Vehicle Data-Harvesting Controversy Heading Up the Appeals Chain

Automotive manufacturers, and in some cases insurers, are increasingly harvesting data from car owners, often without consumers being aware of the practice, according to an article by The Record. Some auto manufacturers bury their data collection practices in their licensing agreements. Few disclose that the data they collect is being shared with third parties, including data brokers.

In November, a federal appellate judge declined to revive a class action alleging that four big auto manufacturers violated the state of Washington’s privacy laws by using vehicles’ infotainment systems to record and intercept private text messages and mobile phone call logs.

The ruling was a big win for Honda, Toyota, Volkswagen and General Motors, which are defendants in five class action suits focused on the issue. 

Things are moving in the opposite direction in California, where a bill that gives car owners greater control over data captured by in-cabin cameras in their vehicles was signed into law in October. It received near-unanimous support in the state Legislature.

The bill requires dealers to inform consumers if their potential purchase includes in-vehicle cameras and prevents corporations from profiting off personal information through the sale, sharing, or brokerage of consumer data and behavior without consent.

The California Privacy Protection Agency has announced that its enforcement division will begin reviewing the data privacy practices of connected vehicle manufacturers. Lawsuits are certain to follow.

A Maryland-based company, Berla Corporation, provides some of the technology at issue to car manufacturers. According to a class action lawsuit against Honda that was settled, messages that were downloaded using the technology were accessible to law enforcement, but not to the vehicles’ owners.

Car manufacturers also sell data to advertisers as a revenue-boosting tactic and are “exponentially increasing the number of sensors they place in their cars every year with little regulation,” according to The Record.

Jennifer Tisdale, CEO of the cybersecurity company GRIMM, says data sales are an important part of the automotive industry’s business model. Her company operates a Michigan-based cybersecurity research lab focused on connected vehicles.

Tisdale advocates a public awareness campaign designed to make consumers understand that data collection enhances vehicle safety.