California's Data Privacy Laws Could Stymie Auto Industry's Long-term Plans
Pretty much anytime automotive data acquisition becomes the topic of discussion, we have to take time to mention customer protections and ask where the line for privacy should be drawn. With social media firms making a mint off the process online and automakers conducting major moves to likewise leverage personal data, it’s practically a nervous tic at this point.
Hoping to get out ahead of some of the potential problems arising from issue, California enacted new consumer protection laws that came into effect at the start of the year.
The California Consumer Privacy Act (CCPA) aims to give individuals greater control over the personal data being harvested. Most of this is supposed to be done by allowing consumers to request what kind of information is being collected, ask where it’s going, and the ability request that the subsequent sale or continued acquisition of personal data cease. However, CCPA contains provisions for customers to ask a company to delete all information it has stored on them, as well as rules prohibiting any discrimination related to a person exercising their privacy rights.
Frankly, it all sounds rather good to someone who prattles endlessly about data privacy rights, but it’s also causing problems for the automotive industry.
Manufacturers are quickly shifting toward connected cars. Many of the features they’re using to sell the concept rely on there being a buffet of information to draw from and share. While plenty of that data will be sold to advertisers, some will be piped in to provide better navigation, improved driver-assistance features, and serve to strengthen the foundation of autonomous vehicles (assuming they’re still coming). CCPA’s language places automakers in a gray area, as they believe there should be a distinction between personal and driving data.
But it could just as easily be argued there’s no difference between the two.
An automaker tracking the whereabouts of your vehicle is roughly the same as Google keeping tabs on your browsing habits or Facebook reading your chat logs. Connected cars go further however, with the ability to know exactly when and where you were speeding or the last time you had to make a hard stop to avoid an accident — something your insurance provider would undoubtedly be interested in.
According to Automotive News, attorneys and lawmakers want clarification from the state’s attorney general as to how CCPA will apply to vehicular data — as most of the language used is more applicable to internet-based businesses. It also asked some questions of its own:
But at the same time California codifies some rights into law, many automakers say data access is essential to making some features work. In some extreme cases, data-sharing is a requirement to purchase a vehicle. What happens if a consumer declines to divulge his or her data but still wants a car? It’s at least plausible that denying the purchase is a CCPA violation.
“The CCPA gives consumers a right to nondiscrimination, meaning that businesses are not permitted to discriminate against consumers who exercise their CCPA rights,” said Gail Gottehrer, an attorney who focuses on privacy issues and emerging technology. “An example of a discriminatory action would be denying goods or services to a consumer.”
Another hurdle rests with dealerships. While manufacturers are responsible for setting up and using these data-driven systems, car dealers are the ones that will have to explain to customers how data is being moved around to appease Californian regulations. That’s going to take some impressive collaboration between the factory and the dealership, neither of which are famous for being utterly transparent with customers. Automotive News used the common anecdotal example where a used car was sold with the previous owner’s navigation and phone history still on it, asking who would be responsible for maintaining and/or deleting that information — a question no one has yet answered.
That’s kind of how we got into this predicament to begin with. Electronic data mining just sort of happened, and it managed to make a lot of people rich before others started asking about the potential ramifications of sacrificing their right to privacy. Now we’re at a point where large swaths of multiple industries are trying to use that same model to increase profits amid consumer pushback. Automakers are already in extremely deep, with the biggest companies having built massive data centers tasked with managing this new wealth of information (and connected cars that are supposed to feed into and benefit from the entire process).
“I do see driving a car as a life-or-death proposition, and that’s something different than privacy on our phones. That wireless connection is capable of notifying you that a car down the road has crashed or slid on black ice,” Roger Lanctot, an analyst with global automotive consulting company Strategy Analytics, told Automotive News. “My concern is that we have become so obsessed with privacy that we wall ourselves off from information that might be critical to driving safely.”
There’s certainly some truth to that, though most of that safety is supposed to come by way of electronic nannies that do much of the driving for you. And nullifying consumer protection laws for the sake of presumed safety benefits doesn’t seem like a fair trade. Plenty of the advanced driving aids currently in operation underperform and there’s research to suggest they may actually dull your skills behind the wheel. Asking someone to hand over their personal data is asking a lot when the related perks aren’t overwhelmingly apparent.
No other state has enacted such aggressive legislation regarding customer privacy, though California’s rules could easily be adopted by other American commonwealths. Europe has its own General Data Protection Regulation, which served as the initial blueprint for CCPA and could similarly serve as a jumping-off point for the rest of the United States. Ideally, any new rules would provide a balance that offers customers the ability not to be spied on without totally sinking the industry’s well-laid plans.
Of course, we may already be past that point.
[Image: kojihirano/Shutterstock]
A staunch consumer advocate tracking industry trends and regulation. Before joining TTAC, Matt spent a decade working for marketing and research firms based in NYC. Clients included several of the world’s largest automakers, global tire brands, and aftermarket part suppliers. Dissatisfied with the corporate world and resentful of having to wear suits everyday, he pivoted to writing about cars. Since then, that man has become an ardent supporter of the right-to-repair movement, been interviewed on the auto industry by national radio broadcasts, driven more rental cars than anyone ever should, participated in amateur rallying events, and received the requisite minimum training as sanctioned by the SCCA. Handy with a wrench, Matt grew up surrounded by Detroit auto workers and managed to get a pizza delivery job before he was legally eligible. He later found himself driving box trucks through Manhattan, guaranteeing future sympathy for actual truckers. He continues to conduct research pertaining to the automotive sector as an independent contractor and has since moved back to his native Michigan, closer to where the cars are born. A contrarian, Matt claims to prefer understeer — stating that front and all-wheel drive vehicles cater best to his driving style.
More by Matt Posky
Comments
Join the conversation
Good, ruin them. I don't want a single "connected" feature besides a manual transmission, half because of my religion to the 3rd pedal, and half because I know that every single "connected" item is a data mine for profiteering. If you're making money off of me then why did I pay you for the car? Same with everyone putting wiretaps in their homes so they can ask Alexa how tall Mt. Everest is once a year. I'm 28 with this perspective by the way.
EGSE nailed it. I recall about 15 years ago, when 'social media' was just starting, there were some suggestions of caution about posting 'party' photos. Apparently employers were checking the internet and either, not hiring, demoting, firing, not promoting, those that had posted things that they did not like. Including things like "work sucks". Of course, alcohol and negative remarks are not illegal in any way so other reasons had to be found for a; credit denial, job demotion, or not getting the applied for rental. Kafka could write another book.