Legislators have accused several automakers of betraying their customers by going back on an earlier pledge to protect their data. The brands stated during a congressional inquiry that they would provide information to government officials upon their request, despite having previously signed onto the Consumer Privacy Protection Principles in 2014 where they vowed only to hand over customer data when given a formal court order or search warrant.
This has resulted in Senators Ron Wyden (D-OR) and Edward Markey (D-MA) asking the Federal Trade Commission (FTC) to launch a formal investigation on the grounds that the companies have engaged in deceptive tactics that misrepresent what they’re actually doing.
While there are actually very few data protections on the federal level as they pertain to corporations, misrepresenting your business is something the FTC would be very interested in.
“Automakers have not only kept consumers in the dark regarding their actual practices, but multiple companies misled consumers for over a decade by failing to honor the industry’s own voluntary privacy principles,” Automotive News quoted the senators as stating in their letter, before asking for an investigation.
The accused companies include Toyota, Nissan, Subaru, Volkswagen, BMW, Mazda, Mercedes-Benz and Kia — which reportedly told lawmakers that they would supply data to police and other government agencies whenever subpoenaed. However, the agreement signed in 2014 expressly forbids this. The Consumer Privacy Protection Principles stipulates that data never be handed over without a warrant issued by a judge.
From Automotive News:
The eight told lawmakers in response to the inquiry that they would turn over location data following a subpoena, which can be issued by law enforcement and does not require a judge’s approval.
“Vehicle location data can be used to identify Americans who have traveled to seek an abortion in another state, attended protests, support groups for alcohol, drug, and other types of addiction, or identify those of particular faiths, as revealed through trips to places of worship,” the senators wrote.
A total of 19 companies signed on to the privacy principles.
Automakers and industry groups contest the claims.
Brian Weiss, a spokesperson for the Alliance for Automotive Innovation, said in a statement that “vehicle location information is only provided to law enforcement under specific and limited circumstances, such as when the automaker is provided a warrant or court order or in situations where there is an imminent threat of serious bodily harm or death to an individual.”
The principles do provide exceptions for “exigent circumstances or applicable statutory authority.”
This is hardly the first time we’ve seen companies willing to hand over customer data. Earlier this year, similar allegations were being leveled at General Motors, Honda, Acura, Kia, Hyundai, and Mitsubishi. Those automakers were being accused of selling off data that eventually ended up being held by insurance agencies — with the resulting information being used as an excuse to jack up insurance premiums.
In fact, the Automotive News piece actually noted that GM is currently facing a federal lawsuit that’s seeking class action status. It’s being accused of sharing connected-vehicle data, without direct consent from its customers, with a data broker called LexisNexis Risk Solutions. Data brokers will scoop up just about any information they see as potentially valuable. In this case, they sold it to insurance companies.
Interestingly, in the more recent case, the senators actually praised GM, Honda, Ford, Tesla and Stellantis for stating that they would require a formal warrant before they shared any vehicle’s positional data. But most of those businesses were dinged extremely hard in the Mozilla Foundation’s assessment on which automakers were the most willing to violate customer privacy (Stellantis being a mild exception) and some of them are currently involved in the scandal where companies shared data with LexisNexis before it landed in the lap of insurance firms.
This may be a good time to remind everyone that practically every automaker has been faulted with some form of data mismanagement at this point. However, it seems like things are working exactly as intended. After all, why would any company spend over a decade developing these kinds of systems if the goal wasn’t to use them? Corporations go back on their word all the time and automakers have been among the worst offenders in recent years.
The proverb “fool me once, shame on you; fool me twice, shame on me” seems to be highly relevant here. But we’re probably on our sixth or seventh round of fooling at this point. Triple that if you want to take into account all the other industries that are actively slinging your data. But this will always happen so long as they have the tools and customers don’t have full control over the products they buy. No agreements or verbal promises are going to matter when they’re effectively meaningless to organizations involved. If the device (cars in this instance) have the ability to monitor and remotely share information, then that’s ultimately what will happen.
As an example, AN noted that government agencies are expressly required to obtain a warrant before they can access a person’s location by pinging their cell phone. The Supreme Court upheld this in 2018. But we know for a fact that this rule gets broken all the time. We have also been inundated with new legislation (starting with the tragically named Patriot Act) that blurs the line regarding what the government can do in terms of data collection.
Protections inside your vehicle are likewise foggy. While your Fourth Amendment rights are supposed to protect you and your property from any unreasonable search or seizures, cars have existed in a gray area for roughly a century. Police can effectively claim they’re launching an investigation based on anything illicit they see (or claim to see) inside the vehicle and can conduct a search without a warrant. But this rule was passed as part of the National Prohibition Act in 1925 and was originally designed to help police catch bootleggers they knew would flee a traffic stop.
We don’t have prohibition anymore. But the law remains in place and has been cited in the past when police are accused of violating the rights of drivers by enacting a search that yielded no results. Technically, they did violate that person’s rights — especially if they couldn’t prove that they were investigating criminal activities. But because a legal precedent was set decades before they were born, the government might decide that’s just fine. Apply that logic to the nearly unlimited amount of data being accumulated in modern vehicles (which now incorporate in-cabin microphones, camera systems, and scoop data from any paired mobile devices) and you might begin to see how big of a problem this is all becoming.
[Image: Mercedes-Benz]
Become a TTAC insider. Get the latest news, features, TTAC takes, and everything else that gets to the truth about cars first by subscribing to our newsletter.