Question: I just read something about a new state law enacted in May of 2018 that makes it illegal to use GPS tracking devices on equipment. Does this apply to me? If so, do I need to stop using telematics on my equipment?
James Waite’s Answers: Yes, it does potentially apply to your GPS / Telematics, and it might require you to stop using them, at least for now, unless you take specific steps to protect yourself.
In April of 2017, several privacy rules enacted during the Obama administration were overturned. Those rules prohibited the sharing with advertisers of consumers’ browsing information, and also required Internet Service Providers (“ISPs”) to take reasonable measures to protect consumers’ data.
A number of states had already begun introducing their own forms of internet privacy legislation, and unsurprisingly, those efforts expanded after April of 2017. Most of that legislation specifically prohibits collecting and using consumers’ data without their express written consent, and also prohibits ISPs from requiring them to consent to such use as a condition of using their internet service. Critically, much of the legislation, both proposed and enacted, specifically addresses GPS data and extends to a wide range of parties beyond ISPs. Following are some examples:
California: California Penal Code Section 637.7 prohibits any person or entity from using “an electronic tracking device to determine the location or movement of a person” via a “vehicle or other moveable thing.” Importantly, the statute goes on to say that it does not apply when the registered owner, lessor, or lessee has consented to the use of the electronic tracking device.
Illinois: 720 ILCS 5/21-2.5 makes it illegal to use GPS tracking to monitor the location of a vehicle without the vehicle owner’s consent, unless done by a law enforcement agency.
Delaware: 11 Delaware Code, Section 1335 makes it a violation of privacy to knowingly install an electronic or mechanical location tracking device in or on a motor vehicle “without the consent of the registered owner, lessor or lessee of said vehicle.”
Michigan: MCLS Section 750.539l makes the use of a GPS device on a leased motor vehicle without the knowledge and consent of the lessee or authorized operator illegal.
Texas: Texas Penal Code, Section 16.06 makes it illegal to install an electronic tracking device on a motor vehicle owned or leased by another person unless the effective consent of the owner or lessee of the motor vehicle is obtained before the electronic or mechanical tracking device is installed.
Note: State definitions of “motor vehicle” vary, but federal law (40 CFR § 85.1703) defines “motor vehicle” to include “any vehicle capable of transporting … persons or material…” In any event, think of dump trucks, cement trucks, water trucks, delivery trucks, pickups, ATVs, UTVs and of course, 18-wheelers.
Employee Privacy: Separately, there is the issue of employee privacy – think of your own delivery vehicles and personnel. In the past, most states permitted tracking of employees’ movements through the use of GPS systems installed on company-owned vehicles. Doing so is, of course, generally illegal with respect to employee-owned vehicles, particularly outside of work-hours, unless the employee consents. But what about cell-phones? Employers commonly provide them, many with GPS apps already installed without the employee’s knowledge. The law is less clear with respect to these apps, which are usually designed to automatically shut down outside of working hours – though many can be restarted with the touch of a button. More legislation is undoubtedly on the way with respect to mobile devices – see below.
A Data Issue at Facebook: In April, 2018, Mark Zuckerberg testified before Congress regarding the much discussed data breach at Facebook. Apparently, political consulting company, Cambridge Analytica (which closed its doors in May, 2018), used a quiz to, arguably legally, compile data on Facebook’s users and find potential voters for then candidate, Donald Trump prior to the 2016 Presidential election. That data was allegedly then improperly (in violation of Facebook’s user agreement) sold to a group which included ties to one or more Russian oligarchs seeking to influence the U.S. Presidential election. Whether that is true may never be known. Certainly, data breaches have become all too common, and electioneering efforts have existed for as long as there have been elections, but the frenzy generated by this particular case has caused consumer privacy groups to erupt in efforts to enhance privacy laws.
A Privacy Issue in Oklahoma Creates a Political Firestorm: As if to cap off this perfect storm, in December, 2017, Oklahoma Representative Mark McBride found a tracking device had been installed on his vehicle without his knowledge. He suspects the device was installed at the direction of an industry group that sought to discredit him after he criticized the group’s tax incentives. He filed a lawsuit and introduced new privacy legislation making “using GPS or [any] other monitoring device to track a person’s movement without the person’s consent” a criminal offense. The bill was signed into law in May of 2018, and the Oklahoma State Bureau of Investigation is reviewing the matter. Notably, the law excludes dealers and lenders who get a customer’s consent to having a GPS tracker installed.
