The email states that if you used Instagram in Illinois between August 10, 2015, and August 16, 2023, you may be entitled to a payment from a settlement over alleged violations of BIPA.
In this article, we will discuss what BIPA is, how Instagram allegedly violated the privacy rights of residents of Illinois, and what this settlement means for you.
Disclaimer:The information in this article is provided for awareness purposes only and should not be construed as legal advice. Consult your attorney for legal matters.
What is BIPA?
The Biometric Information Privacy Act (BIPA) is a privacy law that protects the privacy of residents of Illinois by prohibiting the collection of biometric information unless certain requirements are met.
Biometric information is any information based on an individual’s biometric identifier.
Biometric identifiers can include retina scans, fingerprints, voiceprints, hand scans, or face geometry. Biometric identifiers are usually considered very sensitive information as, unlike email addresses or phone numbers, they cannot be changed once breached.
BIPA requires companies to do the following before collecting biometric information:
Create a written policy that establishes how long biometric information will be retained and how it will be permanently destroyed once it is no longer needed;
Inform the individual that biometric information is collected and/or stored;
Inform the individual of the specific purpose and length of term for which the biometric identifier is collected;
Receive a written release from the individual to collect and store their biometric information.
BIPA applies to any entity that collects and possesses the biometric information of residents of Illinois and allows individuals to sue companies directly for violations, making it a privacy law that is highly litigated.
In addition, fines for BIPA violations start at $1,000 per violation.
For example, if an app such as Instagram collected the biometric information of an individual 30 times, the fine would be calculated at $1,000 multiplied by 30, leading to high fine amounts.
How did Instagram violate BIPA?
The lawsuit and settlement allege that Instagram violated BIPA by collecting the biometric information of residents of Illinois without meeting the requirements of BIPA.
Since there is very little documentation available for the lawsuit itself, it is unclear which requirements of BIPA were actually breached.
It is important to note that in the settlement, Instagram denies all wrongdoing or liability of any kind. However, the lawsuit was settled for $68.5 million instead of choosing to continue the lawsuit in court.
What should you do if you used Instagram?
If you have used Instagram during the relevant period and received the notice, you have a few decisions to make.
First, you could submit a claim form. If you do so and the settlement is approved, you may receive payment. The deadline to file the claim is September 27, 2023.
The second option is to exclude yourself from the settlement. If you exclude yourself from the settlement, you will not be compensated.
The third option is to object to the Court if you do not like the settlement.
The fourth option is to go to a hearing to speak to the Court as to whether or not the settlement is fair.
The final option is to do nothing. If you do nothing, you will not receive a payment and will not be able to sue Instagram for the same infringement.
What does this settlement mean?
The $68.5 million settlement illustrates the fact that companies are increasingly being held accountable for violations of privacy laws. And, it also illustrates that violating privacy laws can have expensive consequences for companies.
As a consumer, whether or not you choose to exercise your rights with regard to this settlement, you should also be aware of the fact that large companies collect sensitive information and do not always protect it in the way that they should, so you should be aware of this fact when choosing what platforms to use in the future.
Donata Stroink-Skillrud is an attorney licensed in Illinois and a Certified Information Privacy Professional. She is also the legal engineer behind Termageddon, a SaaS that has generated thousands of Privacy Policies and successfully kept them up to date with changing legislation. Donata is also the Chair of the American Bar Association's ePrivacy Committee and Vice-Chair of the Chicago Bar Association's Cybersecurity and Privacy Committee. Donata is also the past Chair of the Chicago Chapter of the International Association of Privacy Professionals along with being Privacy Liaison for MainWP.
Share
Manage Unlimited WordPress Sites from One Dashboard!
I’d like to extend a special offer to you: By opting for our Yearly Plan, you can achieve significant savings.
When you select our Yearly Plan at just $199 per year, compared to the Monthly Plan at $29 per month, you save $149 over the course of one year. It’s an efficient way to manage your WordPress sites while optimizing your investment.
