BIPA Settlement Claims & Privacy Class Action Settlements (2026 Guide)

The Illinois Biometric Information Privacy Act (BIPA), enacted in 2008, is the most powerful biometric data privacy law in the United States. BIPA requires companies that collect biometric identifiers — fingerprints, retina scans, voiceprints, facial geometry — to obtain written consent, disclose data retention policies, and refrain from selling or profiting from biometric data. Critically, BIPA allows individuals to sue directly and recover statutory damages of $1,000 to $5,000 per violation — without proving any actual financial harm.

This "no harm required" structure is what makes BIPA such a powerful class action vehicle. Unlike data breach cases where plaintiffs must show their information was actually misused, a BIPA plaintiff only needs to show that a company collected their biometric data without proper consent. When a company scans millions of faces or fingerprints without the required disclosures, each scan potentially represents a separate violation — meaning total exposure can reach billions of dollars.

Illinois courts have interpreted BIPA broadly. The Illinois Supreme Court ruled in Cothron v. White Castle that each biometric scan or transmission is a separate BIPA violation — not a one-time violation for the entire relationship. This ruling multiplied potential damages for every company scanning Illinois employees or customers on multiple occasions.

While BIPA applies primarily to Illinois residents, the precedent is national. Major BIPA settlements have involved Facebook, Google, TikTok, Snapchat, Amazon, and hundreds of employers using fingerprint time clocks or facial recognition. Texas, Washington, and New York have enacted similar biometric privacy laws. Illinois BIPA cases alone have produced more than $2 billion in class action settlements since 2015.

Privacy class action settlements fall into several distinct categories, each with its own legal theory and eligibility criteria:

Biometric Data Collection (BIPA): Companies that scanned your fingerprint, used facial recognition, or collected voiceprints without proper written consent. Common contexts: employer timekeeping systems, consumer app photo filters, retail facial recognition for loss prevention, gym and healthcare check-in systems. Primarily affects Illinois residents, though Texas and Washington have comparable laws.

Pixel Tracking and Third-Party Data Sharing: Companies that embedded Meta Pixel, Google Analytics, or other tracking code on sensitive websites — health portals, financial platforms, therapy services — transmitting your information to advertisers without informed consent. Healthcare providers have been especially hard hit. These cases often pay $50–$250 per claimant with no documentation required.

Social Media Privacy Violations: Platforms that collected user data beyond what was disclosed, shared data with third parties without adequate consent, or used behavioral tracking that violated their own stated policies. Facebook's $725 million Cambridge Analytica settlement, TikTok's $92 million privacy settlement, and Snapchat's $35 million BIPA settlement are the highest-profile examples — collectively affecting hundreds of millions of users.

Workplace Biometric Surveillance: Employers who used fingerprint scanners, facial recognition cameras, or voice recognition for timekeeping or access control without BIPA-compliant disclosures. These produce the highest per-employee payouts in Illinois settlements since employees may be scanned multiple times per day.

Location Data and Data Broker Cases: Apps and services that collected, sold, or shared precise geolocation data or detailed consumer profiles without adequate disclosure or consent. State privacy laws including California's CCPA and various state wiretapping statutes have generated settlement exposure across dozens of companies.

Privacy and biometric data settlements have produced some of the largest per-person class action payouts in history. Here are the most significant cases:

Facebook / Meta — Illinois Biometric Data ($650M)

Facebook's "Tag Suggestions" facial recognition feature — which automatically identified faces in uploaded photos — generated a landmark BIPA class action. Meta agreed to a $650 million settlement in 2021. Illinois Facebook users whose faces were scanned between 2011 and 2020 received $200–$400 per person. A separate $725 million Cambridge Analytica settlement later covered all US users for general privacy violations.

TikTok — Biometric Data and Privacy ($92M)

TikTok settled claims it collected biometric data from users without consent — including facial geometry and voiceprints from videos — and shared data with third parties. The $92 million settlement covered US TikTok users before September 2021. Illinois residents received $85–$167 per person for BIPA claims; all US users received approximately $27+ for general privacy claims.

Snapchat — Illinois Biometric Data ($35M)

Snapchat's AR photo and video filters use facial mapping technology. Illinois residents who used Snapchat between November 2015 and November 2022 were eligible for the $35 million BIPA settlement. This case established that consumer app facial filters — not just workplace biometric scanners — fall squarely under BIPA.

Google Photos — Illinois Facial Recognition ($100M)

Google's Photos app groups photos by recognized faces using facial recognition technology. Illinois users received a $100 million BIPA settlement for unconsented facial geometry scans. Approximately 1.4 million class members received payouts in the $50–$80 range.

Healthcare Pixel Tracking Settlements (2024–2026)

Dozens of healthcare systems and telehealth providers face class actions for embedding tracking pixels on patient portals without consent. Settled cases include Advocate Aurora Health ($12.25M), Mass General Brigham ($18.4M), The Christ Hospital ($7M fund), and HealthPartners ($6M). Telehealth companies including BetterHelp and Cerebral have also settled. Eligibility: patients who used affected websites during class periods — no proof of harm required.

