Seventh Circuit: BIPA Amendment Cuts Liability with Retroactive Impact
The Seventh Circuit ruled the BIPA 2024 amendment applies retroactively, cutting liabilities.
Why it matters: This ruling significantly lowers potential financial liabilities for businesses handling biometric data and requires firms to reassess compliance strategies to align with the updated damage cap provisions.
- The Seventh Circuit ruled on April 1, 2026, to apply the BIPA amendment retroactively.
- BIPA caps damages at $5,000 for intentional violations; $1,000 for negligent ones.
- The ruling lowers multi-million dollar penalty risks, reversing district court decisions.
- Retroactive application provides clearer legal frameworks for ongoing class actions.
The U.S. Court of Appeals for the Seventh Circuit resolved a significant legal question on April 1, 2026, by confirming that the amendment to the Biometric Information Privacy Act (BIPA) made in 2024 applies retroactively. This ruling directly impacts a large number of ongoing class actions and potential liabilities for numerous businesses handling biometric data, such as fingerprint and facial recognition (LexBlog).
The 2024 amendment introduces a structured cap on damages—$5,000 for intentional violations and $1,000 for negligent ones. Establishing these caps as remedial clarifies the financial exposure firms might face, significantly reducing the risk of facing exorbitant penalties. For instance, in the case of Reginald Clay against Union Pacific Railroad Co., involving around 1,500 fingerprint scans, the maximum potential liability dropped from a projected $7.5 million to $7.5 million capped (FindLaw).
This decision reverses earlier district court rulings that interpreted the amendment as substantive rather than remedial, necessitating businesses to adapt their legal strategies to this significant change. Companies must now reassess compliance requirements with the updated framework, which streamlines previously complex and potentially crippling financial liabilities (Duane Morris).
In aligning future compliance strategies, businesses should evaluate how this retroactive application mitigates past potential liabilities, ensuring ongoing and future biometric data collection aligns with these clarified legal standards (Paul Hastings).
By the numbers:
- $5,000 — The cap on damages for intentional BIPA violations.
- $1,000 — The cap on damages for negligent BIPA violations.
- 1,500 — Fingerprint scans involved in the Clay vs. Union Pacific case.