Rosenbach v. Six Flags Entertainment Corp.

Annotate this Case
Justia Opinion Summary

The Biometric Information Privacy Act, 740 ILCS 14/1, imposes restrictions on how private entities collect, retain, disclose and destroy biometric identifiers, including retina or iris scans, fingerprints, voiceprints, scans of hand or face geometry, or biometric information. Under the Act, any person “aggrieved” by a violation of its provisions “shall have a right of action … against an offending party” and “may recover for each violation” the greater of liquidated damages or actual damages, reasonable attorney fees and costs, and any other relief, including an injunction, that the court deems appropriate. Six Flags Great America amusement park sells repeat-entry passes that use a fingerprinting process. The plaintiff alleged that she bought a season pass for her minor son, who was fingerprinted while on a school field trip, and that she had not been previously informed of, nor consented to, the process. She alleges that, although her son has not returned to the Park, Six Flags retains the biometric information. Reversing the appellate court, the Illinois Supreme Court held that one qualifies as an “aggrieved” person and may seek liquidated damages and injunctive relief pursuant to the Act even if he has not alleged some actual injury or adverse effect, beyond a violation of his rights under the statute.

Download PDF
2019 IL 123186 IN THE SUPREME COURT OF THE STATE OF ILLINOIS (Docket No. 123186) STACY ROSENBACH, as Mother and Next Friend of Alexander Rosenbach, Appellant, v. SIX FLAGS ENTERTAINMENT CORPORATION et al., Appellees. Opinion filed January 25, 2019. CHIEF JUSTICE KARMEIER delivered the judgment of the court, with opinion. Justices Thomas, Kilbride, Garman, Burke, Theis, and Neville concurred in the judgment and opinion. OPINION ¶1 The Biometric Information Privacy Act (Act) (740 ILCS 14/1 et seq. (West 2016)) imposes numerous restrictions on how private entities collect, retain, disclose and destroy biometric identifiers, including retina or iris scans, fingerprints, voiceprints, scans of hand or face geometry, or biometric information. Under the Act, any person “aggrieved” by a violation of its provisions “shall have a right of action *** against an offending party” and “may recover for each violation” the greater of liquidated damages or actual damages, reasonable attorney fees and costs, and any other relief, including an injunction, that the court deems appropriate. Id. § 20. The central issue in this case, which reached the appellate court by means of a permissive interlocutory appeal pursuant to Illinois Supreme Court Rule 308 (eff. Jan. 1, 2016), is whether one qualifies as an “aggrieved” person and may seek liquidated damages and injunctive relief pursuant to the Act if he or she has not alleged some actual injury or adverse effect, beyond violation of his or her rights under the statute. The appellate court answered this question in the negative. In its view, “a plaintiff who alleges only a technical violation of the statute without alleging some injury or adverse effect is not an aggrieved person” within the meaning of the law. (Emphasis in original.) 2017 IL App (2d) 170317, ¶ 23. We granted leave to appeal (Ill. S. Ct. R. 315(a) (eff. Nov. 1, 2017)) and now reverse and remand to the circuit court for further proceedings. ¶2 BACKGROUND ¶3 The question the appellate court was asked to consider in this case arose in the context of a motion to dismiss pursuant to section 2-615 of the Code of Civil Procedure (Code) (735 ILCS 5/2-615 (West 2016)). We therefore take the following well-pleaded facts from the complaint and accept them as true for purposes of our review. Cochran v. Securitas Security Services USA, Inc., 2017 IL 121200, ¶ 11. ¶4 Six Flags Entertainment Corporation and its subsidiary Great America LLC own and operate the Six Flags Great America amusement park in Gurnee, Illinois. Defendants sell repeat-entry passes to the park. Since at least 2014, defendants have used a fingerprinting process when issuing those passes. As alleged by the complaint, their system “scans pass holders’ fingerprints; collects, records and stores ‘biometric’ identifiers and information gleaned from the fingerprints; and then stores that data in order to quickly verify customer identities upon subsequent visits by having customers scan their fingerprints to enter the theme park.” According to the complaint, “[t]his makes entry into the park faster and more seamless, maximizes the time pass holders are in the park spending money, and eliminates lost revenue due to fraud or park entry with someone else’s pass.” -2- ¶5 In May or June 2014, while the fingerprinting system was in operation, Stacy Rosenbach’s 14-year-old son, Alexander, visited defendants’ amusement park on a school field trip. In anticipation of that visit, Rosenbach had purchased a season pass for him online. Rosenbach paid for the pass and provided personal information about Alexander, but he had to complete the sign-up process in person once he arrived at the amusement park. ¶6 The process involved two steps. First, Alexander went to a security checkpoint, where he was asked to scan his thumb into defendants’ biometric data capture system. After that, he was directed to a nearby administrative building, where he obtained a season pass card. The card and his thumbprint, when used together, enabled him to gain access as a season pass holder. ¶7 Upon returning home from defendants’ amusement park, Alexander was asked by Rosenbach for the booklet or paperwork he had been given in connection with his new season pass. In response, Alexander advised her that defendants did “it all by fingerprint now” and that no paperwork had been provided. ¶8 The complaint alleges that this was the first time Rosenbach learned that Alexander’s fingerprints were used as part of defendants’ season pass system. Neither Alexander, who was a minor, nor Rosenbach, his mother, were informed in writing or in any other way of the specific purpose and length of term for which his fingerprint had been collected. Neither of them signed any written release regarding taking of the fingerprint, and neither of them consented in writing “to the collection, storage, use sale, lease, dissemination, disclosure, redisclosure, or trade of, or for [defendants] to otherwise profit from, Alexander’s thumbprint or associated biometric identifiers or information.” ¶9 The school field trip was Alexander’s last visit to the amusement park. Although he has not returned there since, defendants have retained his biometric identifiers and information. They have not publicly disclosed what was done with the information or how long it will be kept, nor do they have any “written policy made available to the public that discloses [defendants’] retention schedule or guidelines for retaining and then permanently destroying biometric identifiers and biometric information.” -3- ¶ 10 In response to the foregoing events, Rosenbach, acting in her capacity as mother and next friend of Alexander (see 755 ILCS 5/11-13(d) (West 2016)), brought this action on his behalf in the circuit court of Lake County. 1 The action seeks redress for Alexander, individually and on behalf of all other similarly situated persons, under the Act (740 ILCS 14/1 et seq. (West 2016)), which, as noted at the outset of this opinion, provides that any person “aggrieved” by a violation of the Act’s provisions “shall have a right of action *** against an offending party” and “may recover for each violation” the greater of liquidated damages or actual damages, reasonable attorney fees and costs, and any other relief, including an injunction, that the court deems appropriate (id. § 20). ¶ 11 The complaint, as amended, is in three counts. Count I seeks damages on the grounds that defendants violated section 15(b) of the Act (id. § 15(b)) by (1) collecting, capturing, storing, or obtaining biometric identifiers and biometric information from Alexander and other members of the proposed class without informing them or their legally authorized representatives in writing that the information was being collected or stored; (2) not informing them in writing of the specific purposes for which defendants were collecting the information or for how long they would keep and use it; and (3) not obtaining a written release executed by Alexander, his mother, or members of the class before collecting the information. Count II requests injunctive relief under the Act to compel defendants to make disclosures pursuant to the Act’s requirements and to prohibit them from violating the Act going forward. Count III asserts a common-law action for unjust enrichment. ¶ 12 Defendants sought dismissal of Rosenbach’s action under both sections 2-615 and 2-619 of the Code (735 ILCS 5/2-615, 2-619 (West 2016)) in a combined motion filed pursuant to section 2-619.1 (id. § 2-619.1). As grounds for their motion, defendants asserted that one of the named defendants had no relation to the facts alleged, that plaintiff had suffered no actual or threatened injury and therefore 1 Although Stacy Rosenbach has been referred to as the plaintiff in these proceedings, that is not technically accurate. Alexander is the plaintiff. Rosenbach is his next friend. A next friend of a minor is not a party to the litigation but simply represents the real party, who, as a minor, lacks capacity to sue in his or her own name. See Blue v. People, 223 Ill. App. 3d 594, 596 (1992). During oral argument, counsel for Rosenbach confirmed that she appears here solely on behalf of her son and asserts no claim for herself. -4- lacked standing to sue, and that plaintiff’s complaint failed to state a cause of action for violation of the Act or for unjust enrichment. ¶ 13 Following a hearing, and proceeding only under section 2-615 of the Code, the circuit court denied the motion as to counts I and II, which sought damages and injunctive relief under the Act, but granted the motion as to count III, the unjust enrichment claim, and dismissed that claim with prejudice. ¶ 14 Defendants sought interlocutory review of the circuit court’s ruling under Illinois Supreme Court Rule 308 (eff. Jan. 1, 2016) on the grounds that it involved a question of law as to which there is substantial