The Privacy Class Action Review - 2023 - Report - Page 31
BIPA did not apply because of statutory exemption was without merit, as none of the
asserted exemptions applied to the plaintiffs. Fourth, the court determined the five-year
statute of limitations period applied to the plaintiffs’ claims such that the claims were
timely-filed.
Although the court noted that the statute of limitations issue was before the Illinois
Supreme Court, it observed that the defendants did not provide any persuasive
indications that the Illinois Supreme Court will apply a one-year statute of limitations
when it decides Tims, et al. v. Black Horse Carriers, Inc., 452 Ill. Dec. 48 (Ill. Jan 26,
2022). The court, therefore, declined to dismiss the claims on this basis. Finally, the
court turned to the defendants’ argument that the plaintiffs’ request for liquidated
damages should be dismissed because they failed to plausibly allege recklessness or
willfulness. The court determined that since requests for liquidated damages are not
claims under the BIPA, but rather demands for relief, the plaintiffs were not required to
plead facts showing the defendants’ recklessness or willfulness.
In Rogers, et al. v. BNSF Railway Co, 2022 U.S. Dist. LEXIS 173322 (N.D. Ill. Sept. 26,
2022), the plaintiff, a truck driver, filed a class action lawsuit alleging that the defendant
unlawfully required drivers entering the company’s facilities to provide their biometric
information through a fingerprint scanner. The plaintiff asserted that the defendant
collected the drivers’ fingerprints without first obtaining informed written consent or
providing a written policy that complied with the BIPA and therefore violated §§ 15(a)
and (b) of the BIPA. The defendant argued that it did not operate the biometric
equipment and instead sought to shift blame to a third-party vendor who operated the
biometric equipment that collected drivers’ fingerprints.
The court ordered the matter to trial. The defendant subsequently filed a motion in
limine to exclude evidence, testimony, or argument suggesting that it could be held
liable under the BIPA for any acts by third parties. The court denied the defendant’s
motion. The defendant contracted with a third-party company, Remprex, to operate the
equipment that collected biometric information, which Remprex obtained without
following the notice and consent requirements in § 15(b). The defendant asserted that it
could not be held responsible for Remprex's actions because the BIPA did not impose
liability for the acts of a third party. The defendant stated that the BIPA does not impose
vicarious liability because the statute does not expressly define "private entity" to
include agents or contractors. Id. at *3. The court ruled that the language of the BIPA
was broad enough to reach the defendant here where it hired third parties to collect
data on its behalf. Id. at *5. The court noted that the relevant text was that no private
entity may "collect, capture, purchase, receive through trade, or otherwise obtain" an
individual's biometric information without that person's written and informed consent. Id.
Thus, the court concluded that the defendant need not have “collected” the information
to be held liable, and that any liability could be included in the language “otherwise
obtain.” Id. at *6.
Accordingly, in context, § 15(b) is triggered whenever a private entity acquires biometric
data in the enumerated ways – collecting, capturing, purchasing, receiving through
30
© Duane Morris LLP 2023
Duane Morris Privacy Class Action Review – 2023
