This blog has been cross-posted on the Global Privacy Watch site.

Anyone following trends in consumer class action litigation will know that consumer privacy was a primary focus of the plaintiff’s bar in 2023. And there are no signs this uptick in consumer privacy claims is slowing any time soon. Although the claims center around use of tracking technology or analytics functions on consumer facing websites, several different statutes and claims have been asserted, including violations of state wiretap statutes and the Video Privacy Protection Act (“VPPA”).  

Although these cases are largely at the motion to dismiss stage, and therefore there is little insight into how certain key defenses will play out, some recent decisions surrounding VPPA claims have shifted the landscape in certain defendant’s favor.

The VPPA provides that “a video tape service provider who knowingly discloses, to any person, personally identifiable information concerning any consumer of such provider shall be liable to the aggrieved person.” 18 U.S.C. 2701(b)(1). That is, a video tape service provider cannot knowingly disclose, without the consent of the consumer, his or her personal video viewing information, to a third party. In these class actions, plaintiffs are alleging that if a website they visit to watch a video has a tracking pixel embedded in its code, the visitor’s video viewing information will be disclosed to the third party associated with that pixel without the visitor’s consent. If this activity is deemed a violation of the VPPA, the plaintiff stands to recover $2,500 per violation. In a class action where the class members are visitors to a website, the exposure can be in the tens of millions, if not higher.

There are, however, some limitations in the statute as to who can sue and be sued, and recent case decisions have been helpful to clarify those limits, particularly in the context of who is a video tape service provider and who is a consumer.

Definition of Video Tape Service Provider narrowed

In Carrol v. General Mills, Inc., the plaintiff filed a putative class action against General Mills for violation of the VPPA. The plaintiff alleged he had purchased and eaten General Mills products in the past and had downloaded the General Mills mobile app. 2023 WL 6373868, *1 (C.D. Cal. Sept. 1, 2023). He then used the mobile app to watch a video titled “Today’s Experiment, Carbonation Baking.”  Id. According to the plaintiff, because the General Mills app has pixel tracking technology installed and he watched the video while he was simultaneously logged into the site, the pixel caused information about the video he watched to be disclosed to the site without his consent. Id. On the motion to dismiss, the court made a few key findings that resulted in the dismissal of the plaintiff’s VPPA claim. First, the court analyzed the definition of Video Tape Service Provider (“VTSP”), which is “any person engaged in the business, in or affecting interstate or foreign commerce, of rental, sale, or delivery of prerecorded video cassette tapes or similar audio visual materials.”  Id. at *3.  The court found that based on the allegations, General Mills could not be found to be “engaged in the business” of delivering selling or renting audio visual material. Id. Specifically, the court stated where the allegations “do no more than show that videos are part of General Mills’ marketing and brand awareness” and do not indicate that the videos themselves are profitable, there is not enough to say that General Mills is a VTSP. Id.

Second, the court considered whether the plaintiff qualified as a consumer for purposes of a VPPA claim. A consumer is defined as “any renter, purchaser, or subscriber of goods or services from a video tape service provider.”  18 U.S.C. 2701(a)(1). The court rejected the idea that the plaintiff could be a consumer by alleging that he had purchased and eaten General Mills products in the past. Id. at *4. Rather, the court found that the goods and services rented, purchased, or subscribed to must be the audiovisual materials. Id.in other words, “a customer’s non-video transaction plays no part.”  Id. Thus, because the plaintiff failed to allege that General Mills was a VTSP or that he was a consumer, the court granted the motion to dismiss.

Definition of Consumer narrowed

Another defense-friendly development in the VPPA case law relates to the definition of subscriber. In many cases, plaintiffs allege that subscribing to a newsletter, app, or having an account with a defendant is enough to establish plaintiff is a consumer under the VPPA. There have been a string of recent decisions across the country interpreting subscriber to be much narrower. In particular courts have found that where the allegations cannot link the subscription to any kind of special access to video content the plaintiff is not a consumer within the meaning of the statute. Lamb v. Forbes Media LLC, 2023 WL 6318033, *13 (S.D.N.Y. Sept. 28, 2023); Brown v. Learfield Communications LLC, No. 23-cv-00374 (W.D. Tex. Jan. 29. 2024); Pileggi v. Washington Newspaper Publishing Co., 2024 WL 324121, 10 (D.D.C. Jan. 29. 2024). In the Brown case, because the plaintiffs did not allege that their “status as a newsletter subscriber was a condition to accessing the site’s videos, or that it enhanced or in any way affected their viewing experience, they had not alleged he was a subscriber of video content. Likewise, the Pileggi court found that “merely alleging that she visited the Washington Examiner website and watched videos on that site, wholly separate from her newsletter subscription breaks the link between the service to which she was a subscriber and her assessing of audio-visual content” which was fatal to her claim.

These decisions narrow the scenarios under which a valid VPPA claim can be brought and lessen the potential risk that any website operator with any video content is a potential target.

This blog is cross-posted on The Global Privacy Watch blog site as well.

Throughout much of 2023, businesses found themselves in a challenging position as they continued to grapple with defending against Illinois Biometric Information Privacy (BIPA) class action lawsuits. The year began on a somber note with the Illinois Supreme Court delivering unfavorable decisions on two pivotal threshold matters. However, rays of hope emerged when the same court issued two favorable decisions, one affirming union preemption, and another concerning medical exemptions under BIPA. These welcomed developments provided a reprieve for businesses contending with the longstanding challenges posed by the statute. As we navigate the complexities of BIPA, it becomes crucial for businesses to recognize and consider the various exemptions embedded within the legislation—many of which have proven effective in legal defenses over the past few years.

Procedural History of BIPA

Enacted in 2008, BIPA regulates the collection, use, and handling of biometric identifiers and information by private entities. After a relatively quiet period spanning nearly a decade, the statute experienced a significant surge in activity following the landmark decision in Rosenbach v. Six Flags (2019 IL 123186). This ruling established that a plaintiff need not plead actual harm or injury resulting from an alleged BIPA violation to seek relief under the Act. Subsequently, more than 1,500 BIPA lawsuits have been filed in Illinois.

