Identifiers