Technology is rapidly advancing, and the law is trying to keep up. While this challenge is not new, technological advancements are impacting privacy rights in unprecedented ways. Using a fingerprint to clock in at work or face identification to unlock a smartphone provides ease and convenience, but at what cost?

Currently, there is no federal law that regulates the collection, use, and storage of biometric information in the private sector. On a local level, three states have enacted laws that specifically address biometrics. Of those, the Biometric Information Privacy Act (BIPA) in Illinois provides the strongest protections for consumers, who are entitled to a private right of action under the statute. Since the enactment of BIPA about a decade ago, hundreds of plaintiffs have brought legal action against companies operating in Illinois.

This Comment explains how the Illinois Supreme Court properly applied the state’s biometric information privacy statute and why the ruling in Rosenbach v. Six Flags should be a model for analyzing biometric information privacy rights. Part II will provide a brief history of privacy law in the United States and how the ubiquitous collection and use of biometric information threatens privacy rights. Next, Part III will describe the facts, issue, and holding of Rosenbach v. Six Flags. Part IV will analyze the court’s examination of statutory language and legislative intent and explain how those findings lay the foundation for future regulation of biometric information. Finally, this Comment will conclude with a recommendation for legislators to rely on Rosenbach as an example of how biometric privacy regulation should apply in states and, one day, nationwide.