NJ Scrap Tire Act Privacy Concerns

IAPP Privacy News

Published January 20th, 2026

Detected March 14th, 2026

Summary

New Jersey's Scrap Tire Act, effective January 20, 2026, mandates electronic tracking of scrap tires, potentially conflicting with existing privacy laws. Businesses face criminal liability if tracking violates employee privacy statutes, creating a compliance paradox.

View original document View source feed page

What changed

New Jersey's Scrap Tire Act (Assembly Bill A5851), signed into law on January 20, 2026, requires an electronic manifest system to track scrap tires from source to destination. This mandate conflicts with New Jersey's existing law (A3950) that prohibits employee vehicle tracking without prior written notice, with violations being a fourth-degree crime punishable by up to 18 months in prison and fines up to $10,000. The act also implicates the state's data privacy statutes by potentially collecting personally identifiable information (PII) through GPS tracking of haulers and businesses.

Businesses complying with the Scrap Tire Act risk criminal liability under A3950 if their tracking systems capture employee movements without proper notice and consent. Furthermore, aggregated geolocation data could be considered PII under New Jersey's Data Privacy Act, requiring stringent governance. The article suggests solutions involving differential privacy and AI-driven redaction to mitigate these risks. Compliance officers must review their tracking systems and data handling practices to ensure adherence to both environmental and privacy mandates, avoiding potential criminal penalties and civil fines ranging from $7,500 to $25,000 per offense under the Scrap Tire Act.

What to do next

Review vehicle tracking systems for compliance with NJ A3950 and A5851.
Implement privacy-first notice and consent frameworks for employee tracking.
Explore privacy-enhancing technologies for data anonymization and PII redaction in manifests.

Penalties

Violations of NJ A3950 are a fourth-degree crime, punishable by up to 18 months in prison, fines up to $10,000, and a criminal record. Violations of the Scrap Tire Act are subject to civil administrative penalties of $7,500 (1st offense), $10,000 (2nd offense), and $25,000 (subsequent offenses).

Source document (simplified)

OPINION Published

13 March 2026

Subscribe to IAPP Newsletters
In the push toward a circular economy, the physical and digital worlds are colliding with unprecedented legal friction.

On 20 Jan., former New Jersey Gov. Phil Murphy signed Assembly Bill A5851, known as the Scrap Tire Act. While the law aims to end illegal dumping, it inadvertently creates a regulatory paradox that could expose New Jersey businesses to criminal liability under the state's strict privacy statutes.

The traceability mandate vs. criminal surveillance

The act mandates that "an electronic manifest system," otherwise described as a "digital tracking system," monitor the transfer of every scrap tire from source to destination. For the state's licensed haulers, compliance necessitates the use of telematics and GPS-enabled manifest software to prove the journey of the tire to the Department of Environmental Protection.

However, this mandate runs headlong into New Jersey A3950, which passed in 2022 and prohibits employers from using tracking devices in vehicles operated by employees without prior written notice. Most critically, a violation of A3950 is not a mere compliance lapse; it is a fourth-degree crime, punishable by up to 18 months in prison, fines of up to USD10,000 and a permanent criminal record.

Herein lies the trap: To comply with the environmental transparency under A5851, a hauler must track the asset. But if that tracking captures the real-time movement of the driver without a specialized privacy-first notice and consent framework, the employer has moved from environmental steward to potential felon.

The PII in the rubber: Beyond the license plate

Privacy professionals must look deeper at the data lineage. A tire manifest is not just a receipt; it is a record of personally identifiable information. Under the New Jersey Data Privacy Act, information that is "reasonably linkable" to an individual — such as the precise geolocation of a small business owner's garage or the behavioral patterns of a sole-proprietor hauler — is protected.

When millions of these data points are aggregated, a high-resolution map of commercial and personal movement is created. If this scrap tire database is not governed with the same rigor as a financial database, it becomes a target for de-anonymization, exposing the data generator's precise geolocation — a category of sensitive data requiring heightened protections under U.S. National Institute of Standards and Technology and ISO 27701 standards.

Violations of the Scrap Tire Act are punishable by a civil administrative penalty of USD7,500 for a first offense, USD10,000 for a second offense and USD25,000 for a third and every subsequent offense.

Solving the paradox with responsible AI

The solution to this regulatory clash cannot be found in paper manifests. It requires a privacy-enhancing technology approach.

Anonymized spatial mapping: Utilizing differential privacy to report the flow of tires to the DEP without recording the precise GPS coordinates of the driver at every second.

Automated redaction via artificial intelligence: Implementing natural language processing-based agents to automatically scrub personally identifying information from digital manifests before they are uploaded to state databases, ensuring transparency without exposure.

Governance as a service: Mapping the requirements of the NIST AI Risk Management Framework directly to the Scrap Tire Act. By "mapping" the risks of A3950 during the "govern" phase of the tracking system's life cycle, firms can mitigate criminal liability before a single tire is moved.

A blueprint for the future

The Scrap Tire Act is a harbinger of things to come. As more physical assets — from batteries to electronics — require digital passports, the role of the privacy officer will expand into the physical supply chain.

In New Jersey, we have a unique opportunity to lead. We must prove that environmental accountability does not require the sacrifice of individual privacy. By implementing privacy by design at the source, we can ensure that the journey of a tire does not end in a courtroom.

This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.

Submit for CPEs