Opinion
19 C 3083
09-26-2022
MEMORANDUM OPINION AND ORDER ON DEFENDANT'S MOTION IN LIMINE 1
MATTHEW F. KENNELLY UNITED STATES DISTRICT JUDGE
In this order, the Court rules on Defendant BNSF's motion in limine 1 filed in connection with the upcoming trial in this case, which is set to begin on October 4, 2022. BNSF moves to exclude evidence, testimony, or argument suggesting that it is or can be held liable under BIPA for any acts by third parties. For the following reasons, the Court denies BNSF's motion.
Rogers alleges that BNSF violated section 15(b) of the Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14/15(b), when it collected and stored his biometric information without obtaining his consent or informing him of its data retention policies. The parties do not dispute that BNSF contracted with a third-party company, Remprex, to operate the equipment that collected Rogers' biometric information. It also appears to be undisputed that Remprex obtained the information without following the notice and consent requirements in section 15(b). BNSF contends, however, that it cannot be held responsible for Remprex's actions because BIPA does not impose liability for the acts of a third party. The Court notes that Rogers also asserts what might loosely be called a claim of direct liability that is not encompassed by BNSF's motion in limine.
The Court denies BNSF's motion in limine for two reasons. First, Illinois statutes incorporate the common law unless they are irreconcilable with it, and that is not the case with BIPA. Second, even if BIPA were irreconcilable with the common law, the "otherwise obtain" language in section 15(b) is broad enough to encompass the situation where a third party collects data for or at the behest of the defendant. In addition, the Court concludes that BNSF's "active step" argument, at least as the Court understands it, has no bearing on this motion in limine regarding BNSF's potential liability for Remprex's actions.
Discussion
Section 15(b) of BIPA states that "[n]o private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person's or a customer's biometric identifier or biometric information" without providing notice to and obtaining written consent from that person. 740 ILCS 14/15(b). The statute defines "private entity" as" any individual, partnership, corporation, limited liability company, association, or other group, however organized." 740 ILCS 14/10.
A. BIPA and the common law
BNSF argues that BIPA does not impose vicarious liability because the statute does not expressly define "private entity" to include agents or contractors. It cites two other Illinois statutes and a federal statute that expressly mention agents or incorporate principles of agency law and contends that the absence of similar language in BIPA shows the Illinois legislature's intent to preclude vicarious liability. During argument on the motion, BNSF's counsel conceded that a corporation could be liable under BIPA if one of its employees committed the violation, which is, of course, a form of vicarious liability. This, it seems, undermines BNSF's contention that the statute does not authorize imposition of vicarious liability. Despite this, BNSF seems to contend that the statute draws, or requires, a distinction between internal corporate agents that the corporation employs and external agents that the corporation hires. It's hard to see, however, how one can torture this distinction out of BIPA's text.
More generally, under Illinois law, "[s]tatutes are to be construed in reference to the principles of the common law.” Carle Foundation v. Dep't of Revenue, 396 Ill.App.3d 329, 340, 917 N.E.2d 1136, 1146 (2009) (quoting Mackin v. Haven, 187 Ill. 480, 493, 58 N.E. 448, 452 (1900)). "Under the doctrine of respondeat superior, a principal may be held liable for the tortious actions of an agent which cause a plaintiff's injury, even if the principal does not himself engage in any conduct in relation to the plaintiff," Woods v. Cole, 181 Ill.2d 512, 517, 693 N.E.2d 333, 336 (1998), and "[i]t is well established that legislation intended to abrogate the common law must be clearly and plainly expressed." Bd. of Trs. of Cmty. Coll. Dist. No. 508 v. Coopers & Lybrand, 208 Ill.2d 259, 269, 803 N.E.2d 460, 466 (2003). Given that "[w]hen statutes are enacted after judicial opinions are published, it must be presumed that the legislature acted with knowledge of the governing case law," People v. Hickman, 163 Ill.2d 250, 262, 644 N.E.2d 1147, 1153 (1994), the text of BIPA would preclude vicarious liability only if it "clearly and plainly expressed" the legislature's intent to do so. Coopers & Lybrand, 208 Ill.2d at 269, 803 N.E.2d at 466.
BNSF also relies on Zekman v. Direct American Marketers, 182 Ill.2d 359, 695 N.E.2d 853 (1998), in which the court held that an Illinois statute did not impose liability for knowingly receiving the benefit of a third party's fraud because the text of the statute only mentioned "unfair methods of competition and unfair or deceptive acts or practices." Id. at 369, 695 N.E.2d at 858. Zekman is inapplicable in this case, however, as Illinois common law does not recognize the receipt of benefits of a third party's fraud as a tort but does recognize vicarious liability for privacy torts committed by an agent. See, e.g., Lawlor v. N. Am. Corp. of Ill., 2012 IL 112530, ¶ 51, 983 N.E.2d 414, 429 ("[T]here was a sufficient basis for the jury to conclude that [the principal] directed, controlled, or authorized the method in which [the agent] performed the work" in committing the tort of inclusion upon seclusion).