The statute, having been largely untested before Rosenbach, gave rise to a series of critical threshold matters in the years that followed, many of which proved unfavorable for Illinois businesses. For instance, in early 2022, the Illinois Supreme Court, in McDonald v. Symphony (2022 IL 126511), decided that the Illinois Workers’ Compensation Act did not preempt BIPA. Approximately a year ago, the Illinois Supreme Court issued two highly anticipated decisions. First, in Tims v. Black Horse Carriers (2023 IL 127801), the Court held that the “catch-all” five-year statute of limitation under 735 ILCS 5/13-205 applies to all BIPA claims, as opposed to the one-year limitation period provided under 735 ILCS 5/13-201. Two weeks later, in Cothron v. White Castle (2023 IL 128004), the Court held that a claim under BIPA accrues each time a person scans or otherwise transmits biometric information.

While the White Castle decision initially reverberated through Illinois businesses facing potential exposure under BIPA, a careful examination of the ruling offers guidance and optimism for businesses navigating their defenses. At a point where many in the plaintiffs’ bar were ready to seize on separate $1,000 (negligent) or $5,000 (reckless/intentional) statutory damages for each scan, the high court reminded and acknowledged that a trial court has the power to fashion a damage award that fairly compensates the class and deters future violations without destroying a defendant’s business. 2023 IL 128004, ¶ 42. The majority seems to advocate for a sensible approach to damages under the statute, recognizing necessity for robust incentives for compliance while emphasizing that “the General Assembly chose to make damages discretionary rather than mandatory under the Act” and underscoring that “there is no language in the Act suggesting legislative intent to authorize a damage award that would result in the financial destruction of a business.” Id.

Although the majority’s decision held that a statute should be adopted “even though the consequences may be harsh, unjust, absurd or unwise,” id. ¶ 40, the Illinois Supreme Court, like state and federal courts throughout the country, has applied a contrary rule known as “the absurdity doctrine,” which holds: “[w]e will not make any determination that will construe an act of the legislature so as to lead to absurd, inconvenient or unjust consequences.” Loyola Academy v. S&S Roof Maintenance, Inc., 146 Ill. 2d 263, 273 (1992), citing McCastle v. Sheinkop, 121 Ill. 2d 188, 193 (1987); see also Evans v. Cook County State’s Attorney, 2021 IL 125513, ¶ 27 (“Statutes must be construed to avoid absurd or unjust results.”) (emphasis added), citing People v. Hamma, 207 Ill. 2d 486, 498 (2003). Citing this fundamental rule of statutory construction, the dissenting opinion in Cothron argued that the legislature could not have intended to impose punitive, crippling liabilities on businesses “wildly exceeding any remotely reasonable estimate of harm.” Cothron, ¶ 63. In response, the majority held that the risk of such “absurd” consequences is overblown. Accordingly, the most reasonable interpretation of Cothron’s holding is not that it embraces or invites absurd results, but that it requires trial courts applying BIPA’s non-mandatory damages provision to fashion appropriate remedies that are fair, equitable and suited to the circumstances of each case. The majority also makes clear that such damages should be tailored to deter future violations “without destroying defendant’s business.” Id., ¶ 42.

The White Castle decision firmly underscores the discretionary nature of damages under BIPA, emphasizing the importance of proportionality. However, Illinois businesses shouldn’t hold out hope that a jury will be so mindful. In recent years, businesses have achieved success by strategically leveraging applicable exemptions, and the Illinois Supreme Court’s recent recognition for certain exemptions, further underscores the need for businesses in Illinois to thoroughly explore every available avenue for exemptions. Therefore, it’s imperative for Illinois businesses to meticulously examine and leverage any relevant exemptions to navigate the challenging landscape of BIPA.

Health Care Worker Medical Exemption

At the end of 2023, the Illinois Supreme Court issued a rarity – a favorable decision for Illinois medical providers defending against BIPA lawsuits. On November 30, 2023, the high court delivered a long-awaited ruling in Mosby v. The Ingalls Memorial Hospital (2023 IL 129081), providing clarity on the protection status of biometric information collected from health care workers under BIPA. The case addressed certified questions relating to whether (1) BIPA applies to health care workers (as opposed to patients) and whether, more narrowly, (2) biometric information collected from a health care worker, when utilized for purposes related to health care treatment, payment, or operations as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), falls within BIPA’s purview. Id., ¶ 1. Answering both certified questions in the affirmative, the Court’s decision established that when health care worker data is gathered for HIPAA-defined health care activities, it is exempt from BIPA protection. Id., ¶ 59.

In Mosby, nurses brought forth a putative class action, alleging that their biometric information was collected for identification purposes before administering medication to patients through use of an automated medication dispensary system. Id., ¶ 5. Both the trial court and the Illinois Appellate Court had previously determined that these collections were subject to BIPA, contending that BIPA’s exclusions for activities “under HIPAA” were primarily designed to safeguard patient data, not data pertaining to health care workers. Id., ¶¶ 7-8.

BIPA’s relevant exception states: “Biometric identifiers do not include information captured from a patient in a health care setting or information collected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996.” Id., ¶ 35. The Court, reversing the trial and appellate courts, applied principles of statutory construction, and emphasized that the use of the term “information” at the beginning of both phrases, separated by the disjunctive “or,” implied legislative intent to exclude two distinct categories of information. Id., ¶¶ 41-42, 52. Furthermore, the Court clarified that the term “under HIPAA” defined the scope of “health care treatment, payment, or operations” and that these terms pertained to activities performed by health care providers, not patients. Id., ¶ 53.

Nevertheless, the Court emphasized that it did not establish a sweeping, categorical exclusion of biometric identifiers from health care workers. Id., ¶ 57. Instead, the exclusion applied only when such information was collected for health care treatment, payment, or operations under HIPAA. Id. The extent to which lower courts will interpret and apply the Mosby decision, particularly in contexts beyond medication dispensing (i.e. time clock medical cases), remains a topic for future debate, and potentially another appellate review.

