Findings under the Personal Information Protection and Electronic Documents Act (PIPEDA)
PIPEDA Case Summary #2009-011
Transit driver objects to use of technology (MDT and GPS) on company vehicle
[Principles 4.3, 4.3.5, 4.3.6 and 4.7; Subsection 5(3)]
- The use of technology to collect, use or disclose personal information may be an acceptable practice as long as it does not contravene any principles of the Act.
- In more rare situations, the form of consent (either express or implied) may vary, depending on a) the specific circumstances surrounding the situation; b) the appropriateness of the purpose for collecting, using or disclosing the information; and c) the sensitivity of the information.
An individual objected to the installation of a Mobile Data Terminal (“MDT”), which also contains a Global Positioning System tracking device (“GPS”), on vehicles he drives for a municipal transportation service available to mobility-reduced citizens. He alleged that the respondent was improperly collecting his personal information, namely his daily movements while on the job, through the installation of a MDT/GPS. The complainant also alleged that the organization was improperly collecting clients’ personal information.
The Assistant Commissioner determined that the information collected and used via the MDT/GPS system did not differ substantially in type or quantity from that collected and used under the manual system that was replaced. Further, the information in dispute was collected and used strictly for an appropriate purpose ─ that of providing an efficient service to clients. There was no evidence to suggest that any personal information collected by the new system was being used to manage employee performance.
The following is an overview of the investigation and the Assistant Commissioner’s findings.
Summary of Investigation
The complainant was a driver for a contractor providing door-to-door transportation services to mobility-impaired residents of a large city. His employer, the contractor, had been retained by the city public transportation organization to deliver these services. The complainant was a member of a transit union.
The city public transportation organization began using a GPS (Global Positioning System) and a MDT (Mobile Data Terminal) on vehicles operated by the contractor for the door-to-door service; the complainant’s vehicle was included. All drivers were notified in several bulletins of the installation of the devices. The complainant’s union was also made aware of it on several occasions.
The complainant alleged that the transit organization was using MDT/GPS for the following reasons: to keep track of his time throughout the day; to make sure he does not take a break or lunch; to time every pick-up and drop-off, and; to track his route and travel time.
Further, he alleged that the use of MDT/GPS violates clients’ privacy rights because their name, address and destination are fully viewable by a driver or any other person.
The MDT units are used to relay the same information between the drivers and dispatchers that had been relayed in the past via paper driver sheets and radio communication. On the sheet, the driver would record the pick-up and drop-off times as well as any fares collected. On the MDT, these times must now be entered by the driver by pressing a button. The MDT also now indicates the name and address of each client to be transported.
The organization contended that it was not now collecting any more information that it used to when using the driver sheets (also kept in the vehicle). Also, it claimed that since only the driver can view the small MDT screen, it is taking reasonable steps to keep client personal information confidential.
According to the organization, the purpose for using MDT/GPS is to increase efficiency and the quality of the service. For example, an MDT immediately indicates to drivers any scheduling changes. In so doing, it eliminates the need for dispatchers to contact drivers for changes. With MDTs, dispatchers can manage more vehicles and vehicle operator errors are reduced. Finally, MDT statistical analysis, using information about kilometres traveled, fares paid, and number of passengers and escorts, is automated. This information is used for operational purposes as well as to compile service and financially related statistics for the allocation of resources and budgeting.
The respondent contended that the GPS is used for route scheduling and service adjustments, and for more accurate vehicle-arrival information for clients. Emergency service is called by pressing a button; the GPS can give the vehicle’s exact location.
GPS information is retained for three months ─ only accessed if there is a client complaint. For example, the information could confirm whether the driver was present at the client’s address at the scheduled time and had waited for the client for the required three minutes.
As for the allegation of using personal information collected by GPS to manage employees, the respondent explained that it could not have done so at the time of the complaint since the organization did not employ any drivers at that time. Rather, the information was provided to the contractors so as to determine whether they were providing the service levels required by their contract.
(About a year after the complaint date, the organization did purchase its own vehicles and took on employees for the service, thus ending the need for contractors. The complainant was hired by the organization. While it is now theoretically possible for the organization to use personal information collected through the MDT/GPS system to manage its employees, it confirmed to this Office that its purposes for using this technology remain exclusively service improvement and client safety.)
