By on February 28, 2020

Pretty much anytime automotive data acquisition becomes the topic of discussion, we have to take time to mention customer protections and ask where the line for privacy should be drawn. With social media firms making a mint off the process online and automakers conducting major moves to likewise leverage personal data, it’s practically a nervous tic at this point.

Hoping to get out ahead of some of the potential problems arising from issue, California enacted new consumer protection laws that came into effect at the start of the year.

The California Consumer Privacy Act (CCPA) aims to give individuals greater control over the personal data being harvested. Most of this is supposed to be done by allowing consumers to request what kind of information is being collected, ask where it’s going, and the ability request that the subsequent sale or continued acquisition of personal data cease. However, CCPA contains provisions for customers to ask a company to delete all information it has stored on them, as well as rules prohibiting any discrimination related to a person exercising their privacy rights.

Frankly, it all sounds rather good to someone who prattles endlessly about data privacy rights, but it’s also causing problems for the automotive industry.

Manufacturers are quickly shifting toward connected cars. Many of the features they’re using to sell the concept rely on there being a buffet of information to draw from and share. While plenty of that data will be sold to advertisers, some will be piped in to provide better navigation, improved driver-assistance features, and serve to strengthen the foundation of autonomous vehicles (assuming they’re still coming). CCPA’s language places automakers in a gray area, as they believe there should be a distinction between personal and driving data.

But it could just as easily be argued there’s no difference between the two.

An automaker tracking the whereabouts of your vehicle is roughly the same as Google keeping tabs on your browsing habits or Facebook reading your chat logs. Connected cars go further however, with the ability to know exactly when and where you were speeding or the last time you had to make a hard stop to avoid an accident — something your insurance provider would undoubtedly be interested in.

According to Automotive News, attorneys and lawmakers want clarification from the state’s attorney general as to how CCPA will apply to vehicular data — as most of the language used is more applicable to internet-based businesses. It also asked some questions of its own:

But at the same time California codifies some rights into law, many automakers say data access is essential to making some features work. In some extreme cases, data-sharing is a requirement to purchase a vehicle. What happens if a consumer declines to divulge his or her data but still wants a car? It’s at least plausible that denying the purchase is a CCPA violation.

“The CCPA gives consumers a right to nondiscrimination, meaning that businesses are not permitted to discriminate against consumers who exercise their CCPA rights,” said Gail Gottehrer, an attorney who focuses on privacy issues and emerging technology. “An example of a discriminatory action would be denying goods or services to a consumer.”

Another hurdle rests with dealerships. While manufacturers are responsible for setting up and using these data-driven systems, car dealers are the ones that will have to explain to customers how data is being moved around to appease Californian regulations. That’s going to take some impressive collaboration between the factory and the dealership, neither of which are famous for being utterly transparent with customers. Automotive News used the common anecdotal example where a used car was sold with the previous owner’s navigation and phone history still on it, asking who would be responsible for maintaining and/or deleting that information — a question no one has yet answered.

That’s kind of how we got into this predicament to begin with. Electronic data mining just sort of happened, and it managed to make a lot of people rich before others started asking about the potential ramifications of sacrificing their right to privacy. Now we’re at a point where large swaths of multiple industries are trying to use that same model to increase profits amid consumer pushback. Automakers are already in extremely deep, with the biggest companies having built massive data centers tasked with managing this new wealth of information (and connected cars that are supposed to feed into and benefit from the entire process).

“I do see driving a car as a life-or-death proposition, and that’s something different than privacy on our phones. That wireless connection is capable of notifying you that a car down the road has crashed or slid on black ice,” Roger Lanctot, an analyst with global automotive consulting company Strategy Analytics, told Automotive News. “My concern is that we have become so obsessed with privacy that we wall ourselves off from information that might be critical to driving safely.”

There’s certainly some truth to that, though most of that safety is supposed to come by way of electronic nannies that do much of the driving for you. And nullifying consumer protection laws for the sake of presumed safety benefits doesn’t seem like a fair trade. Plenty of the advanced driving aids currently in operation underperform and there’s research to suggest they may actually dull your skills behind the wheel. Asking someone to hand over their personal data is asking a lot when the related perks aren’t overwhelmingly apparent.