Union Exemption

Last year, the Illinois Supreme Court also gave employers a favorable decision when it decided that Section 301 of the Labor Management Relations Act (LMRA) preempts BIPA claims brought by bargaining unit employees covered by a collective bargaining agreement (CBA) where there is a broad management rights clause.

In Walton v. Roosevelt University (2023 IL 128338), the plaintiff alleged that he was required to scan biometric identifiers for timekeeping without being given notice and providing written consent, as required under BIPA. The trial court rejected Roosevelt University’s argument that the plaintiff’s claims were preempted by Section 301 of the LMRA. The Illinois Appellate Court reversed the trial court, relying on a 2021 Seventh Circuit BIPA decision in Fernandez v. Kerry, Inc., 14 F.4th 644, 646 (7th Cir. 2021), and explained that “when the employer invokes a broad management rights clause from a [CBA] in response to a [BIPA] claim, the claim is preempted because it requires an arbitrator to determine whether the employer and the union bargained about the issue or the union consented on the employees’ behalf.” See 2022 IL App (1st) 210011, ¶ 19.

Affirming the appellate court’s decision, the Illinois Supreme Court held that, “[g]iven the language in the CBA and the LMRA, it is both logical and reasonable to conclude any dispute [under BIPA] must be resolved according to federal law and the agreement between the parties. Therefore . . . we defer to the uniform federal case law on this matter and find that when an employer invokes a broad management rights clause from a CBA in response to a [BIPA] claim brought by bargaining unit employees, there is an arguable claim for preemption. Accordingly, because we do not believe the federal decisions were wrongly decided, and here the CBA contained a broad management rights clause, we find Walton’s [BIPA] claims are preempted by the LMRA.”

Although the ruling doesn’t entirely prohibit a BIPA claim by a bargaining unit employee under a CBA, Walton confirms the legitimacy of a preemption defense for employers who have established CBAs with expansive management rights clauses that may encompass mandated actions pertaining to BIPA claims. In such cases, employee claims under BIPA must adhere to the procedures specified in the relevant CBA, potentially involving individual private arbitration rather than class-wide proceedings.

Virtual Try-On Medical Exemption

As the plaintiffs’ bar continued to find creative ways to move beyond time clock BIPA cases, one trend included targeting businesses offering virtual try-on features for consumers to try various products at home, including glasses and makeup, through the use of a consumer’s computer or phone camera. But in September 2022, the court held in Svoboda v. Frames for America, Inc. (2022 WL 4109719 (N.D. Ill. Sept. 8, 2022)), that BIPA did not regulate the virtual try-on tool in this instance because it fell under the statute’s health care exemption.

Frames for America, Inc., which operates FramesDirect.com (an online platform selling prescription and non-prescription eyewear), offered a virtual feature on its website that allowed consumers to digitally try on glasses or sunglasses. The plaintiff alleged that Frames for America utilized software to scan a consumer’s facial geometry from a uploaded photograph and then digitally superimposed the eyewear on the consumer’s face. Id. at *1. Applying the same crucial exemption as in Mosby, the court dismissed the plaintiff’s complaint, reasoning that she qualified as a “patient receiving a health care service in a health care setting” when using the virtual try-on tool. Id. at *3. Even though the plaintiff did not seek medical treatment, consult an eye doctor, or make a purchase during the virtual try-on experience (id. at *1), the court concluded that “prescription lenses, non-prescription sunglasses, and frames meant to hold prescription lenses are all Class 1 medical devices.” Id. at *2. Consequently, the court held that the plaintiff “would have received a health care service had she purchased the glasses….” Id. Drawing an analogy, the court equated the virtual try-on feature in this case to services offered in optometrists’ offices. Id.

Illinois businesses providing a virtual try-on tool must meticulously assess the applicability of the medical exemption, particularly in situations where a potential connection can be argued between the product offered and a medical service. This careful analysis is crucial to navigate the complex regulatory landscape and ensure compliance, or exemption, with relevant statutes.

State Contractor Exemption

BIPA explicitly states that private entities that are “a contractor, subcontractor, or agent of a State or local unit of government when working for that State agency or local unit of government” are not subject to its mandates. (BIPA, Section 25(e)). While the exemption for state contractors under Section 25(e) has not been extensively explored by reviewing courts, the sole appellate decision addressing this provision, in Enriquez v. Navy Pier, Inc., clarifies that an entity qualifies for exemption if it meets three criteria: (1) it is a contractor, (2) of a unit of government, and (3) was working for that unit of government when collecting or disseminating biometric information. 2022 IL App (1st) 211414-U, ¶ 19, appeal denied, 201 N.E.3d 582 (Ill. 2023).

This interpretation aligns with previous rulings by trial courts, as exemplified in Thornley v. CDW-Government, LLC, 2022-CH-04246 (Cir. Ct. Cook Cty., Ill. June 25, 2001). The court in Thornley dismissed a class action lawsuit, reasoning that Section 25(e) of BIPA is straightforward and unambiguous. According to the court, the term “working” is commonly understood to mean “relating to or designating one that works,” leading to the conclusion that Section 25(e) applies to “one whom a state agency or local unit of government engages to … provide services….” The appellate court’s ruling in Enriquez not only affirms this interpretation but also provides a comprehensive analysis and a clear roadmap for businesses contracted to provide services for a state agency or local unit of government seeking to assert a defense under BIPA.

Financial Institution Exemption

According to Section 25(c) of BIPA, the provisions of the Act do not apply “in any manner to a financial institution or an affiliate of a financial institution that is subject to Title V of the federal Gramm-Leach-Bliley Act of 1999 [GLBA] and the rules promulgated thereunder.” In a notable 2022 case, DePaul University successfully had a BIPA class action lawsuit dismissed by invoking this financial institution exemption. The plaintiff had alleged that the university violated BIPA by using an online remote proctoring tool that purportedly captured, collected, and stored plaintiff’s biometric information. Powell v. DePaul Univ., 2022 WL 16715887, at *1 (N.D. Ill. Dec. 6, 2022).

