Data privacy, law compliance & telematics
The concern over loss of privacy and abuse has increased. More countries are moving towards upgrading their data privacy or data protection laws.
As more and more companies become aware of the benefits of GPS fleet tracking, the technology is quickly becoming a pillar in many industries and countries throughout the world. However, with this proliferation, the concern over loss of privacy and even abuse has also increased. As a universal trend, more countries are moving towards upgrading their data privacy or data protection laws to make them more comprehensive and robust. These laws are designed to protect consumers, employees, and ordinary citizens from the potential of illegal surveillance and unlawful disclosure of their personal information. Data protection authorities, which are independent public authorities responsible for monitoring the application of these new laws, are increasingly active. This includes imposing fines on companies who deliberately or negligently violate data protection laws.
While data protection laws and data protection authorities vary in different national (and in the case of the EU, supranational) jurisdictions, the requirements are often very similar. In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) sets out the ground rules for how private sector organizations may collect, use and disclose personal information (including GPS tracking data) in the course of commercial activities. The Office of the Privacy Commissioner of Canada is responsible for ensuring that organizations comply with the law.
The legality of GPS fleet tracking was examined by the Office of the Privacy Commissioner twice, in 2006 and 2009, after employees complained that the GPS tracking violated their privacy rights. The decisions in these cases provide good guidance for companies who use fleet tracking. The Privacy Commissioner asked three main questions to determine whether GPS tracking was lawful:
- Is the measure demonstrably necessary to meet a specific need and is it likely to be effective in meeting that need?
- Is the loss of privacy proportional to the benefit gained?
- Is there a less privacy-invasive way of achieving the same end?
After conducting an investigation, the Privacy Commissioner found that the GPS tracking was “reasonable and beneficial” for managing workforce productivity, safety and development, as well as for asset protection and management. However, the Privacy Commissioner was concerned that the GPS tracking could expand through “function creep” and reach a point where it would infringe on employees’ privacy rights. The company responded by issuing a clear policy on GPS data utilization for performance management. They set out clear terms and conditions, and explained the exceptional circumstances in which GPS data may provide information and assist in addressing a productivity issue.
The moral of the story is that companies that use GPS fleet tracking have legal responsibilities that they must be aware of and address. An easy to understand and accessible GPS use policy helps both large and small companies avoid liability and inform employees. A GPS policy should include the following:
- The kind of information that is being collected.
- The way the information will be used.
- The fact that information will not be disclosed to a third party unless consented to or required by law
- The benefits of collecting this information to the company.
- The benefits of this information to the employee.
- The fact that the information can be challenged at any time by employees.
- The fact that any changes to the policy will be provided to employees.
GPS tracking has benefits for companies, as well as their employees. Companies will do well in thinking the system through from both perspectives and articulating the benefits for both. As concern over privacy will no doubt increase in the coming years, companies will do well to collect and use data responsibly, securely and transparently. It has been said that “bad cases make bad law” and the opposite is true as well. GPS fleet tracking is no exception.
By Jeremiah Quinn Clement-Schlimm Quinn studies Political Science and American Studies at at the University of Toronto (Trinity College) and spent his summer at Geotab Inc. analyzing data privacy and protection laws around the world.
If you liked this post, let us know!
Geotab's blog posts are intended to provide information and encourage discussion on topics of interest to the telematics community at large. Geotab is not providing technical, professional or legal advice through these blog posts. While every effort has been made to ensure the information in this blog post is timely and accurate, errors and omissions may occur, and the information presented here may become out-of-date with the passage of time.
Subscribe to the Geotab Blog
Sign up for monthly news and tips from our award-winning fleet management blog. You can unsubscribe at any time.
Other posts you might like
ELD self-certification: What you need to know
Get answers to frequently asked questions about ELD self-certification.
April 15, 2021
A five-step sanctions-control action plan for the telematics industry
Recent U.S. sanctions enforcement action has lessons for telematics providers.
April 9, 2021
ELD data transfer options for Geotab Drive
Learn how to perform ELD data transfers at inspection sites with Geotab Drive.
April 6, 2021