ground for a difference of opinion and that an immediate appeal might materially advance the ultimate termination of the litigation. The following two questions of law were identified by the circuit court: (1) “[w]hether an individual is an aggrieved person under §20 of the Illinois Biometric Information Privacy Act, 740 ILCS 14/20, and may seek statutory liquidated damages authorized under §20(l) of the Act when the only injury he alleges is a violation of §l5(b) of the Act by a private entity who collected his biometric identifiers and/or biometric information without providing him the required disclosures and obtaining his written consent as required by §15(b) of the Act,” and (2) “[w]hether an individual is an aggrieved person under §20 of the Illinois Biometric Information Privacy Act, 740 ILCS 14/20, and may seek injunctive relief authorized under §20(4) of the Act, when the only injury he alleges is a violation of §15(b) of the Act by a private entity who collected his biometric identifiers and/or biometric information without providing him the required disclosures and obtaining his written consent as required by §15(b) of the Act.” ¶ 15 The appellate court granted review of the circuit court’s order and answered both certified questions in the negative. In its view, a plaintiff is not “aggrieved” within the meaning of the Act and may not pursue either damages or injunctive relief under the Act based solely on a defendant’s violation of the statute. Additional injury or adverse effect must be alleged. The injury or adverse effect need not be pecuniary, the appellate court held, but it must be more than a “technical violation of the Act.” 2017 IL App (2d) 170317, ¶ 28. -5- ¶ 16 Rosenbach petitioned this court for leave to appeal. Ill. S. Ct. R. 315 (eff. Nov. 1, 2017). We allowed her petition and subsequently permitted friend of the court briefs to be filed in support of her position by the Electronic Privacy Information Center and by a consortium of groups including the American Civil Liberties Union, the Center for Democracy and Technology, and the Electronic Frontier Foundation. See Ill. S. Ct. R. 345 (eff. Sept. 20, 2010). The court also permitted the Restaurant Law Center and Illinois Restaurant Association, the Internet Association, and the Illinois Chamber of Commerce to file friend of the court briefs in support of defendants. ¶ 17 ANALYSIS ¶ 18 Because this appeal concerns questions of law certified by the circuit court pursuant to Illinois Supreme Court Rule 308 (eff. Jan. 1, 2016), our review is de novo. Rozsavolgyi v. City of Aurora, 2017 IL 121048, ¶ 21. De novo review is also appropriate because the appeal arose in the context of an order denying a section 2-615 motion to dismiss (Marshall v. Burger King Corp., 222 Ill. 2d 422, 429 (2006)) and its resolution turns on a question of statutory interpretation (Eads v. Heritage Enterprises, Inc., 204 Ill. 2d 92, 96 (2003)). ¶ 19 The Biometric Privacy Information Act (740 ILCS 14/1 et seq. (West 2016)), on which counts I and II of Rosenbach’s complaint are founded, was enacted in 2008 to help regulate “the collection, use, safeguarding, handling, storage, retention, and destruction of biometric identifiers and information.” Id. § 5(g). The Act defines “biometric identifier” to mean “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.” Id. § 10. “Biometric information” means “any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual.” Id. It is undisputed that the thumbprint collected by defendants from Rosenbach’s son, Alexander, when they processed his season pass constituted a biometric identifier subject to the Act’s provisions and that the electronically stored version of his thumbprint constituted biometric information within the meaning of the law. ¶ 20 Section 15 of the Act (id. § 15) imposes on private entities such as defendants various obligations regarding the collection, retention, disclosure, and destruction of biometric indentifiers and biometric information. Among these is the following: -6- “(b) No private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person’s or a customer’s biometric identifier or biometric information, unless it first: (1) informs the subject or the subject’s legally authorized representative in writing that a biometric identifier or biometric information is being collected or stored; (2) informs the subject or the subject’s legally authorized representative in writing of the specific purpose and length of term for which a biometric identifier or biometric information is being collected, stored, and used; and (3) receives a written release executed by the subject of the biometric identifier or biometric information or the subject’s legally authorized representative.” Id. § 15(b). ¶ 21 These provisions are enforceable through private rights of action. Specifically, section 20 of the Act provides that “[a]ny person aggrieved by a violation of this Act shall have a right of action in a State circuit court or as a supplemental claim in federal district court against an offending party.” Id. § 20. Section 20 further provides that “[a] prevailing party may recover for each