Automakers are eager to capitalize on consumer data gathered from internet-connected vehicles, but privacy watchdogs are urging for more scrutiny before this potential source of revenue becomes too difficult to regulate.
The Enforcement Division of the California Consumer Privacy Protection Agency (CCPPA) announced this week it would review the data privacy practices of connected-vehicle (CV) manufacturers. While the agency hasn’t publicized the companies it’s investigating, the inquiry’s effects are predicted to ripple across the nation and even around the globe due to California’s influential role in privacy regulation. This role is grounded not only in its history of establishing consumer-centric policies but also its scale – California has over 35 million registered vehicles, the highest number of any U.S. state.
The automotive industry is sitting on a potential goldmine of data from connected vehicles, including location sharing, web-based entertainment, smartphone integration and more. McKinsey & Co. projected in 2021 that CV data could be worth up to $400 billion by the end of this decade. CCPPA’s executive director, Ashkan Soltani, has described modern vehicles as “connected computers on wheels”, capable of collecting a multitude of information via built-in apps, sensors, and cameras which can monitor both the vehicle’s inhabitants and its surroundings.
Although European regulators are already scrutinizing the privacy practices of connected-car manufacturers, the approach California takes will likely influence U.S. regulators in general, according to attorneys Erin Jane Illman and Sinan Pismisoglu from Bradley Arant Boult Cummings.
Car manufacturers have traditionally shared data internally, with their developers or law enforcement agencies. However, as the industry shifts away from internal combustion engines, data monetization is becoming an integral part of their business models. But it still needs to be determined what data will be shared with other entities such as leasing companies, auto repair shops, and crucially, insurance providers who would use the data for assessing risk.
According to Jamie Court of the Consumer Watchdog, an excessive data access to insurance companies could lead to discrimination, including violations against considerations of race or income.
The data revolution, as argued in the 2021 report of the European Data Collection Board, is altering the relationship between drivers and their cars in a fundamental way. They pointed out that what was once a private domain for individuals to enjoy a sense of decisional autonomy, has now become a public arena with connected vehicles becoming mainstream.
In a 2019 report on connected-vehicle data, consultancy Booz Allen Hamilton emphasized the complex challenges posed by data privacy. One example they cited was the process of “de-identification”, a method of removing direct identifiers from collected data which is often imperfect.
As the industry navigates this new paradigm, the 2022 report by the Consumer Watchdog stressed that regulators should prioritize consumer rights and emphasized that consumers should have the say in whether they want their movements in their cars tracked or not.