DePaul University argued that its participation in U.S. Department of Education’s Federal Student Aid Program qualified it as a financial institution under the GLBA. Id. Supporting its stance, DePaul highlighted the acknowledgment by both the Federal Trade Commission (FTC) and the Department of Education that universities fall under the definition of financial institutions as per the GLBA. Id. Moreover, DePaul emphasized that rulemaking authority for Title V lies with the Consumer Financial Protection Bureau, which adopted and republished the privacy rules initially promulgated by the FTC. Id. at *2. According to the FTC rules, any institution “significantly engaged in financial activities” is considered a financial institution. Id. The court sided with DePaul, concluding that BIPA’s Section 25(c) applies to higher education institutions. The court was swayed by DePaul’s reliance on the FTC’s consistent and reasoned interpretation of the GLBA it administers. Id.

Despite being in the context of higher education, this decision should prompt any Illinois business facing BIPA claims to carefully analyze its reporting obligations and affiliations to determine whether they are in fact subject to Title V of the GLBA, and/or the rules promulgated thereunder.


Aside from analyzing compliance with and exposure under BIPA, Illinois businesses should be mindful of the everchanging landscape of the statute as lawsuits continue to progress. Businesses falling short of compliance standards should thoroughly examine whether any applicable BIPA exemptions may provide relief.

For further information, or to initiate a comprehensive review and audit of your BIPA compliance, feel free to reach out to Kristine Argentine, National Chair of Seyfarth Shaw’s Consumer Class Action Defense Practice Group, or Paul Yovanic, a seasoned BIPA litigator and counselor within the practice group.

With so many companies being hauled into court in California based on claims that the functionalities on their website and use of service providers for marketing or analytics purposes violate consumer privacy rights, it is important to exhaust all possible defenses available to defendants. Late last year, the Ninth Circuit issued a ruling upholding a dismissal based on a lack of personal jurisdiction over a web-based payment company. Companies operating interactive websites may be able to take advantage of this ruling as part of their defense strategy in 2024.

In Briskin v. Shopify, Inc., the plaintiff sued Shopify in California in a putative class action alleging that its collection, retention, and use of consumer data obtained from persons who made online purchases violated various California privacy and unfair competition laws. 87 F.4th 404 (9th Cir. Nov. 28, 2023). The district court dismissed plaintiff’s complaint based on a lack of specific jurisdiction over the defendant, and the Ninth Circuit affirmed. Id.

The plaintiff conceded that there was no general jurisdiction over Shopify because it was neither incorporated nor maintained a principal place of business in California, but argued that Shopify was subject to specific jurisdiction based on its contractual relationships with California merchants, its operation of one physical location in California, and its knowledge that California residents were being potential injured based on the allegations. Id. at 409-10. The Ninth Circuit conducted an in-dept analysis of specific jurisdiction as it relates to claims that involve interactive websites. The court noted that in order for specific jurisdiction to exist, the defendant must either purposefully direct its activities toward the forum or the claim must be one that arises out of or relates to the defendant’s forum related activities. Id. at 411. The court found that while Shopify committed an intentional act and caused harm it knew was likely to be suffered in the forum state, there was no conduct which Shopify “expressly aimed at the forum state” to create specific jurisdiction. Id. at 412.

In conducting this analysis, the court isolated the activities relevant to the specific jurisdiction analysis: Shopify’s alleged collection, retention and use of consumer data obtained from online purchases processed through its platform. Id. at 415. Thus, the key issue was whether Shopify’s web-based processing service is expressly aimed at California in any way. Id. The court relied on precedent involving out-of-state interactive websites finding those cases to be the most analogous to this “novel” issue. Id. at 415-20. The court noted that operation of an interactive website does not, by itself, establish express aiming but there must be something more. Id. at 418. That is, “when the website is the only jurisdictional contact, [the] analysis turns on whether the site had a forum specific focus or the defendant exhibited an intent to cultivate an audience in the forum” such as through the platform itself having a forum-specific aim, evidence showing that the website appeals to an audience of a particular state, or that the website actively targeted the forum in some way.  Id. at 418-20. In reaching its conclusion, the Ninth Circuit agreed that Shopify’s web payment platform did not have a forum specific focus and is indifferent to the location of the merchant or the end-consumer. Id. at 422-23. While Shopify benefits from consumers who are present in California, that alone does not answer the purposeful direction question because it does not demonstrate “express aiming.”  Id. at 423.

The claims alleged in Briskin are similar to those being asserted against hundreds of retailers alleging violations of various privacy laws including the California Invasion of Privacy Act. Thus, similar to Briskin, personal jurisdiction over companies based outside of California but operating an interactive website that is accessible to California residents should be analyzed under a similar specific jurisdiction framework. This is a defense that may be applicable in these cases and could provide defendants with early relief. With no clear direction being taken yet on as to the merits of these privacy claims and no slowdown in the filings of these claims under evolving theories of privacy violations, a successful personal jurisdiction argument could be an important arrow in the defense bar’s quiver.

This week, Seyfarth attorneys from multiple offices will be attending and presenting at the 2023 Association of National Advertisers Masters of Advertising Law Conference in Orlando, Florida.

On Wednesday, Seyfarth Partners Kristine Argentine (Chicago) and Joe Orzano (Boston) will be presenting alongside in-house counsel on a panel covering the “Effective Collaboration Between Legal and Marketing.” The panel will focus on the effective involvement of both in-house and outside counsel in managing the legal risk of advertising and marketing. The discussion will include hot topics in advertising and marketing, and strategies for managing legal risk in collaboration with the marketing team.