Constitutional Issues: The Fourth Amendment to the U.S. Constitution prohibits “unreasonable searches and seizures” and requires “probable cause” for search warrants. In January 2012, the U.S. Supreme Court ruled that a warrant must be obtained before a law enforcement officer may attach a GPS tracking device to a suspect’s vehicle. The decision (United States v. Antoine Jones) focused on the physical intrusion on a suspect’s vehicle, and as a consequence, did not resolve the broader issue of whether the Fourth Amendment protects geolocation privacy rights generally. In fact, in United States v. Knotts (1983) the Supreme Court had previously held that information taken from electronic “beepers” could legally be used to track a suspect’s location without a warrant because the beeper didn’t invade any individual’s “legitimate expectation of privacy” – presumably in part because, in hindsight, the individual carried the beeper voluntarily; whereas the installation of a GPS device on an individual’s vehicle without his/her knowledge could not, by definition, have been voluntary on the part of the individual being tracked.
Then in 2014, in Riley v. California, the Supreme Court ruled that police need a warrant before searching the contents of a suspect’s cell phone. The Court specifically addressed the location history stored inside a phone, which had been collected via GPS, as an example of personal information which requires protection. Whether or not you agree with this decision, broadly speaking, it appears to reverse U.S. v. Knotts, at least with respect to whether data generated by a voluntarily carried device can be accessed without a warrant. It will also likely impact the employee privacy issues regarding cell phones discussed above. The result, at least at this point: If you want to use GPS data, get consent or get a warrant.
The above referenced Supreme Court rulings were rendered in criminal, rather than civil, cases. Criminal cases, which can yield jail time, require a higher standard of proof (“beyond a reasonable doubt”), and therefore tend to make privacy rights and other individual protections a bigger issue than do “civil” matters – generally, those involving claims for monetary damages and sometimes specific performance or “injunctive” relief. Nonetheless, the above cases make geolocation information legally relevant at the highest level, and in my opinion, open the door for further judicial activism as well as additional legislation at both the federal and state levels.
Proposed Federal Statutes: To that end, Congress has proposed legislation to prevent misuse of geolocation information by law enforcement officials, private companies, and individuals. New laws that have been proposed include: (a) the Geolocation Privacy and Surveillance Act (“GPS Act”), which would prohibit businesses from disclosing geographical tracking data about its customers to others without the customers’ permission (reintroduced to Congress in 2017); (b) the Online Communications and Geolocation Protection Act (not reintroduced in the current Congress); and (c) the Location Privacy Protection Act (also not reintroduced in the current Congress). Given the current political environment, others are likely to follow.
Outcome for Equipment Lessors: Obviously, data protection has become one of the most important issues to appear on the legal and political landscapes in some time. States are now commonly prohibiting the use of geolocation information without the consent of customers, and greater protections are almost certainly on the horizon.
A Legal Free-for-All: As you probably know, much of the heavy equipment now being sold in the United States comes pre-equipped with telematics from the manufacturer, and a number of after-market providers are installing it on older machines. Add to that the need to monitor critical technology such as Tier 4 devices, and separately, the Federal Motor Carrier Safety Administration’s recent mandate that commercial vehicles be equipped with electronic logging devices, and you have a potential legal free-for-all. If you comply with federal law, are you violating state law? Answer: You may well be unless you obtain your customer’s consent.
If you Rent, they must Consent: Equipment Lessors who use GPS devices must now make certain they have the legal right to collect and monitor GPS data. Get your customers’ consent. Failure to do so could result in fines and/or jail time.
What to Do: Here are the steps you should take immediately, even if you’re in a state that hasn’t yet adopted a GPS privacy law:
- Revise your rental contract to add the customer’s consent to your collection and monitoring of electronic information, including GPS data, generated by or in connection with the use or location of your equipment.
- Separately, because the data itself can have substantial commercial value (think of mines and well-site locations), include a clause which provides that, you, the equipment lessor, own the data. Such a provision may still be contested by your lessee, but because you own most of the equipment you rent, you will have a strong argument that you are the rightful owner of all data regarding its use and location. Note: If we wrote your Rental Contract, don’t be too concerned. We began including the necessary language in our clients’ rental contracts several years ago.
- Attach a sign or decal to each item equipped with GPS notifying the customer of the fact that GPS has been installed and may be monitored during each rental.
GPS and other telematics information can be immensely helpful. Not only do telematics devices enhance security and reduce theft, they also increase revenues (think of monitoring hours and charging for excess use), reduce damage (e.g., low fluid levels, Tier 4 regeneration overrides, etc.) enhance efficiency and reduce costs. Few industry participants initially anticipated that something as beneficial as telematics might also yield fines and/or criminal penalties, but that is, in fact, what equipment lessors in a growing number of states are now facing. This is not something you can afford to ignore or delay if you are using telematics. Feel free to contact us if we can help.
James R. Waite is a business lawyer with over 20 years in the equipment industry. He authored the American Rental Association’s book on rental contracts, and represents equipment lessors throughout North America on a wide range of issues, including corporate law, dealership agreements, rental contracts, and buying, selling and financing businesses and their equipment. He is a veteran of the United States Air Force, has a BBA in Finance from the University of Texas at San Antonio, a Juris Doctor from St. Mary’s University, and an MBA from Northwestern University. He can be reached at (866) 582-2586, or via email at email@example.com.