Tanning Tiff: Illinois Supreme Court Clarifies Duty to Defend BIPA Claims | Polsinelli
In a long-awaited case in Illinois’ highest court, judges recently found that an insurer’s commercial liability policy requires it to defend a lawsuit alleging breaches of privacy law. Illinois Biometric Information (“BIPA”). West Bend Mut. Ins. Co. v. Krishna Schaumburg Tan, Inc., 2021 IL 125978 (Illinois, May 20, 2021). While the court’s opinion focuses on the specific language of the policy, the ruling reinforces key principles and concepts supporting insurance coverage (indemnity and defense) under Illinois law.
In the underlying lawsuit, a tanning salon boss sued alleging that the salon violated BIPA by scanning his and other customers’ fingerprints without consent and by disclosing their credentials and biometric information to a supplier. third. Upon receipt of the complaint, the tanning salon presented the claim to its insurer asking for a defense. The insurance company issued a reservation of rights letter stating that it believed the commercial liability policy did not cover the lawsuit and therefore the insurer had no obligation to defend itself. In turn, the carrier brought a declaratory judgment action against the tanning salon as well as the plaintiff claiming that he had no obligation to defend the lawsuit. On counterclaims for summary judgment, the court of first instance rendered judgment for the tanning salon. The first level appeals court then upheld.
Illinois Supreme Court appeal
On appeal to the Illinois Supreme Court, the insurance company argued that its policy did not cover BIPA’s alleged claims because (1) the tanning salon did not release private information to the large public, thereby failing to inflict a covered injury, and (2) the policy expressly excluded statutory violations. Like the lower courts, the Illinois Supreme Court rejected both of these arguments.
First, the court set out Illinois law with respect to the construction of insurance contracts, namely the Illinois rulings recognizing that insurance contracts are interpreted to give effect to the intentions of the parties and, if they are ambiguous, should be interpreted against the insurer who drafted the policy. The court then looked at the specific terms of the carrier’s policies to determine whether the allegations in the complaint alleged a covered claim that the company caused the complainant personal or publicity harm and whether the sharing of biometric information was a publication of material that violated the right to privacy. Although the policy defines the terms “personal injury” and “advertising injury”, it does not define the terms “publication” or “right to privacy”. Since the policies did not define “publication” and the “right to privacy”, the tribunal considered various definitions in dictionaries, treatises and other secondary sources. The court concluded that the term “publication” has several definitions; therefore, the term is ambiguous and strictly interpreted against the policy drafted by the insurer. With respect to the term “right to privacy,” the court relied on court opinions and dictionary definitions to determine that it includes typical privacy rights such as the right to to be left alone and to protect a person from disclosure of information about himself. The court found that the Illinois legislature designed the BIPA to protect an individual’s right to privacy of their biometric identifiers as well as to prevent such information from being collected and released without consent.
After interpreting the terms of the policy that were found to be ambiguous, the court considered whether the allegations in the complaint fell within the terms of the policy. First, the court found that the complaint alleged that the plaintiff suffered emotional disturbances, mental anguish and distress as a result of the collection and dissemination of biometric information, which falls under policy. Second, the court found that “posting” occurs when information is shared with only one party, thereby concluding that the complaint sufficiently alleges that when the company shared the customer’s information with its seller, that action potentially fell within the purview of the claimant. the definition of the term publication. within politics. Finally, the court ruled that because the BIPA codifies a person’s right to confidentiality of identifiers and biometric information, the complaint’s allegations that the company collected the fingerprints and shared them with the third-party provider potentially fall under the term “right to privacy” in the insurer’s policy. Therefore, the court ruled that the carrier had an obligation to defend the company under the policies in question.
Finally, the court rejected the insurer’s argument that a policy exclusion for violating the laws prohibited coverage. The court reviewed the section of the policy titled “Violation of Laws Governing Email, Fax, Phone Call or Other Methods of Sending Material or Information”. The policy provision referred to two federal statutes that regulate methods of communication, the Telephone Consumer Protection Act, 47 USC §227, and the CAN-SPAM Act of 2003, 15 USC §7701. The court concluded that since the policy wording was intended to exclude coverage of alleged violations of the law involving various methods of communication, the exclusion applied to bar BIPA claims. The Court ruled that the BIPA does not regulate methods of communication but rather regulates the collection, use, safeguarding, handling, storage, retention and destruction of identifiers and biometric information. In addition, the wording “other than” in the provisions of the policy did not extend to claims under the BIPA. The court followed the doctrine of ejusdem generis to conclude that BIPA is different from the TCPA and the CAN-SPAM Act, so that the exclusion of the policy would not be interpreted as extending to BIPA claims. And, to the extent that the expression “other than” could be regarded as ambiguous, the court held that it should also be interpreted in favor of the conclusion of a cover for the insured.
Therefore, the court concluded that the exclusion did not apply and that the carrier therefore had a duty to defend the alleged BIPA claims. The court did not resolve whether the police also provided compensation for any verdicts or settlements of such BIPA claims.
This decision provided useful details for policyholders and insurers. While the court’s opinion was limited to the policy at issue, the court’s approach and decisions should help alleviate the uncertainty surrounding insurance coverage for the new and growing phenomenon of BIPA liability, both by under Illinois law and jurisdictions, such as New York, that are actively considering similar legislative protection for biometric privacy. With the potential financial exposure of BIPA claims, the nature and extent of insurance coverage available will continue to be a strategic threshold consideration and a potential issue as these cases progress, in Illinois and elsewhere in the world. United States.