Then on Friday, Kristine Argentine and Senior Associate Paul Yovanic (Chicago) will be hosting a roundtable on “Striking the Right Balance: Biometric Privacy In Virtual Try-On Tools.” Paul and Kristine will lead a discussion about the exciting world of virtual try-on tools and the relevant biometric privacy laws that should be considered when implementing the tools. The discussion will include the potential risks associated with the collection and storage of biometric data, as well as the recent legal authority on virtual try-on tools, and how it should guide retailers in their marketing and advertising efforts.

Seyfarth Shaw’s Consumer Class Action and Product Liability groups have achieved a prestigious ranking in the highly regarded Legal 500 United States 2023 edition, solidifying their reputation as one of the nation’s top legal teams. This recognition reaffirms Seyfarth’s unwavering commitment to excellence in Product Liability, Mass Tort, and Class Action law.

The Legal 500 United States guide lauds Seyfarth’s Consumer Class Action and Product Liability practices for their exceptional professionalism and meticulous attention to detail. The guide highlights their ability to consider cost sensitivity while providing insightful advice, ensuring informed clients are ultimately empowered to make decisions with confidence. The guide specifically recognizes the exemplary client service demonstrated by Kristine Argentine, Tom Locke, Joe Orzano, William Prickett, Esther Slater McDonald, Giovanna Ferrari, Aaron Belzer, and Renee Appel.

Renowned for its comprehensive coverage of legal services, The Legal 500 United States is an esteemed and independent guide that offers authoritative assessments of law firms. Its rigorous research conducted over the past 12 months recognizes and rewards outstanding in-house and private practice teams and individuals. The inclusion of Seyfarth Shaw’s Consumer Class Action and Product Liability groups in these rankings reflects their status as trusted authorities in Product Liability, Mass Tort, and Class Action law. Through their unwavering dedication to providing exceptional legal counsel, clear communication, and efficient service, Seyfarth continues to serve as a valuable partner for companies seeking comprehensive Product Liability, Mass Tort, and Class Action service offering and strategic guidance in today’s fiercely competitive business landscape.

Seyfarth Synopsis: The U.S. District Court for the Northern District of Illinois recently denied Plaintiff’s motion to reconsider a prior dismissal of his privacy action due to untimeliness.  In a case titled Bonilla, et al. v. Ancestry.com Operations Inc., et al., No. 20-cv-7390 (N.D. Ill.), Plaintiff alleged that consumer DNA network Ancestry DNA violated the Illinois Right of Publicity Act (“IRPA”) when it uploaded his high school yearbook photo to its website. The Court initially granted Ancestry’s motion for summary judgment, finding Plaintiff’s claims to be time-barred under the applicable one-year limitations period.  Upon reconsideration, Plaintiff  – unsuccessfully – made a first-of-its-kind argument that the Court should apply the Illinois Biometric Privacy Act’s five-year statute of limitations to the IRPA.

Background on the Bonilla Lawsuit

Ancestry DNA, most commonly known for its at-home DNA testing kits, also maintains a robust database of various historical information and images.  One subset of this online database is the company’s “Yearbook Database.”  This portion of the website collects yearbook records from throughout the country and uploads the yearbook contents – including students’ photos – to Ancestry.com.  On June 27, 2019, Ancestry DNA uploaded the 1995 yearbook from Central High School in Omaha, Nebraska to its Yearbook Database.

More than a year later, on December 14, 2020, Plaintiff Sergio Bonilla filed a lawsuit against Ancestry DNA over its publication of the Central High School yearbook. Specifically, Plaintiff Bonilla – a current Illinois resident and former student of Central High School whose picture appeared in Ancestry’s database – alleged that Ancestry DNA improperly publicized his private information without obtaining his consent. Plaintiff’s lawsuit asserted violations of the IRPA, as well as a cause of action for unjust enrichment.  Ancestry DNA filed a motion for summary judgment on the basis that Plaintiff’s action was not brought within the requisite one-year limitations period.  The Court agreed, thereby dismissing Plaintiff’s claims.

Court Denies Plaintiff’s Motion for Reconsideration

After the Illinois Supreme Court’s decision in Tims v. Black Horse Carriers (which held that BIPA is subject to a five-year statute of limitations – read our full summary HERE), Plaintiff filed a motion for reconsideration, contending that the Court should actually apply a five-year limitations period to IRPA actions, like it applies to BIPA.  To that end, Plaintiff emphasized that the IRPA (similar to BIPA) does not itself contain a statute of limitations.  Plaintiff also noted that both the IRPA and BIPA derived from legislative concerns centered on Illinois residents’ right to privacy.  Therefore, according to Plaintiff, the IRPA’s legislative purpose would be best served by applying the catch-all five-year limitations period of 735 ILCS 5/13-205. 

On reconsideration, the Court again rejected Plaintiff’s argument.  In its May 23, 2023 decision, the Court first outlined relevant case law precedent, under which the only courts to address this issue previously held that the IRPA’s applicable statute of limitations is one year.  See Toth-Gray v. Lamp Liter, Inc., No. 19-cv-1327, 2019 WL 3555179, at *4 (N.D. Ill. July 31, 2019); see also Blair v. Nevada Landing P’ship, 859 N.E.2d 1188, 1192 (Ill. App. Ct. 2006). 

The Court then analyzed the Tims decision, which held that, “when the law does not specify a statute of limitations, ‘the five-year limitations period applies’ unless the suit is one for ‘slander, libel or for publication of a matter violating the right of privacy.’”  Here, the Court reasoned that an IRPA action squarely falls within the last category identified by the Court in Tims, as IRPA cases necessarily involve alleged violations of a party’s right to privacy.  Finally, the Court rejected Plaintiff’s contention that Tims controls this situation, instead holding that “[u]nlike the BIPA, the IRPA protects the publication of matters related to the right of privacy and, thus, falls under the one-year statute of limitations.”

Implications for Businesses

This decision establishes a welcome pro-business standard in the Illinois privacy law context.  Notably, the Illinois Supreme Court in Tims rejected the defense bar’s argument that BIPA violations were akin to privacy rights violations and subject to the one-year statute of limitations applicable to IRPA claims.  This Ancestry.com decision holds that the converse also is not true.  It is also the first court to reject expansion of the plaintiff-friendly five-year BIPA statute of limitations to claims beyond BIPA.

