California Will Review Connected Vehicle Makers’ Data Privacy Practices
The California Privacy Protection Agency (CPPA) has announced that its Enforcement Division will review the privacy practices of connected vehicle (CV) manufacturers “and related CV technologies.” Noting that “modern vehicles are effectively connected computers on wheels,” CPPA Executive Director Ashkan Soltani said the Enforcement Division will examine how the companies are complying with California data privacy laws.
Back in 2017, the National Highway Traffic Safety Administration and the Federal Trade Commission held a workshop on connected vehicles and privacy, but other than some loose voluntary guidelines, no US federal movement on this issue – good to see California applying pressure. Just as in mobile phones, the issue of who owns the lucrative location data alone justifies some level of regulation and since the US has decades of failing to pass national privacy legislation, it will most like come at the state level first.
As a start, connected vehicles must be able to operate safely while not connected. The expected lifetime of a car typically far exceeds the lifetime of the technology used to connect the vehicle to the network. Early adopters of this technology already had issues as 2G and 3G connectivity was turned off by cellular network operators. Will a car you purchase today still be able to connect in 10+ years?
Used to be that your car collected and stored telemetry data, and the dealer had to connect to the vehicle to download information, which helped with diagnostics and reconstruction of events. Now that cars are connected, and include navigation apps, a lot more data is collected and shared with the manufacturers, and not a lot of information is shared about what they do with it, other than for safety purposes. Increased transparency about how that data is used and what can and cannot be opted out of is needed.
This will be an interesting review by the CPPA. Yes, cars are increasingly using data collected from sensors to hone algorithms to fully realize autonomous driving. Yes, today most consumers connect their mobile device to vehicles, willingly sharing personal details with app manufacturers. And yes, newer vehicles are starting to integrate cameras, biometrics, and driving preferences as part of the vehicle experience. By connecting their device, or setting up their profile, has the consumer ‘opted in’ to the data collection practice? I suspect manufacturers will be updating their data sharing agreements as a result of the review.
This issue can only become more important as we progress toward full self-driving and rely on vehicle-to-vehicle communication for improved safety. California leads and we all benefit.