A California federal court has found that a claim asserted under BIPA for an alleged violation of a right to privacy can stand.A legal analysis by Eversheds Sutherland has noted that the California decision in In re:Facebook Biometric Info. Priv. Litig., increases the risks to companies that use biometric information, particularly in that district, and reinforces the need to strictly comply with the requirements of BIPA and other biometric protection statutes.The firm noted in a blog post that BIPA was explicitly enacted to protect the biometric information of Illinois residents by regulating the collection, use, storage, and distribution of such data. Companies must obtain consent from individuals before they obtain biometric information or use it for any purpose. Enacted in 2008, BIPA is the oldest and most punitive of the biometric protection statutes in the United States. It remains the only biometrics law on the books (for now) that provides for a private right of action, statutory damages, and attorneys' fees. It is therefore no surprise that over the last year, plaintiffs' lawyers have filed dozens of putative class actions alleging violations of BIPA, against companies of all sizes, including corporate behemoths like Facebook. More and more states are expected to enact similar biometric protection laws. In the meantime, the recent decision in In re:Facebook will provide plenty of headaches for companies that use Illinois residents' biometric data.In re: Facebook is an amalgam of three separate putative class actions filed against Facebook in Illinois state and federal courts arising from alleged violations of BIPA. The cases were transferred to the Northern District of California and consolidated at the request of the parties. The plaintiffs allege that Facebook did not provide them notice or obtain their consent before collecting their biometric data in the form of their likenesses, in connection with Facebook's “tagging” feature on photographs. Most significantly, the plaintiffs did not allege that they suffered any independent injury or concrete harm as a result of the BIPA violations, but the court nevertheless afforded them Article III standing since they held that the Illinois legislature had “codified a right of privacy in personal biometric information.” The court pointed to the language of BIPA, which focused on protecting the right of individuals to protect their unique-and inherent-personally identifiable information and concluded that violation of that right “is quintessentially an intangible harm that constitutes a concrete injury in fact.”