USA – ILLINOIS Trends and Developments Contributed by: Paul Yovanic, Jason Priebe, Ada Dolph and Michael Jacobsen, Seyfarth Shaw LLP
Illinois Privacy Trends and Developments for 2025 In recent years, Illinois has emerged as a key player in the evolving landscape of privacy law, with several groundbreaking developments shaping the protection of personal data. At the forefront of these efforts is the Illinois Biometric Information Privacy Act (BIPA), which has set a high standard for biometric data protection, sparking significant legal attention. The state’s commitment to privacy has expanded to a recent surge in litigation under the Illinois Genetic Infor - mation Privacy Act (GIPA), addressing the deli - cate intersection of genetic data and individual rights. Additionally, Illinois is leading the charge in regulating the use of artificial intelligence (AI) in the workplace, as concerns over employee privacy and algorithmic accountability grow. This article explores these trends, highlighting the legal landscape’s shifting focus on safeguard - ing personal information in an increasingly data- driven world, and includes an analysis of Illinois’ recently proposed omnibus privacy bill. Illinois Biometric Information Privacy Act (BIPA, 740 ILCS 14/ et seq.) Enacted in 2008, BIPA regulates the collection, use, and handling of biometric identifiers and information by private entities. After a relative - ly quiet period spanning nearly a decade, the statute experienced a significant surge in activ - ity following the 2019 landmark decision by the Supreme Court of Illinois in Rosenbach v Six Flags Entertainment Corporation. In Rosenbach, the Court held that a plaintiff need not plead actual harm or injury resulting from an alleged BIPA violation to seek relief under the Act. Sub - sequently, more than 1,500 BIPA lawsuits have been filed in Illinois. While BIPA had been largely untested before Rosenbach, the bevy of lawsuits that followed
gave rise to a series of critical threshold matters for courts of review in Illinois to resolve. Here are the latest BIPA issues that are taking centre stage in 2025. Healthcare exemption for time clocks The definition of “biometric identifier” under BIPA excludes “information captured from a patient in a healthcare setting or information col - lected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996 [HIPAA].” In late 2023, the Illinois Supreme Court held in Mosby v Ingalls Memorial Hospital that alleged biometric information collected by a healthcare provider from its employees – in addition to that collected from patients – could fall within the scope of this “healthcare exemp - tion” when the information is used for purposes related to “health care”, “treatment”, “payment”, or “operations”, as those terms are defined by HIPAA. However, Mosby specifically concerned nurses using a medication dispensing system and its finger-scan device to provide patient care. The case did not concern the more common fact- pattern in which healthcare workers allege viola - tions of BIPA when they are using a timekeeping system with a finger- or hand-scanning device. Since Mosby, Illinois trial courts have been split on whether the Illinois Supreme Court’s ruling extends to this latter context. One view, for instance, has been that the exemption does not apply because HIPAA does not define “health care operations” to extend to a human resource department managing employee payroll or pro - cessing vacation time or sick days, while another has been that the exemption does apply because the provider is collecting and using the alleged biometric data to track employee time so that it can conduct health care operations and receive
559 CHAMBERS.COM
Powered by FlippingBook