Data privacy, law compliance & telematics

As more and more companies become aware of the benefits of GPS fleet tracking, the technology is quickly becoming a pillar in many industries and countries throughout the world. However, with this proliferation, the concern over loss of privacy and even abuse has also increased. As a universal trend, more countries are moving towards upgrading their data privacy or data protection laws to make them more comprehensive and robust. These laws are designed to protect consumers, employees, and ordinary citizens from the potential of illegal surveillance and unlawful disclosure of their personal information. Data protection authorities, which are independent public authorities responsible for monitoring the application of these new laws, are increasingly active. This includes imposing fines on companies who deliberately or negligently violate data protection laws.

While data protection laws and data protection authorities vary in different national (and in the case of the EU, supranational) jurisdictions, the requirements are often very similar. In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) sets out the ground rules for how private sector organizations may collect, use and disclose personal information (including GPS tracking data) in the course of commercial activities. The Office of the Privacy Commissioner of Canada is responsible for ensuring that organizations comply with the law.

The legality of GPS fleet tracking was examined by the Office of the Privacy Commissioner twice, in 2006 and 2009, after employees complained that the GPS tracking violated their privacy rights. The decisions in these cases provide good guidance for companies who use fleet tracking. The Privacy Commissioner asked three main questions to determine whether GPS tracking was lawful:

• Is the measure demonstrably necessary to meet a specific need and is it likely to be effective in meeting that need?
• Is the loss of privacy proportional to the benefit gained?
• Is there a less privacy-invasive way of achieving the same end?

After conducting an investigation, the Privacy Commissioner found that the GPS tracking was “reasonable and beneficial” for managing workforce productivity, safety and development, as well as for asset protection and management. However, the Privacy Commissioner was concerned that the GPS tracking could expand through “function creep” and reach a point where it would infringe on employees’ privacy rights. The company responded by issuing a clear policy on GPS data utilization for performance management. They set out clear terms and conditions, and explained the exceptional circumstances in which GPS data may provide information and assist in addressing a productivity issue.

The moral of the story is that companies that use GPS fleet tracking have legal responsibilities that they must be aware of and address. An easy to understand and accessible GPS use policy helps both large and small companies avoid liability and inform employees. A GPS policy should include the following:

• The kind of information that is being collected.
• The way the information will be used.
• The fact that information will not be disclosed to a third party unless consented to or required by law
• The benefits of collecting this information to the company.
• The benefits of this information to the employee.
• The fact that the information can be challenged at any time by employees.
• The fact that any changes to the policy will be provided to employees.

GPS tracking has benefits for companies, as well as their employees. Companies will do well in thinking the system through from both perspectives and articulating the benefits for both. As concern over privacy will no doubt increase in the coming years, companies will do well to collect and use data responsibly, securely and transparently. It has been said that “bad cases make bad law” and the opposite is true as well. GPS fleet tracking is no exception.

By Jeremiah Quinn Clement-Schlimm
Quinn studies Political Science and American Studies at at the University of Toronto (Trinity College) and spent his summer at Geotab Inc. analyzing data privacy and protection laws around the world.