Cars are collecting our personal data, and there doesn’t seem to be much we can do about it. Our legislators, meanwhile, may not be aware of the problem. That means that although car safety is regulated, the data our cars collect is not. Should you be alarmed? Only if you don’t mind that your car is capable of seeing your contacts—or that the car of a different driver can see your contact info, too.
Data-collecting by our cars can be a good thing. Our cars use data to alert us to road conditions, engine temperature, and tire pressure. But your personal data should be off-limits. Unfortunately, it’s not easy to opt out of sharing your location and private data. If you use any kind of mobile app, you’re going to be asked for permissions for your personal data, and opting out may mean you can’t use the app. That means you may not be able to access emergency roadside assistance, or see a map. Naturally, most of us are going to give in and allow the app to see and use our information in order to reap the benefits of the application.
If you’ve ever connected to the Bluetooth system in your car, you’ve given your vehicle carte blanche to collect all sorts of data on you. Insurance companies, car repair shops and marketers for example, are eager to purchase such information, which aside from phone contacts, includes a driver’s name and location. Car location data has the greatest value for data brokers, who report that such information is more detailed and accurate coming from your car, than from your phone.
Personal Data—New Industry
Today, only half the new cars on the market come with an internet connection. By 2030, however, it is predicted that some 95 percent of all new cars will have the capability to connect to the internet. As a result, a new industry has cropped up to make money off of your personal data. Car data brokerages, known as Vehicle Data hubs, make money off of collecting and selling your data to city planners, advertisers and insurance companies.
While only about half of all new cars sold today have internet connections, McKinsey estimates that by 2030, about 95 percent of new cars will be connected. This influx of personal data collection has spawned a new industry of Vehicle Data Hubs, which specialize in collecting and selling car data to customers like insurance companies, city planners and advertisers.
What are our legislators doing about this? Not much. The last relevant federal law was the Driver Privacy Act of 2015. The law covers the Event Data Recorder of a car, which serves as the equivalent of a black box to help explain accidents and vehicle malfunctions. Under the Driver Privacy Act, this information belongs solely to the owner of the car. Thanks to this privacy act, a third party may only access this information through driver consent or a warrant.
GPS and Access to Personal Data
The EDR information, of course, is only a small part of the personal data that your car records. That means that once you opt into GPS, for instance via Waze, you’ve given vehicle data hubs a window into your private information. Industries that use this data, meantime, are attempting to weaken whatever privacy regulations exist.
One promising legislative effort may stop this runaway data train. Lawmakers recently submitted a broad data privacy bill that covers many types of data, and is independent of which device is gathering that information. In particular the bill specifies that automakers must receive driver consent to collect personal data and then only for certain types of information. On July 20, the bill passed out of committee but will only become law if supported by Senate Commerce Committee Chair Maria Cantwell (D-Wash.). Unless that happens, carmakers will still be free to exploit your data for profit.