What You Need to Know About the Instagram BIPA Settlement

Instagram - BIPA Settlement - Illinois

Heads up: This page may include affiliate links. Read the full disclosure.

If you are a resident of Illinois and use Instagram, you may have received an email titled “Notice of Class Action and Proposed Settlement.”

The email states that if you used Instagram in Illinois between August 10, 2015, and August 16, 2023, you may be entitled to a payment from a settlement over alleged violations of BIPA.

In this article, we will discuss what BIPA is, how Instagram allegedly violated the privacy rights of residents of Illinois, and what this settlement means for you.

Disclaimer: The information in this article is provided for awareness purposes only and should not be construed as legal advice. Consult your attorney for legal matters.

What is BIPA?

The Biometric Information Privacy Act (BIPA) is a privacy law that protects the privacy of residents of Illinois by prohibiting the collection of biometric information unless certain requirements are met.

Biometric information is any information based on an individual’s biometric identifier.

Illinois Privacy - BIPA - Instagram

Biometric identifiers can include retina scans, fingerprints, voiceprints, hand scans, or face geometry. Biometric identifiers are usually considered very sensitive information as, unlike email addresses or phone numbers, they cannot be changed once breached.

BIPA requires companies to do the following before collecting biometric information:

  1. Create a written policy that establishes how long biometric information will be retained and how it will be permanently destroyed once it is no longer needed;
  2. Inform the individual that biometric information is collected and/or stored;
  3. Inform the individual of the specific purpose and length of term for which the biometric identifier is collected;
  4. Receive a written release from the individual to collect and store their biometric information.

BIPA applies to any entity that collects and possesses the biometric information of residents of Illinois and allows individuals to sue companies directly for violations, making it a privacy law that is highly litigated.

In addition, fines for BIPA violations start at $1,000 per violation.

For example, if an app such as Instagram collected the biometric information of an individual 30 times, the fine would be calculated at $1,000 multiplied by 30, leading to high fine amounts.

How did Instagram violate BIPA?

The lawsuit and settlement allege that Instagram violated BIPA by collecting the biometric information of residents of Illinois without meeting the requirements of BIPA.

Since there is very little documentation available for the lawsuit itself, it is unclear which requirements of BIPA were actually breached.

It is important to note that in the settlement, Instagram denies all wrongdoing or liability of any kind. However, the lawsuit was settled for $68.5 million instead of choosing to continue the lawsuit in court.

What should you do if you used Instagram?

BIPA - Instagram Illinois Settlement

If you have used Instagram during the relevant period and received the notice, you have a few decisions to make.

First, you could submit a claim form. If you do so and the settlement is approved, you may receive payment. The deadline to file the claim is September 27, 2023.

The second option is to exclude yourself from the settlement. If you exclude yourself from the settlement, you will not be compensated.

The third option is to object to the Court if you do not like the settlement.

The fourth option is to go to a hearing to speak to the Court as to whether or not the settlement is fair.

The final option is to do nothing. If you do nothing, you will not receive a payment and will not be able to sue Instagram for the same infringement.

What does this settlement mean?

The $68.5 million settlement illustrates the fact that companies are increasingly being held accountable for violations of privacy laws. And, it also illustrates that violating privacy laws can have expensive consequences for companies.

As a consumer, whether or not you choose to exercise your rights with regard to this settlement, you should also be aware of the fact that large companies collect sensitive information and do not always protect it in the way that they should, so you should be aware of this fact when choosing what platforms to use in the future.

Looking for something?

Privacy laws apply to businesses that collect personal information. Since no personal information is collected by the MainWP plugins, no privacy laws apply to the MainWP plugins. This includes GDPR, UK DPA 2018, PIPEDA, Australia Privacy Act 1988, LGPD, PIPL, and other privacy laws.
Donata Stroink-Skillrud
Donata Stroink-Skillrud
President of Agency Attorneys

Your Download Is Just One Click Away

…or just download the plugin.

By entering your email, you agree to our Terms of Service and Privacy Policy.