That is not the case with BIPA. Without any mention of agency law or vicarious liability in the text of the statute, there is no express statement of legislative intent to abrogate either doctrine. BNSF instead relies on the absence of any reference to agents to support its interpretation, but "it is not enough to justify the inference of abrogation from the simple fact that a subsequent statute covers some, or even all, of the questions covered by the common law; there 'must be an irreconcilable repugnancy.'" Rush Univ. Med. Ctr. v. Sessions, 2012 IL 112906, ¶ 18, 980 N.E.2d 45, 51. There is no "irreconcilable repugnancy" between the text of BIPA and vicarious liability, however, as BIPA's inclusion of "corporation" in its definition of "private entity" is reasonably interpreted to include the corporation's agents, including its employees and other hired agents. See Shager v. Upjohn Co., 913 F.2d 398, 404 (7th Cir. 1990) ("[A]n employer, at least where it is a corporation, acts only through agents"); Trust Co. of Chi. v. Sutherland Hotel Co., 389 Ill. 67, 72, 58 N.E.2d 860, 863 (1945) ("[A] corporation can only act through its officers, agents or servants."). As a result, this Court agrees with its colleague Judge Manish Shah that "while BIPA is limited to 'private entities,' the text does not close the door on traditional theories of agency liability." Wordlaw v. Enter. Leasing Co. of Chi., LLC, No. 20 C 3200, 2020 WL 7490414, at *6 n.2 (N.D. Ill.Dec. 21, 2020).
B. "Otherwise obtain"
Separately, the language of BIPA is broad enough to reach defendants like BNSF that hire third parties to collect data on their behalf. Section 15(b) states that "[n]o private entity may collect, capture, purchase, receive through trade, or otherwise obtain" an individual's biometric information. 740 ILCS 14/15(b) (emphasis added). That language itself makes clear that BNSF need not have "collected" the data itself to be liable; otherwise the quoted clause would have stopped right after the word "collect." The language "otherwise obtain" is rather broad, and, in the Court's view, broad enough to encompass the situation alleged in this case: A hires B to collect data that A has determined it needs. The Court agrees with the following construction of "otherwise obtain" by Judge Robart of the Western District of Washington:
The catch-all phrase "otherwise obtain" is not defined by BIPA. See 740 ILCS 14/10. Where a term is undefined, "i]t is entirely appropriate to employ the dictionary as a resource to ascertain [its] meaning." Lacey v. v. Village of Palatine, 232 Ill.2d 349, 904 N.E.2d 18, 26 (2009). "Obtain" is defined as "[t]o come into the possession of,” or “to get, acquire, or secure." Obtain, Oxford English Dictionary, https://www.oed.com/view/Entry/130002 (last visited Mar. 9, 2021). "Otherwise" means "[i]n a different manner; in another way, or in other ways." Black's Law Dictionary 1101 (6th ed. 1990); see also Otherwise, Oxford English Dictionary, https://www.oed.com/view/Entry/133247 (last visited Mar. 9, 2021). Accordingly, in context, § 15(b) is triggered whenever a private entity acquires biometric data in the enumerated ways-collecting, capturing, purchasing, receiving through trade-or gets the biometric data in some other way.Vance v. Amazon.com Inc., 525 F.Supp.3d 1301, 1312 (W.D. Wash. 2021).
There's enough evidence here that BNSF "g[ot] the plaintiffs' biometric data in some other way"-specifically by hiring Remprex to collect such data on BNSF's behalf for the purpose of regulating entry into BNSF's railyard. In addition, there is evidence that BNSF "ultimately called the shots on whether and how biometric information is collected." Rogers v. BNSF Ry. Co., No. 19 C 3083, 2022 WL 787955, at *7 (N.D. Ill. Mar. 15, 2022) (describing e-mail addresses suggesting that BNSF employees registered drivers, contractual provisions requiring Remprex to train BNSF employees on the technology, and "the admitted fact that 'Remprex takes direction from BNSF regarding the management and use of the [technology] pursuant to a Master Agreement between the two entities'"). The Court also notes that it is at least contended that BNSF had the ability to require Remprex to provide it with data that had been collected; if so, that's further evidence supporting plaintiffs' contentions regarding the imposition of liability on BNSF.
In sum, the Court concludes that the "otherwise obtain" language is itself broad enough to bring within BIPA's reach an entity (like BNSF) that hires someone else (like Remprex) to obtain biometric data on its behalf.
C. "Active step"
BNSF's other argument for exclusion is not really directly relevant to the vicarious liability issue in the Court's view. BNSF contends that a defendant is only liable under BIPA once it completes the act of collecting, capturing, purchasing, receiving through trade, or otherwise obtaining a plaintiff's biometric data, and that taking an "active step" toward doing so is not sufficient to violate section 15(b). Some courts have concluded that section 15(b) requires an "active step" before liability may be imposed. See, e.g., Jacobs v. Hanwha Techwin Am., Inc., No. 21 C 866, 2021 WL 3172967, at *2 (N.D. Ill. July 27, 2021); Heard v. Becton, Dickinson, & Co., 449 F.Supp.3d 960, 966 (N.D. Ill. 2020). This is a dubious proposition in the Court's view; it amounts to adding language that the statute doesn't include when it requires "collect[ing], captur[ing], purchas[ing], receiv[ing] through trade, or otherwise obtain[ing]" data. But even if an active step is required, a reasonable finding could be made that BNSF took one by hiring Remprex to collect biometric data on its (BNSF's) behalf. And if BNSF's contention is that a completed act of collecting or obtaining (etc.) of data is required, that requirement is met here as well, as there is no dispute that Remprex actually collected data on BNSF's behalf.
Conclusion
For the foregoing reasons, the Court denies BNSF's first motion in limine.