violation: (1) against a private entity that negligently violates a provision of this Act, liquidated damages of $1,000 or actual damages, whichever is greater; (2) against a private entity that intentionally or recklessly violates a provision of this Act, liquidated damages of $5,000 or actual damages, whichever is greater; (3) reasonable attorneys’ fees and costs, including expert witness fees and other litigation expenses; and (4) other relief, including an injunction, as the State or federal court may deem appropriate.” Id. ¶ 22 As noted earlier in this opinion, Rosenbach’s complaint alleges that defendants violated the provisions of section 15 of the Act when it collected her son’s -7- thumbprint without first following the statutorily prescribed protocol. For the purposes of this appeal, the existence of those violations is not contested. The basis for defendants’ current challenge is that no other type of injury or damage to Rosenbach’s son has been alleged. Rosenbach seeks redress on her son’s behalf and on behalf of a class of similarly situated individuals based solely on defendants’ failure to comply with the statute’s requirements. In defendants’ view, that is not sufficient. They contend that an individual must have sustained some actual injury or harm, apart from the statutory violation itself, in order to sue under the Act. According to defendants, violation of the statute, without more, is not actionable. ¶ 23 While the appellate court in this case found defendants’ argument persuasive, a different district of the appellate court subsequently rejected the identical argument in Sekura v. Krishna Schaumburg Tan, Inc., 2018 IL App (1st) 180175. We reject it as well, as a recent federal district court decision correctly reasoned we might do. In re Facebook Biometric Information Privacy Litigation, 326 F.R.D. 535, 545-47 (N.D. Cal. 2018). ¶ 24 We begin our analysis with basic principles of statutory construction. When construing a statute, our primary objective is to ascertain and give effect to the legislature’s intent. That intent is best determined from the plain and ordinary meaning of the language used in the statute. When the statutory language is plain and unambiguous, we may not depart from the law’s terms by reading into it exceptions, limitations, or conditions the legislature did not express, nor may we add provisions not found in the law. Acme Markets, Inc. v. Callanan, 236 Ill. 2d 29, 37-38 (2009). ¶ 25 Defendants read the Act as evincing an intention by the legislature to limit a plaintiff’s right to bring a cause of action to circumstances where he or she has sustained some actual damage, beyond violation of the rights conferred by the statute, as the result of the defendant’s conduct. This construction is untenable. When the General Assembly has wanted to impose such a requirement in other situations, it has made that intention clear. Section 10a(a) of the Consumer Fraud and Deceptive Business Practices Act (815 ILCS 505/10a(a) (West 2016)) is an example. To bring a private right of action under that law, actual damage to the plaintiff must be alleged. Oliveira v. Amoco Oil Co., 201 Ill. 2d 134, 149 (2002); Haywood v. Massage Envy Franchising, LLC, 887 F.3d 329, 333 (7th Cir. 2018). -8- ¶ 26 In contrast is the AIDS Confidentiality Act (410 ILCS 305/1 et seq. (West 2016)). There, the legislature authorized private rights of action for monetary relief, attorney fees, and such other relief as the court may deem appropriate, including an injunction, by any person “aggrieved” by a violation of the statute or a regulation promulgated under the statute. Id. § 13. Proof of actual damages is not required in order to recover. Doe v. Chand, 335 Ill. App. 3d 809, 822 (2002). ¶ 27 Section 20 of the Act (740 ILCS 14/20 (West 2016)), the provision that creates the private right of action on which Rosenbach’s cause of action is premised, clearly follows the latter model. In terms that parallel the AIDS Confidentiality Act, it provides simply that “[a]ny person aggrieved by a violation of this Act shall have a right of action in a State circuit court or as a supplemental claim in federal district court against an offending party.” Id. ¶ 28 Admittedly, this parallel, while instructive (Hartney Fuel Oil Co. v. Hamer, 2013 IL 115130, ¶ 25), is not dispositive. Separate acts with separate purposes need not, after all, define similar terms in the same way. Rather, “ ‘the same word may mean one thing in one statute and something different in another, dependent upon the connection in which the word is used, the object or purpose of the statute, and the consequences which probably will result from the proposed construction. [Citations.]’ ” People v. Ligon, 2016 IL 118023, ¶ 26 (quoting Mack v. Seaman, 113 Ill. App. 3d 151, 154 (1983)). Accepted principles of statutory construction, however, compel the conclusion that a person need not have sustained actual damage beyond violation of his or her rights under the Act in order to bring an action under it. ¶ 29 As with the AIDS Confidentiality Act, the Act does not contain its own definition of what it means to be “aggrieved” by a violation of the law. Where, as here, a statutory term is not defined, we assume the legislature intended for it to have its popularly understood meaning. Likewise, if a term has a settled legal meaning, the courts will normally infer that the legislature intended to incorporate that established meaning into the law. People v. Johnson, 2013 IL 114639, ¶ 9. Applying these canons of construction, it is clear that defendants’ challenge to Rosenbach’s right to bring suit on behalf of her son is meritless. ¶ 30 More than a century ago, our court held that to be aggrieved simply “means having a substantial grievance; a denial of some personal or property right.” Glos v. -9- People, 259 Ill. 332, 340 (1913). A person who suffers actual damages as the result of the violation of his or her rights would meet this definition of course, but sustaining such damages is not necessary to qualify as “aggrieved.” Rather, “[a] person is prejudiced or aggrieved, in the legal sense, when a legal right is invaded by the act complained of or his pecuniary interest is directly affected by the decree or judgment.” (Emphasis added.) Id. ¶ 31 This understanding of the term has been repeated frequently by Illinois courts and was embedded in our jurisprudence when the Act was adopted. See American Surety Co. v. Jones, 384 Ill. 222, 229-30 (1943); In re Estate of Hinshaw, 19 Ill. App. 2d 239, 255 (1958); In re Estate of Harmston, 10 Ill. App. 3d 882, 885 (1973); Greeling v. Abendroth, 351 Ill. App. 3d 658, 662 (2004). We must presume that the legislature was aware of that precedent and acted accordingly. See People v. Cole, 2017 IL 120997, ¶ 30. ¶ 32 The foregoing understanding of the term is also consistent with standard definitions of “aggrieved” found in dictionaries, which we may consult when attempting to ascertain the plain and ordinary meaning of a statutory term where, as here, the term has not been specifically defined by the legislature. In re M.I., 2016 IL 120232, ¶ 26. Merriam-Webster’s Collegiate Dictionary, for example, defines aggrieved as “suffering from an infringement or denial of legal rights.” Merriam-Webster’s Collegiate Dictionary 25 (11th ed. 2006). Similarly, the leading definition given in Black’s Law Dictionary is “having legal rights that are adversely affected.” Black’s Law Dictionary 77 (9th ed. 2009). This is therefore the meaning we believe the legislature intended here. ¶ 33 Based upon this construction, the appellate court’s response to the certified questions was incorrect. Through the Act, our General Assembly has codified that individuals possess a right to privacy in and control over their biometric identifiers and biometric information. See Patel v. Facebook Inc., 290 F. Supp. 3d 948, 953 (N.D. Cal. 2018). The duties imposed on private entities by section 15 of the Act (740 ILCS 14/15 (West 2016)) regarding the collection, retention, disclosure, and destruction of a person’s or customer’s biometric identifiers or biometric information define the contours of that statutory right. Accordingly, when a private entity fails to comply with one of section 15’s requirements, that violation constitutes an invasion, impairment, or denial of the statutory rights of any person - 10 - or customer whose biometric identifier or biometric information is subject to the breach. Consistent with the authority cited above, such a person or customer would clearly be “aggrieved” within the meaning of section 20 of the Act (id. § 20) and entitled to seek recovery under that provision. No additional consequences need be pleaded or proved. The violation, in itself, is sufficient to support the individual’s or customer’s statutory cause of action. ¶ 34 In reaching a contrary conclusion, the appellate court characterized violations of the law, standing alone, as merely “technical” in nature. 2017 IL App (2d) 170317, ¶ 23. Such a characterization, however, misapprehends the nature of the harm our legislature is attempting to combat through this legislation. The Act vests in individuals and customers the right to control their biometric information by requiring notice before collection and giving them the power to say no by withholding consent. Patel, 290 F. Supp. 3d at 953. These procedural protections “are particularly crucial in our digital world because technology now permits the wholesale collection and storage of an individual’s unique biometric identifiers—identifiers that cannot be changed if compromised or misused.” Id. at 954. When a private entity fails to adhere to the statutory procedures, as defendants are alleged to have done here, “the right of the individual to maintain [his or] her biometric privacy vanishes into thin air. The precise harm the Illinois legislature sought to prevent is then realized.” Id. This is no mere “technicality.” The injury is real and significant. ¶ 35 This construction of the law is supported by the General Assembly’s stated assessment of the risks posed by the growing use of biometrics by businesses and the difficulty in providing meaningful recourse once a person’s biometric identifiers or biometric information has been compromised. In enacting the law, the General Assembly expressly noted that “[b]iometrics are unlike other unique identifiers that are used to access finances or other sensitive information. For example, social security numbers, when compromised, can be changed. Biometrics, however, are biologically unique to the individual; therefore, once compromised, the individual has no recourse, is at heightened risk for identity theft, and is likely to withdraw from biometric-facilitated transactions.” 