On June 30, 2023 the Northern District of Illinois vacated the $228 million damages award previously entered in the first jury trial arising under Illinois’ Biometric Information Privacy Act (BIPA), and ordered a new jury trial limited to the determination of damages only. The case, Rogers v. BNSF Railway, Co., No. 19-cv-03083 (N.D. Ill. June 30, 2023), was brought on behalf of a class of truck drivers who claimed that BNSF illegally required them to scan their fingerprints when entering its railyards.
The jury found that BNSF violated BIPA 45,600 times, an amount equal to the estimated number of truck drivers in the class who had their fingerprints scanned during the time period at issue. The jury also determined that BNSF’s BIPA violations had been “reckless or intentional” as opposed to “negligent,” an important decision because a “reckless or intentional” violation carries damages of $5,000 per violation instead of $1,000 for a “negligent” violation. Judge Matthew Kennelly of the U.S District Court for the Northern District of Illinois conducted a straightforward damages calculation, and multiplied the 45,600 “reckless and intentional” BIPA violations by $5,000, reaching a damages award of $228 million.
Both parties filed motions regarding the judgment, and the Court granted BNSF’s motion for a new trial on damages but otherwise denied both parties’ motions. Specifically, the District Court agreed with BNSF, who argued that the amount of damages is a question for the jury to decide. In reaching this conclusion, the District Court relied on the Illinois Supreme Court’s recent ruling in Cothron v. White Castle Sys., Inc., 2023 IL 128004, which states that BIPA damages are apparently discretionary rather than mandatory.
The Rogers and Cothron court’s conclusion that BIPA damages are discretionary rather than mandatory is based on section 20 of the BIPA statute, which states that “[a] prevailing party may recover for each violation[.]” (emphasis added.) The use of "may" and "each violation" indicated to the Rogers Court that, to the extent damages are discretionary, the discretion does not depend on the number of violations. The Court further concluded that because damages under BIPA section 20 are discretionary, after a finding of liability, a damages award is a question for the jury.
If the parties do not settle in Rogers v. BNSF Railway, Co., the trial will be the first time that a jury determines damages for BIPA violations. Importantly, the discretionary language about damages presents a threat to plaintiff’s ability to actually obtain a financial recovery under the BIPA statute.
This latest order in the Rogers case demonstrates that damages for BIPA violations remain an unsettled area of law, and companies that collect biometric data should take immediate action to avoid entanglement with BIPA, given the potential for significant liability. Companies should ensure compliance with the law and develop appropriate contractual protections when dealing with third-party vendors who collect biometrics. The attorneys at Segal McCambridge have extensive backgrounds in both employment law and cyber risk matters and are well-versed in all aspects involving claims brought under BIPA.