The Illinois Supreme Court is reconsidering a motion to dismiss granted by a state appellate court to the defendant, Six Flags of America. The case, Rosenbach v. Six Flags Entertainment Corp., was brought after Six Flags was alleged to have violated Illinois’ Biometric Information Privacy Act (BIPA), having failed to obtain adequate consent from a minor, Alexander Rosenbach, for the collection of his fingerprints, and failing entirely to provide any sort of notice of its processing activities – a requirement mandated under BIPA. In our amicus brief, we make three primary arguments: first, we highlight the particularly sensitive character of biometric data and outline how BIPA’s recognized privacy issues in biometric data collection; second, we argue that both the explicit text and underlying intent of BIPA are designed to address violations of the sort that Six Flags committed; and we discuss the importance of private rights of action for enforcing individuals’ privacy rights under BIPA.
BIPA’s provisions to protect an individual’s biometric information are more relevant today than at any point since the law’s passage one decade ago. Companies’ ability to collect and use biometric data is advancing at a pace that is difficult for the individual to keep track of. BIPA, like many privacy statutes, includes clear and demarcated notice and consent provisions that are essential for citizens to adequately track corporate collection practices. We ask the court to reconsider whether Six Flags’ alleged statutory violation is sufficient to grant Rosenbach standing both in light of the intent of the Illinois legislature in its passing BIPA, and based on what is at stake for an individual’s ability to protect their biometric data if violations such as Six Flags’ are allowed to escape uncontested.
In addition to CDT, the brief has been signed by the American Civil Liberties Union, the ACLU of Illinois, the Chicago Alliance Against Sexual Exploitation, the Electronic Frontier Foundation, Lucy Parsons Labs, and PIRG.