Lastly, the respondent submitted that its use of MDT/GPS satisfies the privacy requirements of the Act since the technology is only used to increase service efficiency and quality (i.e. not for random or routine driver checks). It claimed that its use of MDT/GPS is consistent with the finding of this Office’s case summary # 351: Use of personal information collected by Global Positioning System considered, where a telecommunications company was installing GPS in work vehicles. In this case summary, the Assistant Commissioner accepted most of the purposes for which the company was collecting and using the information gathered by GPS and found that safety and dispatching improvements were compelling and acceptable purposes, for which the telecommunications company had the implied consent of employees.
Issued May 27, 2009
Application: Subsection 5(3) of the Act states that an organization may collect, use, or disclose personal information only for purposes that a reasonable person would consider are appropriate in the circumstances. Principle 4.3 states that knowledge and consent are required for the collection, use, or disclosure of personal information, except where inappropriate. Principle 4.3.5 provides that, in obtaining consent, the reasonable expectations of the individual are also relevant. Principle 4.3.6 speaks to the manner in which organizations seek consent. It states that the way in which an organization seeks consent may vary, depending on the circumstances and the type of information collected. An organization should generally seek express consent when the information is likely to be considered sensitive. Implied consent would generally be appropriate when the information is less sensitive. Principle 4.7 states that personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
In making her determinations, the Assistant Commissioner deliberated as follows:
- In the circumstances, it was reasonable for the respondent to assume it had the drivers’ implied consent to collect and use their personal information by MDT/GPS since they continued to provide their services after being advised of the devices’ installation. Prior to installing the MDT/GPS, a bulletin was circulated to the drivers, the union was apprised of the situation and training was provided. Any drivers who objected to having their personal information collected by MDT/GPS could have objected at that time. Further, the Assistant Commissioner deemed the personal information collected not to be sensitive and that it is information the respondent has legitimate interests in collecting in order to effectively deliver the transportation service. She also noted that the collection was not particularly privacy-invasive and the amount and type of personal information being collected had not materially changed from the former collection method. (Principles 4.3, 4.3.5 and 4.3.6 upheld)
- Similarly, it is reasonable for the respondent to assume it has the implied consent of its clients to collect their personal information. Clients must be aware that the respondent and its drivers require their name (for client authentication purposes), pick-up location (to deliver the service) and drop-off location (for route planning and scheduling purposes). (Principle 4.7 upheld)
- The use of MDT/GPS technology to improve efficiency and increase the quality of the service is an appropriate purpose under section 5(3) of the Act. The respondent had the implied consent of its clients and of the drivers to collect and use their personal information for these purposes during the period prior to the complainant being directly employed by the respondent. Contractors were only provided with the information where it was reported that a driver did not arrive at the scheduled time. The respondent’s purpose for relaying this information was not to prompt disciplinary action against a driver, but rather to hold the contractor to the service levels to which it had agreed.
- There is no evidence to corroborate the allegation that the personal information collected through MDT/GPS is used for employee management. It would appear that, ever since the time when the organization hired the drivers directly, it has remained committed to using the personal information gleaned through the use of MDT/GPS technology only to improve service delivery and client safety.
- In previous cases (including case summaries # 351 and # 281), the Assistant Commissioner posed certain questions in determining whether the use of technology to collect personal information was in compliance with the Act:
- Is the measure demonstrably necessary to meet a specific need and is it likely to be effective in meeting that need? In the current case, the Assistant Commissioner determined that the efficiency and service improvements sought could not be achieved without the use of MDT/GPS. Without real-time tracking of vehicle whereabouts, the respondent cannot provide enhanced customer service (through improved scheduling services and driver/dispatch communications) and increased client safety (through pinpointing the exact location of a vehicle in the event of an emergency).
- Is the loss of privacy proportional to the benefit gained? The respondent is collecting the same types of personal information as it previously collected on paper forms and, in this sense, its use of MDT/GPS is no more privacy invasive than the former tracking methods it used for over twenty years. Also, given the reporting requirements imposed on the drivers, their general whereabouts would be known even without the use of GPS. With regard to client privacy, the respondent has taken appropriate steps to safeguard client personal information displayed on the MDT screen by using small screens and positioning them towards the driver.
- Is there a less privacy-invasive way of achieving the same end? Given the advantages of using GPS, in terms of client safety (including shorter emergency response times) and convenience (being able to accurately determine a pick-up time), there is no less privacy-invasive way of achieving these improvements in safety and services.
The Assistant Commissioner concluded that the complaint was not well-founded.