Recently, lawsuits concerning the collection and use of consumer biometric data have spiked due to the ever-evolving laws and regulations concerning privacy, judicial interpretations that foster more ambiguity than clarity, and, of course, the rapid adoption of various types of biometric technology in everyday business. What stands out about many of these lawsuits, however, is how business can attempt to keep privacy complaints outside the courtroom.
For example, in Rivera v. Google, Inc., the U.S. District Court for the Northern District of Illinois dismissed a data privacy lawsuit against Google involving its photo app. Specifically, the Court held an alleged technical violation of the Illinois Biometric Information Privacy Act (BIPA) was insufficient to demonstrate “concrete injury” for purposes of Article III standing, and thus, subject matter jurisdiction. This ruling casts significant doubt on the enforceability of claims alleging mere technical BIPA violations in federal court, while also demonstrating how corporate defendants can try to challenge the injury-in-fact prong of Article III standing to defeat a wide range of data privacy actions.
