- with readers working within the Metals & Mining industries
- within Energy and Natural Resources topic(s)
A U.S. district court in Illinois has recently held that a commercial general liability policy's “access or disclosure of confidential or personal information” exclusion defeated cover for a class action alleging the retention and use of facial‑recognition data. The court concluded that biometric information derived from facial geometry falls within “confidential or personal information”, and therefore the insurer had no duty to defend or indemnify.
Background
Ackercamps operated a photo‑sharing platform for summer camps. Camps uploaded images of children; the platform used facial‑recognition technology to match those images to existing profiles and alert parents when new photos appeared. Claimants brought a putative class action alleging that Ackercamps captured and stored facial geometry in violation of the Illinois Biometric Information Privacy Act (BIPA). Ackercamps sought cover from its CGL insurer. The insurer denied cover and later sought a declaration of no duty to defend or indemnify. Ackercamps counterclaimed for coverage, estoppel, and bad faith.
Personal and Advertising Injury Cover and the Exclusion
The policy included a personal and advertising injury insuring section, but it also contained an endorsement excluding “‘personal and advertising injury' arising out of any access to or disclosure of any person's or organisation's confidential or personal information”. The parties agreed that, absent the endorsement, the personal and advertising injury section could encompass the BIPA allegations. The dispute turned entirely on whether the exclusion applied.
The Court's Analysis
The court aligned its interpretation with recent Seventh Circuit authorities, which treated biometric identifiers as “confidential or personal information” because they are uniquely identifying and susceptible to misuse. It also found persuasive a district court decision, which gave the phrase its ordinary meaning and reached the same result under a similar exclusion.
On that footing, the court held that information derived from facial geometry is “confidential or personal information” as used in the endorsement. Because the underlying complaint alleged injuries “arising out of” the collection, retention, and use of such data, the exclusion unambiguously barred cover for both defence and indemnity.
Ackercamps argued that reading the endorsement so broadly would render the personal and advertising injury cover illusory. The court disagreed. It explained that this part of the policy still responds to a range of publication‑based claims – such as misuse of a person's photograph or likeness – so long as they do not depend on accessing or disclosing confidential or personal information as defined. The exclusion, therefore, narrows but does not nullify cover.
The court also rejected Ackercamps' estoppel and bad‑faith theories. Because the insurer's coverage position was correct under the policy, there was no basis to estop the insurer from asserting defences and no unreasonable claims handling to support bad faith.
Takeaway
Biometric privacy suits frequently turn on data‑privacy exclusions embedded in CGL policies. Where an “access or disclosure of confidential or personal information” endorsement is present, courts are increasingly treating biometric identifiers – such as facial geometry – as within the scope of “confidential or personal information”. That interpretation can eliminate both the duty to defend and indemnity, while leaving the personal and advertising injury section intact for other publication‑based injuries that do not involve accessing or disclosing protected personal data. Insureds handling biometric information should scrutinise privacy‑related exclusions to avoid coverage pitfalls.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
[View Source]