No other state has enacted such aggressive legislation regarding customer privacy, though California’s rules could easily be adopted by other American commonwealths. Europe has its own General Data Protection Regulation, which served as the initial blueprint for CCPA and could similarly serve as a jumping-off point for the rest of the United States. Ideally, any new rules would provide a balance that offers customers the ability not to be spied on without totally sinking the industry’s well-laid plans.

Of course, we may already be past that point.

[Image: kojihirano/Shutterstock]

Get the latest TTAC e-Newsletter!

Recommended

29 Comments on “California’s Data Privacy Laws Could Stymie Auto Industry’s Long-term Plans...”


  • avatar
    Lou_BC

    “That wireless connection is capable of notifying you that a car down the road has crashed or slid on black ice,”

    Seriously?

    If I’m actually paying attention to what is going on around me, I’m not going to need a warning from Siri or Cortana.

    • 0 avatar
      Lorenzo

      Make it available on my cell phone. Too many of these features are unhelpful distractions for drivers who know where they’re going, and have checked conditions before beginning their trip.

  • avatar
    golden2husky

    As goes California so goes the nation. While I wish that wasn’t always true in this case I sure hope it is!

  • avatar
    Kendahl

    Simply stripping all identifiers from the data would do a lot to protect privacy. I don’t care if GM knows what somebody’s Corvette is doing at a particular time and place. I just don’t want them to know whether it’s my Corvette. Even when vehicles are connected, a vehicle doesn’t have to identify itself to announce that it’s been in an accident at a specific location. The network can broadcast a general warning which will be heeded only by those unidentified vehicles whose own GPS tells them they are close by.

    I’ve often thought that an affirmative defense against the charge of hacking should be that the victim was a spammer or scammer.

    • 0 avatar
      Steve65

      How many times do people have to be told that anonymizing data is a total myth, and that it’s trivially easy to reconnect the data to any given person who generated it?

  • avatar

    Europeans adopted these laws to hurt tech giants from California because they cannot compete. It is funny how incompetent CA government shoots itself in the foot by aping “progressive” (but actually stuck in 20th century) Europeans.

    • 0 avatar
      slow_poke

      I’m not sure i get this…. i was thinking that i should have a right to privacy for things i own. And i should also have the right to control what data folks collect from me. Cost vs. data. Pay me for data about me or don’t collect it…

      In terms of cars, i bought the thing, i should be able to control ANY data feed.

    • 0 avatar
      slow_poke

      I’m not sure i get this…. i was thinking that i should have a right to privacy for things i own. And i should also have the right to control what data folks collect from me. Cost vs. data. Pay me for data about me or don’t collect it…

      In terms of cars, i bought the thing, i should be able to control ANY data feed.

  • avatar
    ajla

    Good on California. I hope other states do the same.

  • avatar
    pwrwrench

    Kendahl, Trusting the auto companies or their data handlers with maintaining privacy is silly, in my view. Looking at what Microhard, Appel, FBoog, GooGoo and the rest have done it’s clear what will happen. There will be one set of data made public and a different one kept secret.
    Having spy agencies, whether govmnt, or private companies is a bad idea. I do not trust any of them.

    • 0 avatar
      civicjohn

      Didn’t a recent used Tesla purchaser have the FSD stripped from his vehicle and it will cost him a few $k to have it “reinstalled”? The more OTA updates, the more ways to screw the 2nd hand buyer.

      And Clearview AI, that wonderfully safe company that has scraped billions of images from the interwebz and is selling facial recognition to thousands of law enforcement agencies and is planning their IPO, just had their a** hacked, “nothing to see here, everybody has the occasional data breach”…

      And most people don’t even know how FB, Google, and the rest even make money. Shame on society for falling asleep on social media, but please, not in my car.

      • 0 avatar
        pwrwrench

        That’s why they want to sell you a ‘Smart’ refrigerator, washer, stove, coffee maker etc.
        With the ‘data’ reaped they will proceed to sell you even more stuff, that as Frank said, “You probably shouldn’t buy.”

        • 0 avatar
          Ol Shel

          And Apple has just agreed to pay a whopping $25 to iphone users who had their phoned artificially slowed down by….Apple! See, Apple wants you to shell out hundreds for a new one.

