Advertisement

Column: FasTrak agencies may have sold out your privacy. Now they want legal immunity

With potentially billions of dollars in fines at stake, California transit authorities have enlisted a state senator to introduce legislation giving them a get-out-of-jail-free card for any past privacy misdeeds.
(Luis Sinco / Los Angeles Times)
Share

Transit authorities statewide have been targeted with lawsuits alleging that, among other privacy violations, information from toll-road transponders — think FasTrak — is being used to illegally market to drivers.

Transit agencies have taken the legal threat seriously enough that they’ve enlisted a Southern California state senator to introduce legislation giving them retroactive immunity — that is, a get-out-of-jail-free card for any past misdeeds.

At stake is potentially billions of dollars in fines.

And also your personal information.

“The transit agencies are apparently saying that there have been so many violations, if they don’t receive retroactive protection, they could be wiped out,” said Rosemary Shahan, president of Consumers for Auto Reliability and Safety, a Sacramento advocacy group.

Advertisement

“This bill basically says that all that bad stuff they did, it’s now legal,” she told me.

This is a complicated issue, and the legislation, Senate Bill 664, remains a work in progress. But after speaking with the bill’s author, state Sen. Ben Allen (D-Santa Monica), I’m prepared to give him the benefit of the doubt — even though, as you’ll see, his methods were less than desirable.

“I’ve always been a privacy guy,” Allen told me, clearly sensitive to charges from consumer advocates that he’s selling out people’s personal data.

“I want to be helpful to the transit agencies,” he said. “That is the only reason for my being involved with this bill. I intend to keep things really tight and not screw around with privacy concerns.”

California is interlaced with toll roads and bridges. The state’s largest network of toll roads is in Orange County, with more than 330,000 daily trips.

One element of Allen’s bill is to address what he calls “technical violations” of existing privacy law — toll-road operators sharing data with one another as drivers travel through different jurisdictions.

As many as seven lawsuits pending against transit agencies say this is illegal. That may indeed be the case, at least as the law is currently written.

Advertisement

But such “interoperability” among agencies, as well as with the Department of Motor Vehicles, is important for toll enforcement, so it seems appropriate to clarify that they have a need to communicate with one another.

In that sense, a degree of retroactive immunity is perhaps warranted. I suspect most of us have no problem with going after toll cheats.

However, not all privacy violations alleged in the lawsuits involve technical operations. Some involve questionable marketing practices, such as using people’s transit data to try and sell them things.

Lori Myers, 48, who is suing several Orange County transit agencies, told me she’s received numerous promotions via email for local businesses — promotions that she suspects are related to her daily travels.

“The emails always came after I used toll roads,” she said. “It seems very suspicious.”

However, Kit Cole, a spokeswoman for the Transportation Corridor Agencies, which operates FasTrak services in Orange County, insisted that any such promotions were part of a toll-roads rewards program, and FasTrak users need to give permission before they receive marketing pitches.

“If you don’t opt in, you don’t receive the promotions,” she said.

Myers, a lawyer, said she never opted in. “I’d definitely remember.”

Randy Rentschler, a spokesman for the Bay Area Toll Authority who also is representing Southern California agencies on this matter, said full retroactive immunity is necessary.

Advertisement

“We need this legislation because we’re spending millions of dollars on lawsuits that we think are frivolous,” he said.

I get what he’s saying on the interoperability question. But what about marketing pitches?

“We don’t do that,” Rentschler insisted. “Just because we’re being accused of things, that doesn’t make them true.”

OK, so why do you need retroactive immunity for privacy violations you didn’t commit?

Rentschler said they just do. “I’m not going to write legislation in the newspaper,” he added.

Section 31490 of the state’s Streets and Highways Code stipulates that “products and services” can be marketed to transponder subscribers using personally identifiable information “provided that the transportation agency has received the subscriber’s express written consent to receive the communications.”

Allen’s bill, as currently written, would loosen that. It would allow such communications with “affirmative electronic consent.”

What that means is that instead of making consumers go through the hassle of providing advance “written consent” for marketing — something very few people would do — “electronic consent” could be obtained by, say, having people check a box online, which can easily be done by mistake.

Advertisement

I pointed this out to Allen.

“I’ll look at that,” he pledged. “I’m not interested in allowing transit agencies to do a lot of marketing. It’s very easy to check a box you didn’t mean to check.”

Then there’s the way Allen introduced his bill. He took a relatively benign bill on voter information guides that already had received Senate approval, stripped out the existing language, and replaced it with his highly complex transit legislation.

The Senate bill then went to the Assembly without any prior public debate.

This process is called “gut and amend,” and it happens frequently in Sacramento to expedite legislation. Still, it’s not an appealing way for important issues to be treated, especially ones with significant privacy implications.

Allen told me he just used this process to act quickly, and he’s confident his legislation will receive sufficient scrutiny by both the Assembly and Senate.

“We can’t be in a situation where there could be billions of dollars in liability just because transit agencies shared names and addresses with one another,” he said.

Fair enough. It does no one any favors for California’s transit agencies — and taxpayers — to be in legal jeopardy just because existing law wasn’t written clearly enough to reflect how they need to do business.

Advertisement

But consumer advocates think the transit agencies are asking for too much.

“Going forward, there should be strict limits on information they can collect and share,” said Jamie Court, president of Consumer Watchdog, a Los Angeles advocacy group.

“Looking backward,” he said, “there shouldn’t be retroactive immunity. There should be a settlement brokered that addresses past violations.”

I agree, at least in regards to possibly illegal marketing.

The transit agencies say they did nothing wrong.

So they have nothing to worry about. Right?

Advertisement