In a welcome win for defendants litigating claims under the Illinois Biometric Information Privacy Act (“BIPA”), earlier this month a Northern District of Illinois magistrate judge denied a plaintiff’s motion to compel communications between defendant Union Pacific Railroad Company (“Union Pacific”) and the vendors that provided it with fingerprint-activated security gates. Fleury v. Union Pac. R.R. Co., No. 20 C 390, 2024 WL 1620613, at *4-6 (N.D. Ill. Apr. 15, 2024). In so doing, the court implicitly affirmed that, in a BIPA lawsuit, the common interest doctrine presumptively protects the communications between biometric technology vendors and their customers, regardless of which entities are named as defendants. This ruling is a powerful tool in the BIPA landscape for employers (who are typically the customers in this scenario) and other defendants alike because it supports the ability of BIPA defendants to coordinate their defense strategy with entities who share their legal interest. The opinion is also a good reminder, however, that vendors and their customers should use best practices early on in a BIPA litigation to maximize the scope of the common interest doctrine.

Union Pacific operates a network of railroads in North America that includes facilities located in Illinois. The plaintiff, who worked as a truck driver in 2019, alleged that Union Pacific violated BIPA by requiring him and class members to scan their fingerprints at an entry gate kiosk each time they entered the railyard without their consent, among other claims.

BIPA lawsuits are typically aimed at third-party vendors who operate the technology that captures biometric information, the customers of these vendors, or both. Many plaintiffs are going after their former employers, for example, for using biometric technology in the workplace provided by various vendors (e.g., fingerprint timekeeping clocks). Thus, such lawsuits often benefit from coordination between these various players, regardless of whether they are named defendants in the lawsuit. 

Judge Cole’s April 15 decision affirms the importance of the common privilege doctrine in protecting communications among BIPA lawsuit targets. The plaintiffs sought to compel production of correspondence between counsel for Union Pacific and counsel for the vendors that licensed and sold the finger scan technology and hardware to Union Pacific. Union Pacific refused, claiming that the communications were protected by the “common interest privilege.” 

Judge Cole agreed that “the defendant has some common legal interests with its software and hardware providers in a BIPA case.” Fleury, No. 20 C 390, 2024 WL 1620613, at *4-6. He reminded the parties that the common privilege interest was an extension of the attorney-client privilege and applied when entities shared an “identical” interest in the suit, though the interest “need not be compatible in all respects.” Id. While a written joint defense agreement is “one factor to consider,” it is not dispositive. 

Given that the vendors’ technology prompted key issues in the case regarding the alleged collection, capture and disclosure of biometric information, “one can say that the defendant and [the vendors] have some common legal interests.” However, similar to the assertion of other privileges, the protection extends only to communications that further this common interest. Judge Cole concluded his decision by ordering Union Pacific to produce a privilege log of the purportedly protected communications. 

Judge Cole’s implication that communications between biometric technology vendors and their customers are presumptively protected under the common privilege doctrine is a welcome development for defendants. However, the decision is also a reminder for defendants to follow best practices when forming alliances with interested parties. These practices include entering into clear joint defense agreements and limiting written communications to those that truly reflect a common legal interest.

Listen to this post