Categories
Biometric Privacy Legal Landscape Case Law Developments

$228M Damages Award Vacated in First BIPA Trial

Karen H. Shin |

The U.S. District Court of the Northern District of Illinois vacated a $228 million damages award in Rogers v. BNSF Railway Co., the first case tried to a verdict under the Illinois Biometric Information Privacy Act (“BIPA”). In Rogers v. BNSF Railway Co., rail workers alleged that BNSF Railway Co. (“BNSF”) collected their biometric information without informed consent. The jury found that BNSF had recklessly or intentionally violated BIPA 45,600 times (one violation per class member). BIPA provides that intentional or reckless violations of BIPA may result in liquidated damages of $5,000 or actual damages, whichever is greater.

The prior award resulted from multiplying the number of BIPA violations by $5,000 to arrive at $228 million. While the court upheld the verdict that the company violated the BIPA, it held that damages were discretionary under BIPA (due to the term “may”) and ordered a new trial limited to the question of damages.


To read more articles from the August 2023 edition of Blank Rome’s BR Privacy & Security Download, please visit our website.

Categories
Biometric Privacy Legal Landscape Case Law Developments Class Action Litigation Defense Strategies

First Biometric Privacy Jury Trial Results in Massive $228 Million Dollar Verdict

Amanda M. Noonan |

A federal district court in the Northern District of Illinois conducted the first-ever jury trial in an Illinois Biometric Information Privacy Act (“BIPA”) case. On October 12, 2022, the jury returned a verdict for the plaintiff—and more than 45,000 class members—regarding defendant BNSF Railway’s (“BNSF”) reckless violations of BIPA. See Rogers v. BNSF Railway Co., No. 1:19-cv-03083 (N.D. Ill. Oct. 12, 2022). Plaintiffs’ claims centered on BNSF’s collection of fingerprints to verify their identities and allow access to BNSF’s facilities without obtaining their written consent, as required under BIPA Section 15(b).

After a five-day trial—and only an hour of deliberations—the jury found BNSF not only violated BIPA 46,500 times, but did so intentionally or recklessly under 735 ILCS 14/20(2). The jury’s finding on that issue quintupled plaintiff’s damages award to $5,000 per violation, as opposed to $1,000 per negligent violation. As a result, District Judge Matthew Kennelly entered a $228 million dollar damages award in plaintiffs’ favor following the verdict. BNSF has stated it intends to appeal.

The implications of the verdict loom large. On the plaintiff’s side, counsel will likely increase the already large-scale BIPA filings and push for higher settlement amounts, using the prospect of a successful jury trial as a bargaining chip. Given the stakes, BIPA defendants may be more inclined to seek early resolution once named in a BIPA class action to avoid a bet-the-company litigation at all costs.

Considering the verdict, early compliance efforts by companies implementing biometric technology are even more crucial to avoid BIPA litigation in the first instance. Significantly, companies using any technology that could arguably constitute biometrics—regardless of the sophistication—may be targeted by zealous plaintiff’s attorneys seeking to join the ever-increasing cascade of BIPA class action filings. Biometrics privacy counsel should thus be consulted to address compliance strategies to protect against the catastrophic risks of a BIPA verdict at the earliest possible opportunity.

Categories
Case Law Developments

Illinois Appellate Court Clarifies Applicable Limitations Period in BIPA Class Action Litigation

David J. Oberly |

On September 17, 2021, the Illinois Appellate Court First District delivered its much-anticipated decision in Tims v. Black Horse Carriers, Inc., 2021 IL App (1st) 200563 (1st Dist. Sep. 17, 2021), addressing the applicable statute of limitations for causes of action asserted under the Illinois Biometric Information Privacy Act (“BIPA”).

The court held that claims brought under Sections 15(a), (b), and (e)—pertaining to the law’s privacy policy/data destruction, notice/consent, and data security requirements—are subject to a five-year statute of limitations. Conversely, claims asserted under Sections 15(c) and (d)—relating to the law’s ban on profiting from biometric data and disclosure limitations—are subject to a one-year limitations period.

Importantly, in finding that BIPA’s two most commonly asserted provisions, Sections 15(a) and (b), are subject to the longer five-year limitations period, the opinion ensures that the tsunami of class action BIPA filings will continue to flood the courts for the foreseeable future.