740 ILCS 14/5(c) (West 2016). - 11 - The situation is particularly concerning, in the legislature’s judgment, because “[t]he full ramifications of biometric technology are not fully known.” Id. § 5(f). ¶ 36 The strategy adopted by the General Assembly through enactment of the Act is to try to head off such problems before they occur. It does this in two ways. The first is by imposing safeguards to insure that individuals’ and customers’ privacy rights in their biometric identifiers and biometric information are properly honored and protected to begin with, before they are or can be compromised. The second is by subjecting private entities who fail to follow the statute’s requirements to substantial potential liability, including liquidated damages, injunctions, attorney fees, and litigation expenses “for each violation” of the law (id. § 20) whether or not actual damages, beyond violation of the law’s provisions, can be shown. ¶ 37 The second of these two aspects of the law is as integral to implementation of the legislature’s objectives as the first. Other than the private right of action authorized in section 20 of the Act, no other enforcement mechanism is available. It is clear that the legislature intended for this provision to have substantial force. When private entities face liability for failure to comply with the law’s requirements without requiring affected individuals or customers to show some injury beyond violation of their statutory rights, those entities have the strongest possible incentive to conform to the law and prevent problems before they occur and cannot be undone. Compliance should not be difficult; whatever expenses a business might incur to meet the law’s requirements are likely to be insignificant compared to the substantial and irreversible harm that could result if biometric identifiers and information are not properly safeguarded; and the public welfare, security, and safety will be advanced. That is the point of the law. To require individuals to wait until they have sustained some compensable injury beyond violation of their statutory rights before they may seek recourse, as defendants urge, would be completely antithetical to the Act’s preventative and deterrent purposes. ¶ 38 In sum, defendants’ contention that redress under the Act should be limited to those who can plead and prove that they sustained some actual injury or damage beyond infringement of the rights afforded them under the law would require that we disregard the commonly understood and accepted meaning of the term “aggrieved,” depart from the plain and, we believe, unambiguous language of the - 12 - law, read into the statute conditions or limitations the legislature did not express, and interpret the law in a way that is inconsistent with the objectives and purposes the legislature sought to achieve. That, of course, is something we may not and will not do. Solich v. George & Anna Portes Cancer Prevention Center of Chicago, Inc., 158 Ill. 2d 76, 83 (1994); Exelon Corp. v. Department of Revenue, 234 Ill. 2d 266, 275 (2009). ¶ 39 CONCLUSION ¶ 40 For the foregoing reasons, we hold that the questions of law certified by the circuit court must be answered in the affirmative. Contrary to the appellate court’s view, an individual need not allege some actual injury or adverse effect, beyond violation of his or her rights under the Act, in order to qualify as an “aggrieved” person and be entitled to seek liquidated damages and injunctive relief pursuant to the Act. The judgment of the appellate court is therefore reversed, and the cause is remanded to the circuit court for further proceedings. ¶ 41 Certified questions answered. ¶ 42 Appellate court judgment reversed. ¶ 43 Cause remanded. - 13 -
Primary Holding

A plaintiff qualifies as an “aggrieved” person and may seek liquidated damages and injunctive relief pursuant to the Biometric Information Privacy Act even if he has not alleged some actual injury or adverse effect, beyond the violation of his rights under the statute.


Disclaimer: Justia Annotations is a forum for attorneys to summarize, comment on, and analyze case law published on our site. Justia makes no guarantees or warranties that the annotations are accurate or reflect the current state of law, and no annotation is intended to be, nor should it be construed as, legal advice. Contacting Justia or any attorney through this site, via web form, email, or otherwise, does not create an attorney-client relationship.

Some case metadata and case summaries were written with the help of AI, which can produce inaccuracies. You should read the full case before relying on it for legal research purposes.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.