Last Friday, the Illinois Supreme Court delivered the highly anticipated Rosenbach v. Six Flags Entertainment Corp., 2019 IL 123186, opinion. Businesses and consumers alike watched for the Court’s opinion regarding whether mere technical violations of the Illinois Biometric Information Privacy Act (“BIPA”) gave plaintiffs the requisite standing to seek damages under the statute. The Court heard the case after the Second District Appellate Court of Illinois ruled that an individual was not a “person aggrieved” by a technical violation and several other courts, both state and federal were split over the issue. Rosenbach v. Six Flags Entertainment, 2017 IL App (2d) 170317. In a fairly short opinion, focusing on statutory construction and the common meaning of the word “aggrieved,” the Illinois Supreme Court reversed the Appellate Court. 2019 IL 123186, ¶ 1. The Illinois Supreme Court held that an individual was in fact an “aggrieved person” under the statute where they are unable to show actual damage, but there has been a violation of the statute. The Court held, where there is no actual harm, the individual is entitled to statutory relief for each violation. In short, a technical violation is a violation. The Illinois Supreme Court took a strong stance in that individuals should not have to wait for actual harm with respect to their biometric information and that businesses would lack the requisite motivation to comply with statutes like BIPA without such an interpretation. Continue Reading Illinois Supreme Court’s Rosenbach Ruling Likely to Expand BIPA Litigation
In 2017, the Cayman Islands passed the Data Protection Law (“DPL”), which reads much like the upcoming European Union General Data Protection Regulation (“GDPR”) that goes into effect Mary 25, 2018. The DPL applies to entities falling within the definition of “data controller” who are established in the Islands or who process data in the Islands. The DPL divides data into two categories, personal data and sensitive data. Certain information is exempt from the application of the DPL, such as data processed in connection with a corporate finance service. The DPL gives individuals the right to access their information, object to processing, and the right to request their information be corrected or erased.