First Trial Under the Illinois Biometric Information Privacy Act Results in $228m Verdict

After recent multi-million dollar settlements by Google, Snapchat, Facebook, and TikTok involving claims for alleged violations of the Illinois Biometric Information Privacy Act (“BIPA”), which were highlighted in our recent blog post on the issue, the first jury trial under BIPA was held in October 2022 and resulted in a $228 million verdict in favor of the Plaintiff and the class.

The case was filed in May 2019 in the U.S. District Court for the Northern District of Illinois by a truck driver who alleged that BNSF Railway Co. violated BIPA by scanning his and other truck drivers’ fingerprints for identity verification when they visited BNSF railyards without providing written notice or obtaining written consent as required under BIPA.

BSNF argued that it had not violated BIPA because the fingerprints were collected by a third-party vendor that it had hired to control access to the railyard and that the third-party vendor and not BNSF was responsible for compliance with BIPA.

However, after only an hour of deliberation, the jury rejected BNSF’s arguments and found BNSF liable for 45,600 willful or reckless violations of BIPA. Under BIPA, the damages for each such willful or reckless violation is “liquidated damages of $5,000 or actual damages, whichever is greater” which resulted in a total award of approximately $228 million against BNSF.

In light of the recent large settlements and this even larger jury verdict for violations of BIPA, companies doing business in Illinois should expect more BIPA suits with even higher settlement demands and should closely monitor any biometric information that may be collected from residents of Illinois (by the company or its vendors) to ensure that any such collection complies with BIPA. It is also critical to ensure that contracts with vendors that may collect biometric information from residents of Illinois contain appropriate assurances that the vendor will comply with BIPA, audit rights to verify compliance, and indemnification rights for any violations of BIPA by the vendor.