Though this decision was issued by an Illinois federal court – rather than the Illinois Supreme Court, which decided the recent Tims and Cothron v. White Castle System BIPA cases – it nonetheless offers some privacy protection for Illinois businesses that post or otherwise aggregate third parties’ content or information.  We will monitor whether defendants are able to expand the Bonilla decision into other related privacy law actions, or if Illinois courts will restrict its holding to actions brought under the IRPA.

For more information about the Illinois Right of Publicity Act, the Illinois Biometric Information Privacy Act, or how this decision may affect your business, contact the authors Danielle Kays and James Nasiri, your Seyfarth attorney, or Seyfarth’s Workplace Privacy & Biometrics Practice Group.

On Tuesday, June 13 at 1:00 p.m. Eastern, Seyfarth attorneys Kristine Argentine, John Tomaszewski, and Paul Yovanic will present at the Association of National Advertisers webinar, “Emerging Issues Surrounding Privacy Class Actions and Compliance in 2023.”

This presentation will cover the recent surge in consumer class actions, compliance considerations, and recent developments in the law related to privacy claims, including TCPA and State Mini-TCPAs, the Video Privacy Protection Act, data breach claims, biometric privacy, and claims related to collection of data through google analytics tools, such as chat functions, pixels, and cookies.

For more information and to register, click here.

On April 3, 2023, the CFPB published a new official statement of policy on the authority that Congress passed in the Consumer Financial Protection Act of 2010 (“CFPA”), codified at 12 U.S.C. § 5536(a)(1)(B), banning “abusive conduct” in connection with the offering or provision of consumer financial products or services.  A copy of the new Policy can be found here. It is broad and tilted heavily in favor of consumers.

This is the CFPB’s second effort at promulgating an official statement of policy on abusive acts and practices. On March 11, 2020, the Consumer Financial Protection Bureau (“CFPB”) announced that it was rescinding its January 24, 2020 policy statement, “Statement of Policy Regarding Prohibition on Abusive Acts and Practices,” which was published four days after the Trump administration ended and the Biden administration began.[1]  The CFPB withdrew its prior policy based upon its finding that, “The 2020 Policy Statement was inconsistent with the Bureau’s duty to enforce Congress’s standard and rescinding it will better serve the CFPB’s objective to protect consumers from abusive practices.”[2]  In doing so, the CFPB announced that, “Going forward, the CFPB intends to exercise its supervisory and enforcement authority consistent with the full scope of its statutory authority under the Dodd-Frank Act as established by Congress.” 

Among the highlights:

Under the CFPA, there are two abusive prohibitions. An abusive act or practice: (1) Materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service; or (2) Takes unreasonable advantage of:

  • A lack of understanding on the part of the consumer of the material risks, costs or conditions of a product or service;
  • The inability of the consumer to protect the interests of the consumer in selecting or using a consumer product or service; or
  • The reasonable reliance by the consumer on a covered person to act in the interests of the consumer.

The Policy states that unlike with unfairness but similar to deception, abusiveness requires no showing of substantial injury to establish liability, but rather is focused on conduct that Congress presumed to be harmful or distortionary to the proper functioning of the market. The Policy cites as examples omissions that obscure, withhold, de-emphasize, render confusing or hide information relevant to the ability of a consumer to understand terms and conditions (including buried disclosures, physical or digital interference, overshading, and other means of manipulating consumers’ understanding). 

Intent is not a required element to show material interference. Terms regarding pricing or costs, limitations on the person’s ability to use or benefit from the product or service, and contractually specified consequences of default are listed as examples of terms of a transaction that are so consequential that when they are not conveyed to people prominently or clearly, it may be reasonable to presume that the entity engaged in acts or omissions that materially interfere with the consumers’ ability to understand. 

A product or service’s complexity may interference with consumers’ ability to understand if the material information about it cannot be sufficiently explained or if the entity’s business model functions in a manner that is inconsistent with its product’s or service’s apparent terms. And even a small advantage may be abusive if it is unreasonable.

When there are gaps in understanding regarding the material risks, costs, or conditions of the entity’s product or service, entities may not take unreasonable advantage of that gap. “Risks” include but are not limited to the consequences or likelihood of default and the loss of future benefits. Gaps in understanding related to “costs” include any monetary charge to a person as well as non-monetary costs such as lost time, loss of use, or reputational harm. And gaps in understanding with respect to “conditions” include any circumstance, context, or attribute of a product or service, whether express or implicit. For example, “conditions” could include the length of time it would take a person to realize the benefits of a financial product or service, the relationship between the entity and the consumer’s creditors, the fact a debt is not legally enforceable, or the processes that determine when fees will be assessed. 

The lack of understanding can be caused by third parties and can exist even when there is no contractual relationship between the person and the entity that takes unreasonable advantage of the person’s lack of understanding. Further, the Policy does not require that the consumer’s lack of understanding was reasonable to demonstrate abusive conduct. Since there can be differences among consumers in the risks, costs, and conditions they face and in their understanding of them, there may be a violation with respect to some consumers even if other consumers do not lack understanding. Congress has outlawed taking unreasonable advantage of circumstances where people lack sufficient bargaining power to protect their interests. Such circumstances may occur at the time of, or prior to, the person selecting the product or service, during their use of the product or service, or both.

The Policy states that the consumer “interests” include monetary and non-monetary interests, including but not limited to property, privacy, or reputational interests. People also have interests in limiting the amount of time or effort necessary to obtain consumer financial products or services or remedy problems related to those products or services. This includes, but is not limited to, the time spent trying to obtain customer support assistance, according to the Policy. The CFPB’s relatively newfound asserted dominion over customer service, now ensconced in a formal statement of policy, is expected to be particularly contentious with the financial services industry.


[1] https://www.consumerfinance.gov/about-us/newsroom/consumer-financial-protection-bureau-rescinds-abusiveness-policy-statement-to-better-protect-consumers/.

