Biometric Privacy Trial Is a Milestone in Privacy Law

Woods Rogers

Generally, biometric privacy laws seek to protect the unique attributes of human beings that could be leveraged to access sensitive information about them, such as fingerprints and the measurements utilized for facial recognition technologies.

Illinois has emerged as a leader at the forefront of biometric privacy law expansion.  When it first enacted the Biometric Information Privacy Act (BIPA) in 2008, Illinois was the only state to have a biometric data privacy law. Since then, multiple other jurisdictions have followed suit. Still, BIPA stands as an exemplar due to the broad scope of its coverage. This law requires advanced written notice and consent for the collection or storage of biometric identifiers or biometric information. Notably, unlike most other state biometric privacy laws, BIPA creates a private right of action authorizing minimum damages of $1,000 for negligent violations and $5,000 for reckless violations.

Under that private right of action, on October 12, 2022, a federal jury found that BNSF Railway violated BIPA resulting in a $228 million class damages award. The BNSF case marks the first time a BIPA case has proceeded through trial. Plaintiffs’ attorneys argued that BNSF went awry in the implementation of an auto-gate system used to secure its cargo facilities. To enter, truck drivers were registered into the auto-gate system in a process that included scanning the drivers’ fingerprints. BNSF did not obtain written consent and the truck drivers were never informed how long their fingerprint data would be stored. The jury determined that BNSF had either recklessly or intentionally violated BIPA 45,600 times—matching a defense expert’s estimation for the number of truck drivers who were fingerprinted.

This case serves as a milestone in biometric privacy law that could hold valuable lessons for the future. Businesses that use biometric data will need to adapt as more jurisdictions incorporate their own biometric information regulations. 

Phillip Harmon, an Associate in the Cybersecurity & Data Privacy Practice contributed to this article.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Woods Rogers | Attorney Advertising

Written by:

Woods Rogers


  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Woods Rogers on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide