Share
  • Download PDF 

CCJ: Mitigating legal risks against collecting truck drivers’ biometric data

Trucking companies have come to rely on in-cab cameras to monitor for distracted or drowsy driving, among other things.

Illinois’ Biometric Information Privacy Act (BIPA), which went into effect in 2008, protects improper collection and mishandling of biometric data. Companies collecting biometric information should state that biometric data is being collected and stored, the purpose of doing so, the length of term, and obtain a written release from the subject.

As carriers faced an increased number of class action lawsuits, Greg Feary, president and managing partner at transportation law firm Scopelitis Garvin Light Hanson & Feary, said a major area of litigation in the trucking industry involves drivers filing lawsuits against their employers over privacy concerns related to the biometric data gathered by truck technology.

Matt Hart, executive director of the Illinois Trucking Association, said the association is engaging in amending the law. “They were trying to regulate future technology. They wrote biometric information to be so broad that it included technology that can even recognize the shape of a human head. So, no retinal scan, no facial scan, but just basically, if a technology can recognize a human head, which may have seemed like a huge advancement in 2008. In 2044, it is very common.”

Hart said this has led to a lot of frivolous lawsuits. Many may not be aware that it existed. “If you’re an interstate trucking company and you’ve got a terminal, you know, located in Ohio, but you’re driving through Illinois all the time, you weren’t even aware that the law existed.”

Face capture in trucking technology is not uncommon, ranging from inward facing cameras to voice-enabled assistance, and finger scanning technology.

Feary said that these lawsuits have become popular for two reasons: one, plaintiff’s attorneys feel this is a new area of law and they can take advantage of and offer creative arguments; and two, there are damages under some of these laws that up until recently would mean that a company could see judgments for each and every instance of a biometric capture, leading to astronomical damages for companies doing business in Illinois.

In August, Illinois Governor J.B. Pritzker signed into law an amendment to the state’s BIPA, making it clear that an individual can only recover one statutory penalty – either a $1,000 for negligent violations, or $5,000 for reckless and intentional violation – when their biometrics are collected. Not with each subsequent individual scan. It also allowed companies to obtain consent electronically for the collection of biometric data.

While the limitations can be beneficial, Hart also pointed out, “I don’t know how [the electronic signature is] going to help us. I certainly know our members that provide camera services have indicated that most of them aren’t equipped for that kind of electronic signature.”

Jared Kramer, attorney at Scopelitis Garvin Light Hanson & Feary, explained that Illinois still stands out as the only biometric privacy law that provides for a private right of action. Texas and Washington also have laws regulating the collection, storage and disclosure of biometric identifiers. Both the Texas and Washington laws can only be enforced by the state, while there are a couple of municipalities that have also enacted biometric privacy legislation, such as Portland, Oregon, and New York City, which both prohibit the use of facial recognition technology with certain narrow exemption.

“There’s been an increasing trend of states enacting broad consumer privacy legislation, which often, as part of that broad legislation, addressed the collection of biometric data and biometric information,” said Kramer. This started in 2018 with California enacting the California Consumer Privacy Act. Since then, there’s been a proliferation of broad state consumer privacy legislation enacted throughout the country.

The best defense

Hart said the best defense is still getting prior written authorization. “If you are using cameras, particularly cameras that are located in the cab of the truck, make sure that you do have written authorization from the driver, authorizing the use of those cameras and that you are recording their information.”

Feary said the number one way for carriers to watch out for these kinds of privacy laws related to biometric information is to pay attention to their operating areas. “Just because I’m a carrier that’s based in Indiana doesn’t mean I’m not going to be subject to Illinois jurisdiction when it comes to this,” he said.

Next, is to have policies that follow those laws, including disclosure and consent. Feary said, “Handle the data exactly as the law allows it to be handled and delete when it must be deleted and in the way it needs to be deleted.”

In terms of BIPA, Kramer said companies need to destroy biometric data either when the purpose for collecting data initially is satisfied or within three years of the individual’s last interaction with the company. “With regard to policy, they need to have a policy that includes the retention and destruction schedule,” Kramer said, “and they also need to make sure that policy is publicly available on the company website.”

The most common mistake is being unaware, said Feary and Kramer; unaware of the requirements associated with biometric data, and being unaware of the technology that can be considered as capturing biometric information.

Kramer said, “Oftentimes, carriers are surprised to learn that there are allegations that the technology that isn’t being used specifically for purposes of identifying someone might be considered to be biometrics.”

Hart said understanding the law is important as cameras are a proven safety tool in the industry. “That is one of reasons we worked so hard to fix [it as] it has become a deterrent to safety. And we’ve had camera companies who have told us they refuse to operate their cameras in the state of Illinois for fear of these lawsuits.”

For example, while a camera can provide extra safety measures as it’s traveling across Illinois, when it gets to Indiana, the camera shuts down. “You lose that safety component,” said Hart. “Safety should always be the top priority.”

***
Scopelitis President & Managing Partner Greg Feary and Scopelitis Attorney Jared Kramer were interviewed by Commercial Carrier Journal Senior Editor Pamella De Leon for this story. Original piece published at: https://www.ccjdigital.com/technology/driver-coaching-and-scorecarding/article/15682600/driver-cameras-and-truck-driver-privacy-rights
***
Related Topics

News from Scopelitis is intended as a report to our clients and friends on developments affecting the transportation industry. The published material does not constitute an exhaustive legal study and should not be regarded or relied upon as individual legal advice or opinion.

