Two US senators, Ron Wyden and Edward Markey, recently wrote a letter to the US Federal Trade Commission (FTC) expressing concerns about automakers sharing driver data without consent. The senators highlighted the practices of General Motors, Honda, and Hyundai, who collected and sold driver information such as acceleration and braking data to a data analytics company called Verisk. This information was then used to prepare driver behavior reports that were resold to insurance companies.
According to the senators, none of the automakers obtained informed consent from customers before sharing their information. They accused the automakers of deliberately obscuring their data-sharing relationship with Verisk in lengthy disclosures and making deceptive claims about how they would use driver data. The senators called for the FTC to hold both the automakers and data brokers accountable for their actions.
The letter sheds light on the data privacy challenges associated with modern smart cars. While these vehicles offer increased automation, autonomous capabilities, and customizable user experiences, they also collect vast amounts of data that can be challenging to protect. Riley Keehn, a regulatory and government affairs consultant for SBD Automotive, emphasized that vehicles can store sensitive personal information that makes them targets for cyberattacks.
Keehn mentioned that addressing these risks requires security-by-design approaches and the implementation of industry best practices and regulations. However, the US lacks a comprehensive data privacy regulation comparable to the EU’s GDPR, leading to a patchwork of inconsistent rules at the state level. This inconsistency poses risks and can limit consumer privacy protections.
David Brumley, CEO of ForAllSecure, emphasized the need for car companies to obtain informed consent from drivers before sharing their data for purposes unrelated to necessary features. He called for separate consent requirements for sharing data for profit reasons and for providing essential services. Brumley suggested that the FTC may not be the primary driver of change in this area, as it tends to rely on free-market dynamics.
In conclusion, the concerns raised by Senators Wyden and Markey underscore the importance of protecting consumer privacy in the age of smart cars. Addressing data privacy challenges requires a comprehensive regulatory framework and informed consent practices to ensure that driver data is not exploited for profit without permission. As technology continues to evolve, policymakers, regulators, and industry stakeholders must work together to safeguard consumer privacy and data security in the automotive sector.