[2] Id.

To borrow a few of the words spoken in 1926 by F. Scott Fitzgerald to Ernest Hemingway in a quite distinct context, securities class action mediations “are different than” mediations of most other lawsuits.

One reason for this difference is that securities cases often have very large amounts of money at stake (hundreds of millions or even billions of dollars are commonly claimed). Furthermore, securities actions are governed by a highly complex body of case law from state and federal courts at all levels, including the Supreme Court, as well as pleading requirements, discovery stays, defenses and other special provisions and procedures that are unique to the Securities and Exchange Act of 1934, the Securities Act of 1933 and the Private Securities Litigation Reform Act. Because of the complexity of the analysis of the laws at issue, the parties often find themselves taking quite different views of the strength of the claims made. This combination of large amounts of money at stake and the complexity of laws at issue frequently results in parties whose settlement positions are far apart.

In addition to the size and complexity of securities cases, securities class actions are often “different” from other cases, because of the sheer number of people, usually with conflicting interests, involved in resolving these cases. Securities litigation commonly involves, not only multiple plaintiffs and multiple defendants, but also multiple insurers providing directors and officers (“D&O”) insurance to some or all of the defendants, in appropriate case securities underwriters and in some unusual cases indemnitors of defendants are also parties to the negotiations. Each of these parties may have multifaceted and distinct interests, which vary even between parties which are in the same category of participant, resulting in inconsistent views of what constitutes a fair settlement.

All of these specialized and challenging circumstances often make securities cases at least unusual and sometimes with unique challenges. They also strongly support the conclusion that they are generally easier to settle in mediation with the unbiased expertise of an experienced independent mediator rather than among the parties alone with their disparate viewpoints and goals. Moreover, each securities class action mediation also comes with its own set of unique challenges.

When to Start Thinking about Settlement and the Value of Undertaking an Early Case Assessment

Settlement discussions may occur at any time during the course of a securities case. Most often, however, the parties wait until after a motion to dismiss is filed, fully briefed and ruled upon by the Court before beginning settlement discussions. This is because securities cases have an approximately 50% dismissal rate. For a defendant in particular this is one overriding reason to wait until a motion to dismiss is decided to broach settlement and D&O insurers will often oppose funding a settlement, or even discussing a settlement with the plaintiffs, until the motion to dismiss has been resolved. Most of the cases that are not dismissed eventually settle after the motion to dismiss decision and never make it to trial.

Early Case Analysis

In order to prepare for motions to dismiss, settlement negotiations, mediations and discovery, during the earliest stages of a case (pre-discovery), counsel should learn as much as possible about all available evidence, relevant facts and the applicable law(s) as part of an early case assessment. Whether dealing with motions, evaluating the risks and value of a case or preparing for discovery or a mediation, a total mastery of available facts is essential for counsel to best represent their clients. In addition to helping counsel set realistic expectations for clients and prepare for later stages of litigation, it almost always is helpful to counsel in evaluating whether or when to settle a case or to continue to litigate, including whether and when to engage in mediation.

When conducting an early case assessment, defense counsel should, among other things:

  • Conduct interviews of available individuals;
  • Gather important documents from clients;
  • Engage an expert to conduct a preliminary damages analysis and assist in estimating potential ranges of damages as well as possibly other experts; and
  • Evaluate the impact of a settlement on any parallel proceedings.

Why Mediation?

The securities cases that settle most commonly do so through mediation (98 percent of securities class actions either settle or are dismissed. In large part, because of the multiplicity of parties with differing viewpoints, counsel to any one party will likely find it very difficult, if not impossible, to effectively manage the multi-party simultaneous negotiations necessary to settle most securities cases. This is also in part because counsel is viewed as, and are, advocates for their own client(s). Therefore, the parties almost always engage an independent mediator familiar with securities class actions and the applicable law to help resolve the case.

These mediations are most often presided over by one of a relatively small group of mediators with known expertise in handling mediations of large complex cases and, importantly, a strong understanding of the securities laws.  These successful mediators have self-confidence, are persuasive and can be forceful in expressing their own views of a case’s merits, the risks involved for the parties and fair terms of settlement. These mediators all believe it helps them if the parties are represented by experienced, knowledgeable and reasonable counsel.

An experienced and capable mediator can:

  • Provide expertise, impartiality, and creditability in dealing with the multiplicity of parties with conflicting interests and the complexity of the issues.
  • Help foster constructive consideration by all parties of the many issues and risks existing in a case and emphasize the value for all parties in compromise; and
  • Provide an independent, realistic and knowledgeable view of strengths and weaknesses in each party’s position.

Role of D&O Insurers and Others in Mediation

Insurers frequently face potential liability for claims in securities class actions, and as a result, play a critical role in funding a settlement. These carriers are key participants in settlement discussions, including at mediation.

A defendant company, and directors and officers usually have different types of D&O insurance provided by multiple insurers in separate layers of coverage that are relevant to a particular securities litigation. These layers, often referred to as a tower of insurance, consist of a primary insurance carrier with a policy that covers the first layer of liability (for example, the first $5 million of liability above any retention amount called for by the insurance policy) and successive layers of additional insurance that cover liabilities exceeding the tranche of insurance directly below it. These insurance amounts, including the primary policy and successive layers, add up to the total amount of available insurance.

Insurers in different tranches often disagree among themselves on what is a reasonable settlement due to the varying levels at which policies in an insurance tower come into play and therefore have different risks. Frequently, a mediator is faced with the need to persuade insurers to contribute tens of millions of dollars to resolve a case, despite these wide variations in risk.

Not infrequently, there is also disagreement amongst defendants or amongst plaintiffs about risks and reasonable settlement amounts. And, of course, the plaintiffs and defendants generally strongly disagree with each other on the merits of the case, the facts, the proper interpretation of the law and potential damages.

