Chapter 5: Federal and State Regulators and Enforcement of Privacy Law
Additional State Protections: Torts, BIPA, and the AADC Act
States add protection via constitutions, common-law privacy torts, and contract theories. Illinois's BIPA (2008) requires notice and consent for biometrics and has a private right of action; California's Age-Appropriate Design Code Act (2022) protects users under 18.
State constitutions may expressly recognize a right to privacy
Common-law privacy torts: intrusion upon seclusion, appropriation of name/likeness, publicity given to private life, and false light
Contract theories - e.g., breach of a promise of confidentiality by a physician or financial institution
🧩 Two influential state statutes
BIPA (Illinois, 2008) requires notice and informed consent before using biometric data and has a private right of action - the source of major class actions since 2015. California's Age-Appropriate Design Code Act (2022), modeled on the UK's, covers online services likely accessed by children under 18 and requires high-privacy default settings.
⚠️ Two different age lines
COPPA protects children under 13; California's Age-Appropriate Design Code Act protects users under 18. The exam will tempt you to swap these thresholds.
Key terms - quick answers
What is “Privacy torts”?
Common-law claims: intrusion upon seclusion, appropriation of name or likeness, publicity given to private life, and false light.
What is “BIPA”?
Illinois's Biometric Information Privacy Act (2008), requiring notice and informed consent before using biometric data and providing a private right of action.
What is “Age-Appropriate Design Code Act”?
A 2022 California law, modeled on the UK's, imposing obligations on online services likely accessed by children under 18, including high-privacy default settings.