First Biometric Information Privacy Act Trial Results in $228M Verdict

Last week, the first jury trial under the Illinois Biometric Privacy Act (BIPA) resulted in a $228 million verdict in favor of the plaintiff and the class.

The case, Rogers v. BNSF Railway Co., was filed in May 2019 and was pending in the U.S. District Court for the Northern District of Illinois. A class was certified in March 2022. Plaintiff alleged that BNSF unlawfully scanned his and other truck drivers’ fingerprints for identity verification when he and they visited BNSF rail yards. He claimed the company took this scan without written notice or consent as required under BIPA. BNSF argued, among other things, that the third-party vendor it hired to control gate access was the only party to collect drivers’ fingerprints, and that BNSF therefore had not independently violated BIPA. 

Pretrial briefing in the case was extensive. Each side filed several motions in limine seeking to bar or include certain evidence in the trial. For example, the Plaintiff found several references to use of “biometrics” or “biometric identities” on BNSF’s website that they alleged were responsive to former document requests. Anticipating objections from BNSF, Plaintiff filed a preemptive motion asking the court to permit them to introduce these exhibits at trial. Plaintiff were able to use this information at the trial and suggest that BNSF was aware of the biometric collection and that BNSF itself was collecting the information.

In contrast, BNSF filed a motion to bar any evidence suggesting it was or could be held liable for a third-party’s failure to comply with BIPA. BNSF argued that its third-party vendor was responsible for compliance with BIPA and that BNSF did not independently collect or use anyone’s biometric information. After taking the motion under advisement, the court issued a written opinion denying the motion by finding that BIPA is not irreconcilable with the common law of vicarious liability, and therefore vicarious liability was available in the case. As an alternative ground, the court found that Section 15(b) of BIPA which states that no private entity may “collect, capture, purchase, receive through trade, or otherwise obtain a person’s or a customer’s biometric identifier or biometric information” without notice and consent is sufficiently broad to encompass a third-party collecting data for a defendant. After losing this motion in limine, jury instructions ultimately included instructions on the potential agency relationship between BNSF and the third-party.

Ultimately, after reportedly only an hour of deliberations, the jury found BNSF liable for 45,600 willful/reckless violations of BIPA. Applying BIPA’s damages provision authorizing the award of “liquidated damages of $5,000 or actual damages, whichever is greater” for intentional or reckless violations, the verdict results in an expected damages award of approximately $228 million.

Before trial, BNSF made several motions for a stay in proceedings (which was briefly granted) pending the decision of Cothron v. White Castle System, Inc. — a case that was argued before the Seventh Circuit before being taken up on a certified question by the Illinois Supreme Court. The issue in Cothron is whether a claim accrues each time an individual uses a biometric device, or only the first time they are enrolled. The Illinois Supreme Court heard argument on May 17, 2022. The Illinois Supreme Court is simultaneously considering statute of limitations issues in Tims v. Blackhorse Carriers, an appeal of a First District Appellate Court decision on which we previously reported. Decisions in both Cothron and Tims are expected in short order, and each could significantly impact the BIPA landscape. But given the jury’s finding that BNSF violated BIPA once per driver, a decision in Cothron may have little impact on the BNSF case specifically.

Companies doing business in Illinois should continue to closely monitor their use of technology (whether directly or through a vendor) that may utilize biometric identifiers or biometric information as defined by the Illinois law. BIPA litigation has a history of large settlements powered by an uncapped statutory damages provision that can be invoked for even technical violations of the statute. The jury’s decision to award maximum statutory damages against BNSF for intentional or reckless violations shows, unfortunately, that such maximum statutory damages are not just a theoretical possibility. The end result is likely to be more BIPA suits with higher settlement demands, and plaintiff-friendly decisions in Cothron and Tims could further exacerbate this trend.