Illinois’ Biometric Information Privacy Act (“BIPA”) is considered the most comprehensive law governing the processing of biometric data. Passed in 2008, BIPA sets out requirements for private entities, including employers, that collect, use, store, and share biometric information.  It’s also one of the most popular class action suits today – hundreds, if not thousands of cases have been filed in recent years – and there is no sign that the litigation is slowing down.

The Eighth Circuit Court of Appeals last week reversed the district court’s approval of a settlement and settlement class in the consolidated consumer class action arising from Target Corporation’s 2013 security incident.  This decision provided a new perspective on a persistent dilemma in the evolving law of data breaches:  how to handle data breach victims whose data was compromised but not misused, and therefore they cannot show concrete monetary harm.  Here, that issue has at least temporarily derailed a multi-million settlement of the last major lawsuit arising out of Target’s high-profile incident.

new German law, which grants authority to the country’s consumer and business associations to enforce compliance with data protection laws, goes into force on February 24, 2016.  A representative of the German Ministry of Justice pointed out that the new enforcement powers are specifically aimed at foreign companies having their headquarters or operating from outside Germany, including the U.S.