ALPR Privacy in California: What Parking Operators Must Do Now
Why Bartholomew v. Parking Concepts just changed the risk landscape
Until recently, most parking operators treated California’s ALPR (Automated License Plate Recognition) law as something to keep in the background. It was important, but not urgent. The Bartholomew v. Parking Concepts decision changed that overnight.
In a pivotal ruling, a California appeals court made it clear that simply failing to publish an ALPR privacy policy can be enough to trigger a lawsuit, even if there is no data breach, no misuse, and no harm in the traditional sense.
That single shift has major implications for any operator using license plate recognition technology.
From “Best Practice” to Real Liability
The case itself involved a fairly standard parking setup. Cameras captured license plates at entry and exit, systems matched vehicles to payments, and plate numbers were displayed to users. Nothing unusual.
The issue was that the operator never published a public-facing ALPR policy.
That omission alone allowed the lawsuit to move forward. The court determined that if a system can capture and display license plate data, it is reasonable to assume that data is being stored, and that triggers California’s ALPR requirements.
More importantly, the court reinforced that “harm” under the law does not require financial loss. In this context, the absence of transparency is enough.
Why the Numbers are Getting Attention
What is turning heads across the industry is not just the legal interpretation. It is the math.
California law allows for minimum damages of $2,500 per individual, and those damages can stack quickly in a class action case.
For a typical garage processing tens of thousands of unique vehicles each year, that exposure can escalate fast. Over multiple years, or across multiple locations, the theoretical liability can reach into the tens or even hundreds of millions.
That is why this ruling is being closely watched. It creates a clear incentive for class action litigation in a space that, until now, has not been a major target.
What Actually Qualifies as ALPR?
One of the biggest takeaways from Bartholomew is how broadly ALPR is defined.
If your operation uses cameras and software to capture, convert, and store license plate data in a searchable way, it likely qualifies. That includes entry and exit lane systems, gateless parking setups, pay by plate platforms, and camera based enforcement tools.
It does not matter whether the data is shared externally or used only for internal operations. If it is being stored and can be searched, it falls under the law.
The Gap Most Operators Did Not Realize They Had
For many operators, the real issue is not the technology. It is the governance around it.
California’s law has long required a public, clearly accessible ALPR privacy policy that explains how plate data is collected, used, stored, and protected. It also requires access logging to track who interacts with that data and why.
But in practice, many facilities either never created a policy, buried it deep within a general privacy page, or did not align the policy with how their systems actually function.
Bartholomew effectively closed the gap between what the law requires and what operators have been doing.
The Good News: Compliance is Achievable and Fast
Despite the headlines, this is not a situation that requires ripping out systems or overhauling operations.
For most operators, the path forward is straightforward. Start by taking inventory of where ALPR is being used across your portfolio. Develop a clear, California compliant privacy policy. Make that policy easy for customers to find, both online and on site. Ensure your systems are logging access to ALPR data.
These are operational steps, not technical overhauls, and they can often be implemented in days, not months.
A Broader Shift is Already Underway
While this ruling is specific to California, the trend is not.
Across the United States, states are introducing stricter rules around data retention, access controls, and privacy rights tied to license plate data. Some are already moving toward shorter retention windows and stronger enforcement mechanisms.
For operators with multi state portfolios, this signals something bigger. Privacy expectations are rising, and consistency across markets will matter more than ever.
Where Leading Operators are Focusing Now
The operators best positioned going forward are not stepping away from ALPR. They are strengthening how they manage it.
That means treating ALPR like any other critical system. It includes clearly defined policies, transparent communication with customers, controlled and auditable access, and regular reviews to ensure alignment between policy and practice.
The technology itself continues to deliver real value. It enables frictionless entry, better enforcement, and improved revenue capture. At the same time, expectations around how that data is handled have fundamentally changed.
The Bottom Line
Bartholomew v. Parking Concepts did not introduce new technology risks. It exposed a governance gap that many operators did not realize they had.
Closing that gap is now essential.
Operators who move quickly to align their policies, systems, and communication will not only reduce legal exposure. They will also position themselves as trusted, forward thinking leaders in a rapidly evolving industry.
And increasingly, that is what the market expects.
