Cothron v. White Castle System, Inc.

Case Movement

Case Details

  • Case Status: Decided
  • Docket Number: 128004
  • Category: Privacy


The Illinois Supreme Court will be ruling on whether damages under the Illinois Biometric Information Privacy Act (BIPA) accrue every time an employee scans his fingerprint at work or just for the first violation when the fingerprint information was first recorded. In this case, the employee had to clock in and out using a fingerprint scan. Clearly, it could be ruinous, particularly for a small business, with damages at up to $5,000 per violation, if it is each scan versus the first time when the employer collected the biometric information.

March 3, 2022

The Restaurant Law Center, Retail Litigation Center, and National Retail Federation filed a Motion For Leave to file as amici curiae in support of the defendant-appellant. Our stated position is that BIPA was not designed as a mechanism to expose businesses taking good faith measures to enhance the security of their employees’ information to extraordinary damages—particularly where no one was harmed. Nor was BIPA designed to be a vehicle for entrepreneurial litigants to leverage windfall statutory damages exposure to extract massive settlements. We urge the Illinois Supreme Court to find that claims under BIPA accrue only upon the first scan or first transmission.

February 17, 2023

Regretfully, the Illinois Supreme Court ruled 4-3 in Cothron v. White Castle that plaintiffs could bring Biometric Information Privacy Act (BIPA) claims for every time a fingerprint was scanned, as opposed of just for the first time when the information was collected as we urged them to do in our amicus brief. The court acknowledged that its reading exposes BIPA defendants to catastrophic liability, with White Castle estimating that it now faces damages exceeding $17 billion, but the majority ruled that it was up to the state legislature to revisit and fix BIPA.