CCJ: Mitigating legal risks against collecting truck drivers’ biometric data

Trucking companies have come to rely on in-cab cameras to monitor for distracted or drowsy driving, among other things.

Illinois’ Biometric Information Privacy Act (BIPA), which went into effect in 2008, protects improper collection and mishandling of biometric data. Companies collecting biometric information should state that biometric data is being collected and stored, the purpose of doing so, the length of term, and obtain a written release from the subject.

As carriers faced an increased number of class action lawsuits, Greg Feary, president and managing partner at transportation law firm Scopelitis Garvin Light Hanson & Feary, said a major area of litigation in the trucking industry involves drivers filing lawsuits against their employers over privacy concerns related to the biometric data gathered by truck technology.

Matt Hart, executive director of the Illinois Trucking Association, said the association is engaging in amending the law. “They were trying to regulate future technology. They wrote biometric information to be so broad that it included technology that can even recognize the shape of a human head. So, no retinal scan, no facial scan, but just basically, if a technology can recognize a human head, which may have seemed like a huge advancement in 2008. In 2044, it is very common.”

Hart said this has led to a lot of frivolous lawsuits. Many may not be aware that it existed. “If you’re an interstate trucking company and you’ve got a terminal, you know, located in Ohio, but you’re driving through Illinois all the time, you weren’t even aware that the law existed.”

Face capture in trucking technology is not uncommon, ranging from inward facing cameras to voice-enabled assistance, and finger scanning technology.

Feary said that these lawsuits have become popular for two reasons: one, plaintiff’s attorneys feel this is a new area of law and they can take advantage of and offer creative arguments; and two, there are damages under some of these laws that up until recently would mean that a company could see judgments for each and every instance of a biometric capture, leading to astronomical damages for companies doing business in Illinois.

In August, Illinois Governor J.B. Pritzker signed into law an amendment to the state’s BIPA, making it clear that an individual can only recover one statutory penalty – either a $1,000 for negligent violations, or $5,000 for reckless and intentional violation – when their biometrics are collected. Not with each subsequent individual scan. It also allowed companies to obtain consent electronically for the collection of biometric data.

While the limitations can be beneficial, Hart also pointed out, “I don’t know how [the electronic signature is] going to help us. I certainly know our members that provide camera services have indicated that most of them aren’t equipped for that kind of electronic signature.”

Jared Kramer, attorney at Scopelitis Garvin Light Hanson & Feary, explained that Illinois still stands out as the only biometric privacy law that provides for a private right of action. Texas and Washington also have laws regulating the collection, storage and disclosure of biometric identifiers. Both the Texas and Washington laws can only be enforced by the state, while there are a couple of municipalities that have also enacted biometric privacy legislation, such as Portland, Oregon, and New York City, which both prohibit the use of facial recognition technology with certain narrow exemption.

“There’s been an increasing trend of states enacting broad consumer privacy legislation, which often, as part of that broad legislation, addressed the collection of biometric data and biometric information,” said Kramer. This started in 2018 with California enacting the California Consumer Privacy Act. Since then, there’s been a proliferation of broad state consumer privacy legislation enacted throughout the country.

The best defense

Hart said the best defense is still getting prior written authorization. “If you are using cameras, particularly cameras that are located in the cab of the truck, make sure that you do have written authorization from the driver, authorizing the use of those cameras and that you are recording their information.”

Feary said the number one way for carriers to watch out for these kinds of privacy laws related to biometric information is to pay attention to their operating areas. “Just because I’m a carrier that’s based in Indiana doesn’t mean I’m not going to be subject to Illinois jurisdiction when it comes to this,” he said.

Next, is to have policies that follow those laws, including disclosure and consent. Feary said, “Handle the data exactly as the law allows it to be handled and delete when it must be deleted and in the way it needs to be deleted.”

In terms of BIPA, Kramer said companies need to destroy biometric data either when the purpose for collecting data initially is satisfied or within three years of the individual’s last interaction with the company. “With regard to policy, they need to have a policy that includes the retention and destruction schedule,” Kramer said, “and they also need to make sure that policy is publicly available on the company website.”

The most common mistake is being unaware, said Feary and Kramer; unaware of the requirements associated with biometric data, and being unaware of the technology that can be considered as capturing biometric information.

Kramer said, “Oftentimes, carriers are surprised to learn that there are allegations that the technology that isn’t being used specifically for purposes of identifying someone might be considered to be biometrics.”

Hart said understanding the law is important as cameras are a proven safety tool in the industry. “That is one of reasons we worked so hard to fix [it as] it has become a deterrent to safety. And we’ve had camera companies who have told us they refuse to operate their cameras in the state of Illinois for fear of these lawsuits.”

For example, while a camera can provide extra safety measures as it’s traveling across Illinois, when it gets to Indiana, the camera shuts down. “You lose that safety component,” said Hart. “Safety should always be the top priority.”

***
Scopelitis President & Managing Partner Greg Feary and Scopelitis Attorney Jared Kramer were interviewed by Commercial Carrier Journal Senior Editor Pamella De Leon for this story. Original piece published at: https://www.ccjdigital.com/technology/driver-coaching-and-scorecarding/article/15682600/driver-cameras-and-truck-driver-privacy-rights
***

News from Scopelitis is intended as a report to our clients and friends on developments affecting the transportation industry. The published material does not constitute an exhaustive legal study and should not be regarded or relied upon as individual legal advice or opinion.