Privacy & Cybersecurity Law Blog

On April 1, 2026, the U.S. Court of Appeals for the Seventh Circuit held that the 2024 amendment to Illinois’ Biometric Information Privacy Act (“BIPA”), limiting damages, applies retroactively to pending cases. The ruling in Clay v. Union Pacific Railroad Company, Docket No. 25-2185 (7th Cir. 2026), represents a major win for businesses defending claims under BIPA.

The Illinois legislature amended BIPA in August 2024 to clarify that repeated collection of the same person’s biometric data using the same method counts as a single violation, rather than one violation per scan. This meant that plaintiffs were entitled to a single recovery per statutory subsection violated, rather than having damages multiply with every fingerprint or facial recognition scan. However, the amendment did not expressly provide whether this damages limitation applied retroactively, triggering a split among lower courts in pending cases.

The Seventh Circuit reasoned that the 2024 amendment was remedial, not substantive, because it limited recoverable damages without changing the underlying right to sue, and, therefore, applied retroactively. As a result, plaintiffs can no longer seek per‑scan damages for repeated biometric collections involving the same person and method. The ruling significantly reduces potential damages in existing BIPA class actions.