          It’s also why your computer slows down when it’s a few years old.

  • avatar
    -Nate

    Those damn leftists ! .

    =8-) .

    -Nate

  • avatar
    Art Vandelay

    If they want to sell my data, perhaps they should first purchase it from me.

  • avatar
    Bill Wade

    I assume they’re using a cellular network. Unplug the antenna.

    • 0 avatar
      civicjohn

      5G and state auto regulation laws will ultimately render that useless. People will be thrilled that their emissions testing and plate registration can be done on their phone.

      How that data is used 95% will ignore.

  • avatar
    EGSE

    Depends on the data they harvest and how it is made “available”.

    Auto insurance company learns that:
    Your Miata, Corvette or whatever often blasts down that curvy road at 30+ speed limit or occasionally did a buck-ten on the highway.
    ABS and/or ESC was activated X times or AEB is triggered frequently.
    The car regularly goes to a medical marijuana dispensary.

    Your employer finds out about the medical marijuana dispensary.
    A prospective employer finds out about the medical marijuana dispensary.
    Your Bernie-Bro boss finds out you went to a David Duke rally.
    Or your MAGA hat-wearing boss or prospective boss finds out you went to a Bernie Sanders rally.
    Or you’ve been going to Narcotics Anonymous meetings based on time/place data.
    Or you’ve been going to an oncology treatment center.
    Or you’ve been going to the StarLite club at midnight.
    Or you frequently go to a gun range.

    With the exception of the first sentence none of the above is illegal (medical pot *and* the gun range could be a problem due to Federal law).

    If data is cross-correlated, you took an Uber to any of the above because of the telematics logs from the Uber car and your ride-hailing history with Uber which Uber might choose to “monetize” with a data aggregator.

    If we can imagine it, someone else can too.

  • avatar
    IBx1

    Good, ruin them. I don’t want a single “connected” feature besides a manual transmission, half because of my religion to the 3rd pedal, and half because I know that every single “connected” item is a data mine for profiteering. If you’re making money off of me then why did I pay you for the car? Same with everyone putting wiretaps in their homes so they can ask Alexa how tall Mt. Everest is once a year. I’m 28 with this perspective by the way.

  • avatar
    pwrwrench

    EGSE nailed it. I recall about 15 years ago, when ‘social media’ was just starting, there were some suggestions of caution about posting ‘party’ photos. Apparently employers were checking the internet and either, not hiring, demoting, firing, not promoting, those that had posted things that they did not like. Including things like “work sucks”.
    Of course, alcohol and negative remarks are not illegal in any way so other reasons had to be found for a; credit denial, job demotion, or not getting the applied for rental.
    Kafka could write another book.

    • 0 avatar
      highdesertcat

      People of all ages have told me that the best protection is to stay OFF social media and limit your exposure to platforms that will exploit your personal data.

      I took their advice some time ago and closed all my social media accounts except Linked In and ttac.

    • 0 avatar
      pwrwrench

      I wonder if those that get things like connected security cameras realize what is going to happen to those video images……

      • 0 avatar
        highdesertcat

        If they don’t, maybe someone will tell them that all their data is going to “The Cloud”, with much of it stored at the data storage centers where it will remain for eternity.

Read all comments

Back to TopLeave a Reply

You must be logged in to post a comment.

Recent Comments

  • Rocket: Now add the 2.5T as an engine upgrade as well as a full paint option to cover up those hideous fender flares...
  • MRF 95 T-Bird: I had a Maxima SV as a rental from Enterprise while my Challenger GT awd was still in the body shop. I...
  • Opus: Looks like a lifted SC30
  • FormerFF: I think you are short one letter. Wasn’t it a 240DL? IIRC a 240D would be a Mercedes.
  • FreedMike: Someone spent three hundred large “restoring” this? Hey, as long as it’s not my...

New Car Research

Get a Free Dealer Quote

Who We Are

  • Matthew Guy
  • Timothy Cain
  • Adam Tonge
  • Bozi Tatarevic
  • Chris Tonn
  • Corey Lewis
  • Mark Baruth
  • Ronnie Schreiber