Sometimes expert witnesses are brought to mediation, most often to opine on the complex issue of how to calculate damages in these cases. Damages experts for plaintiffs and defendants almost always disagree by a significant amount on the quantum of damages. It is not uncommon for lawyers to think that some of the methodology used by some class action damage experts is arcane and/or debatable.

Given the surfeit of parties, the amount at stake and the complexity of applicable law, it is not surprising that only an experienced mediator with some gravitas, common sense, credibility and an understanding of the securities laws has a chance of bringing the many viewpoints of the parties at a mediation to a global resolution.

How Settlement Will Impact Parallel Proceedings and Vice Versa

Counsel should consider the impact that a settlement of one securities case may have on other related litigations or investigations in which their clients are involved. Parallel proceedings can include some combination of regulatory and criminal proceedings (both state and federal) and related additional civil litigation. Depending on the specific facts, procedural posture of the proceedings, and the proposed terms of the resolution, resolving a criminal matter first may hamper a defendant’s ability to defend itself in related civil securities proceedings or vice versa. For example, any admission in a settlement with the SEC or the Department of Justice, could impact ongoing civil litigation. Even if the defendant enters into a settlement on a “neither admit nor deny” basis, it risks affecting the civil case. On the other hand, resolving a civil case first may provide criminal prosecutors with access to discovery they might not have requested or had access to. Nevertheless, it may be advantageous, depending on the facts and circumstances, for a defendant to resolve the civil case, which usually involves voluminous and costly discovery, before dealing with a related regulatory or criminal matter.

When deciding whether to settle one or more of multiple proceedings, defense counsel should consider:

  • The strength of the claims. If a party is defending against weak claims, it may decide to continue litigating some or all of the parallel proceedings.
  • The cost of settlement. It may not be worth settling either case where the opposing party has made an excessively costly settlement demand.
  • Adverse party access to unfavorable facts. Prioritizing the litigation and settlement of one parallel proceeding over another, may give an adverse party access to facts that would otherwise be unavailable or unknown.

The authors would be happy to discuss any questions readers may have on any of the above topics.

This post was originally published as a Seyfarth legal update.

Seyfarth Synopsis: A divided Ninth Circuit Court of Appeals panel has ruled that the Federal Arbitration Act (FAA) preempts California Assembly Bill 51 (AB 51), which purports to prohibit employers from requiring job applicants and workers from signing arbitration pacts. The panel further concluded that AB 51’s criminal penalties are preempted by the FAA. Chamber of Commerce of the U.S. v. Bonta.

Facts

AB 51 subjects employers to criminal misdemeanor charges and civil sanctions for mandating arbitration agreements of certain claims as a condition of employment. The law exclusively focuses on pre-arbitration agreement behavior, but does not bar enforcement of improperly-entered into arbitration agreements.

On December 9, 2019, a collection of trade associations and business groups (collectively, “Chamber of Commerce”) filed a complaint for declaratory and injunctive relief against various California officials (collectively, “California”). The Chamber of Commerce sought a declaration finding that AB 51 is preempted by the FAA, a permanent injunction prohibiting California officials from enforcing AB 51, and a temporary restraining order.

The District Court Decision

The District Court granted a preliminary injunction in favor of the Chamber of Commerce explaining that AB 51 criminalizes only contract formation, but the law does not make the arbitration agreement unenforceable. The authors of AB 51 adopted this approach in an attempt to avoid conflict with Supreme Court precedent, which holds that a state rule that discriminates against arbitration is preempted by the FAA.

In essence, in what turned out to be an unsuccessful attempt to avoid FAA preemption, the California Legislature included a provision in AB 51 that an arbitration agreement would be enforceable even if the employer violated the law by making arbitration mandatory. This resulted in the oddity that an employer could be subject to criminal prosecution and civil penalties for requiring an employee to enter into an arbitration agreement, but the agreement would be enforceable once executed.

Consequently, the District Court granted the motion for a temporary restraining order, and after a hearing, issued a minute order granting the motion for a preliminary injunction. The District Court ruled that the Chamber of Commerce was likely to succeed on the merits of its preemption claim because AB 51 “treats arbitration agreements differently from other contracts,” and “conflicts with the purposes and objectives of the FAA.”

The Ninth Circuit Court of Appeals Decision

The issue on appeal was whether the FAA preempts a state rule that discriminates against the formation of an arbitration agreement, even if that agreement is ultimately enforceable. The panel held that such a rule is preempted by the FAA.

In reaching its decision, the panel applied the principles articulated in U.S. Supreme Court cases Doctor’s Assocs., Inc. v. Casaraotto and Kindred Nursing Ctrs. Ltd. P’ship v. Clark. These cases led the panel to conclude that AB 51’s penalty-based scheme to inhibit arbitration agreements before they are formed violates the “equal-treatment principle” inherent in the FAA, and is the type of device evincing hostility towards arbitration that the FAA was enacted to overcome. In short, AB 51 is preempted by the FAA because one of the FAA’s touchstones is to encourage arbitration, and AB 51 is contrary to this purpose.

In an attempt to save AB 51, California argued that the court could rely on AB 51’s severability clause to eliminate AB 51’s penalties, and then uphold the surviving portions of AB 51. However, the panel rejected this argument, concluding that all provisions of AB 51 work together to burden formation of arbitration agreements.

The sole dissenting judge (sitting by designation from the Tenth Circuit Court of Appeals), argued that the majority nullified a California law codifying what the enactors of the FAA and the U.S. Supreme Court took as a given: arbitration is a matter of contract and agreements to arbitrate must be voluntary and consensual. In support of this position, the judge distinguished AB 51 from state rules previously preempted by the FAA.

What Bonta Means for Employers

Not only does the decision reinforce the strong federal policy favoring arbitration, but the decision suggests that California will ultimately be required to respect the right of private enterprises to require employees to waive their right to go to court over most disputes arising out of employment.

While this is a positive decision for employers, they should bear in mind that the matter will now return to the District Court for a determination on the merits of the Chamber of Commerce’s claims. And, California may seek en banc review of the decision, or request review by the U.S. Supreme Court.