BIPA settlements have historically paid $200–$800 per Illinois class member, with some cases paying more depending on the frequency of biometric scans. The statutory damages provision ($1,000 per negligent violation, $5,000 per intentional violation) forces defendants to settle for significant per-person amounts even after attorney fees.

Healthcare pixel tracking cases typically pay $50–$250 per patient. Because these cases affect patients at specific regional hospital systems with limited media coverage, claim rates tend to be low — meaning each claimant receives a larger share of the fund.

Social media privacy settlements have paid $20–$167 per class member depending on claim volume. Major cases paid lower per-person amounts due to high claim rates from media coverage; smaller, less-publicized settlements often pay more per person.

The decisive variable is the claim rate. A $10 million settlement with only a 5% claim rate (5,000 claimants of 100,000 eligible) pays roughly $1,600 per person after fees. The same settlement at 25% claim rate pays about $320. Regional privacy settlements — hospital systems, regional employers, smaller tech companies — often pay far more per person than national headline cases.

Documented loss claims pay significantly more. If you experienced identity theft, unauthorized account access, or incurred costs like credit monitoring due to the privacy violation, many settlements offer documented-loss tiers reimbursing $500–$5,000 per claimant. Always check whether a settlement has this tier before filing only a basic attestation claim.

For BIPA settlements: You typically qualify if you (1) were an Illinois resident when your biometric data was collected, (2) your biometric identifier was scanned or stored by the defendant during the class period, and (3) the defendant failed to obtain written consent or publish a proper biometric data retention policy. For workplace cases, you must have been an employee who used the biometric timekeeping or access system. For app-based cases, you must have used the app's biometric features while an Illinois resident.

For pixel tracking / healthcare settlements: You qualify if you (1) were a registered user of the affected website, (2) visited pages where tracking code transmitted your data to Meta, Google, or other third parties during the class period, and (3) meet geographic requirements — usually US residents, sometimes specific states. No proof of harm required.

For social media privacy settlements: Eligibility is typically broad — US residents who used the platform during the class period. Illinois residents usually receive higher payments for BIPA components while all US users are eligible for general privacy fund distributions.

For workplace biometric settlements: You must have been employed in Illinois during the class period and used the biometric timekeeping or security system as a condition of employment. Most settlements accept employee attestation without documentation.

You do not need a settlement notice letter to file. Many class members never receive notice. Active searching on SettlementRadar is the most reliable way to find open privacy settlements relevant to your history.

Step 1: Find the settlement on SettlementRadar. Search the company name — "TikTok," "Snapchat," "Northwell Health," your employer's name. Each settlement page shows the class period, eligibility requirements, and links directly to the official claim form.

Step 2: Verify your eligibility. For BIPA cases, confirm you were an Illinois resident when your biometric data was collected and used the specific biometric feature during the class period. For pixel tracking cases, confirm you were a registered user who visited the affected pages during the class period.

Step 3: Complete the claim form. Privacy settlement forms typically ask for your name and mailing address, the email address associated with your account (check old inboxes for account confirmation emails), your state of residence during the class period, and an eligibility attestation.

Step 4: Choose your payment method. Most modern settlements offer PayPal, Venmo, Zelle, ACH direct deposit, or check. Digital methods typically process faster after final court approval.

Step 5: Check for documented-loss tiers. If you experienced identity theft or incurred costs from the privacy violation, file under the higher documentation tier. Even a single receipt or account statement can multiply your payment significantly over a basic attestation.

Step 6: File early and save your confirmation. Privacy settlement deadlines are strict — no extensions granted. Settlement websites commonly crash in the 24–48 hours before major deadlines. File at least one week early and keep your confirmation number until payment arrives (typically 6–18 months after the filing deadline).

BIPA remains the most powerful statute for biometric privacy class actions, but other laws are generating major settlements across the country:

The Video Privacy Protection Act (VPPA) — a 1988 federal law — prohibits disclosure of video viewing histories without consent. Courts have applied it to streaming sites and media websites using Meta Pixel, producing settlements from BuzzFeed ($9M), FloSports ($2.6M), the Boston Globe ($4–5M), and dozens of other publishers. If you subscribe to any digital media outlet that hosts videos, there may be an active VPPA settlement covering you.

California's CCPA gives residents rights over their personal data and a private right of action for data breaches. Multiple CCPA-related privacy settlements have resolved in 2024–2026, and more are ongoing.

State wiretapping laws — California's CIPA, Pennsylvania's WESCA, Florida's FSCA — are being applied to pixel tracking and session replay tools, creating new settlement exposure for retailers, financial services companies, and other industries beyond healthcare.

Illinois expanded privacy liability with the Genetic Information Privacy Act (GIPA), covering genetic data collected in workplace wellness programs — already generating class action litigation against employers.

For 2026, the most active new privacy settlement fronts are: healthcare pixel cases, AI companies using biometric data for model training without consent, apps collecting children's data under COPPA, and data brokers facing state-law challenges for building and selling consumer profiles. SettlementRadar monitors all these categories and alerts subscribers when new matching settlements open.