In today’s Tech@Work: Truck drivers win a landmark verdict in a first-of-its-kind biometric privacy trial; new research addresses the dearth of geospatial technology regulation; and an American Airline subsidiary moves toward settlement in its own biometric privacy lawsuit.

Jury Awards Truck Drivers Landmark Verdict in First Illinois Biometric Privacy Trial

In the first biometrics privacy class action to go to trial in Illinois, a class of over 45,000 truck drivers won a $228 million judgment against BNSF Railway Co. in October. After a five day trial, the jury in Richard Rogers v. BNSF Railway Company found that BNSF violated Illinois’ Biometric Information Privacy Act (BIPA) by improperly collecting employee fingerprints without consent. BNSF has said that it will appeal the judgment.

The truck drivers alleged that BNSF required them to scan their fingerprints for identity-verification purposes when accessing corporate facilities. However, according to the allegation, BNSF failed to comply with BIPA’s disclosure rules and never communicated to employees the purpose of the fingerprint collection or the company’s data retention and destruction policies.

BIPA permits a maximum penalty of $5,000 for each “willful or reckless” violation and a maximum penalty of $1,000 for each “negligent” violation. In this case, the jury found that BNSF recklessly or intentionally violated BIPA 45,600 times — reflecting one violation per class member — thereby subjecting BNSF to a $5,000 penalty per class member.

During the relevant period, BNSF had hired a third-party, Remprex LLC, to handle the biometric data collection and processing of its drivers’ fingerprints. As such, BNSF argued that it should not be held liable for BIPA violations, and responsibility should instead lie at the feet of the third-party contractor. The jury nonetheless found BNSF responsible for remaining in compliance with the law, an important precedent for future BIPA class action suits.

New Research Report Addresses Lack of Regulation in Geospatial Technology Industry

The American Association of Geographers (AAG) recently published a White Paper on Locational Information and the Public Interest evaluating the impact of geospatial technologies on organizational productivity and workers’ privacy. The report specifically addresses the dearth of regulations targeted at geospatial data across the federal, state, and local levels in the U.S., and provides suggestions for devising a regulatory system for the industry going forward.

Although geospatial and other locational technologies carry a robust set of potential benefits, the report raises concerns about individual and collective privacy. For example, the authors cite corporate enterprises’ ability to track employee movement and, in turn, exert outsized influence on their behavior as a disturbing downside of locational technology.

Historically, geospatial data companies have advocated for deregulation in hopes of preserving the status quo of self-monitoring and self-imposing ethical codes of conduct. Additionally, these companies are known for their “well-financed lobbying” efforts, which have thus far stymied legislation to properly “secure the rights of and respect for geospatial privacy interest.”

Thus, in the age of employer-driven surveillance and locational control, the report’s authors advocate for a global, enforceable regulatory system that protects workers’ privacy against geospatial software producers. The authors’ proposed regulatory system features a few key characteristics: protecting individual and collective privacy, assuring corporate accountability through independent compliance monitoring, promoting transparency through public sharing of audits, and engendering meaningful participation by workers in determining the use and role of potentially harmful surveillance systems.

Though the report does not provide for specific legislation or regulations, the authors’ suggestions aim to encourage policymakers to go beyond solely “business self-enforcement of ethical principles” and devise a holistic regulatory system.

Envoy Air to Pay $300K to Settle Biometric Privacy Lawsuit

Envoy Air Inc., a subsidiary of American Airlines Group, is one step closer to settling a class action lawsuit alleging the airline violated BIPA. The $300,000 settlement agreement received preliminary approval in early October by the Northern District of Illinois after the two sides negotiated an agreement over the summer.

The lawsuit brought in Abudayyeh v. Envoy Air Inc. claimed that, since 2015, Envoy impermissibly collected employees’ finger- and handprints for corporate timekeeping systems without first obtaining written consent from workers, a breach of BIPA requirements. The airline responded by arguing that the claims were preempted by the Airline Deregulation Act (ADA), though the court found that the purpose of Envoy’s data collection was unrelated to passenger transportation safety and therefore rejected defendant’s preemption argument. However, defendants secured a partial victory as the court dismissed the plaintiffs’ claims after 2016, finding that the workers’ union agreed to a grievance procedure with the airline in 2016 that authorized the collection of employee biometric data.

The $300,000 pay out will be distributed among 350 class members. The hearing for final approval of the settlement is set for January 23, 2023.