Without warning, many motor vehicles have quietly become significant privacy intruders. Newer models collect and share driving-related data about their drivers. Indeed, cars are currently the worst product for privacy, surpassing even smart home devices (e.g, Alexa Echo Dot, etc.) and mobile apps (e.g., Facebook, Instagram, Google Maps, Uber, Spotify, and TikTok), according to a report by the Mozilla Foundation. This level of invasion is extremely troubling given that these home devices are notorious for collecting extensive information (ex. location information, browsing habits, and personal details).
New cars, especially internet-connected ones, are equipped with advanced systems that track driver behavior and vehicle performance. Companies like General Motors, Honda, Kia and Hyundai are able to monitor drivers through such systems. While these programs are often opt in, consent is typically buried in fine print that is easily overlooked. Even when drivers knowingly agree to data collection, they are often unaware of the scope of that agreement and that their information might be shared with third parties (such as insurance companies).
According to a report by The New York Times, data points like speeding, hard braking and sudden acceleration are transmitted to brokers such as LexisNexis. These brokers then sell the information to insurance providers. For some drivers, the impact is immediate and costly, with reports of insurance rates doubling based on such reports. The consequences highlight a troubling disconnect: while carmakers argue that datacollection improves safety, consumer protection advocates contend that drivers rarely understand how their data is being used. Indeed, critics argue that pervasive data-sharing does little to enhance safety. A legal expert cited by the New York TImes explained that stealthy data collection fails to significantly influence driver behavior because most drivers are unaware that it’s being collected and/or of its implications on insurance rates. Another issue is set forth in this report is that most carmakers fail to adequately protect user data.
The government has been slow to protect drivers. The California Privacy Protection Agency recently launched an investigation into the data practices of internet-connected vehicles, and Massachusetts Senator Edward Markey has urged the Federal Trade Commission (FTC) to examine car manufacturers’ data policies. However, to date, there are no good protections from the potential risks posed by unchecked data collection in the auto industry.
For car owners, we urge our clients to read the fine print of agreements, opting out of unnecessary data-sharing programs, and advocating for greater transparency are essential steps. If you Google your car make and model, you can get opt-out instructions.