August 04, 2022

Backseat Driver: Data Privacy, Your Car, and You

By Mark Drapeau

This week POLITICO’s Digital Future Daily published a piece called “What your car knows about you.” Very little has changed since Dr. Colin McCormick, a physicist and Adjunct Professor of Science, Technology and International Affairs at Georgetown wrote a white paper for DCI in December 2019, “On-road and Online: Data Privacy for Connected Vehicles.”

As Dr. McCormick explained then, “In the absence of federal legislation establishing rights and responsibilities around the ownership and privacy of connected car data, the legal prohibitions against this type of use are unclear.” That’s still true. POLITICO’s piece reviews the need for an update to the 2015 Driver Privacy Act and pending, broader data privacy legislation. It seems less and less likely that anything significant will happen in the current Congress, given many competing priorities and the complexity of the underlying issues.

McCormick’s paper approaches our increasingly technologically sophisticated and connected cars as surveillance platforms not fundamentally different from phones or computers, and examines both data ownership and data privacy in that context. As we approach the incoming Congress, particularly if leadership changes, legislators might consider a number of related issues: (1) user approval for cars to collect certain kinds of data; (2) the control that users (drivers) have over how car data is collected, used, and shared with other entities; (3) any special issues related to collecting data about children in cars; (4) transparency about the underlying algorithms involved in the above.

And for all the vilifying by some of large tech companies like Google, Apple, Facebook, Amazon, and Microsoft (“GAFAM”), legislators might also start considering companies such as Tesla, Ford, GM, and VW, and Toyota to be “big tech” where relevant. While the likes of GAFAM are currently in the proverbial hot seat on antitrust and other issues, major vehicle manufacturers (and even smaller but more “digitally native” companies such as Lucid Motors and Rivian) should be cognizant that the spotlight will eventually turn on them.

In December 2020, we conducted a threat analysis and risk assessment of vehicle manufacturers increasingly using high-tech/exponential tech in their vehicles. Amazingly, most of it still holds true a couple years down the road. Among real risks that brands in this space face related to data privacy are an automotive data breach of thousands or even millions of customers data, and the risk of a government investigation, whether by Congress or a regulatory body at the federal or state level. As the Alliance for Automotive Innovation and other groups and stakeholders weigh in on these issues, we’re curious to see which choices get made at the forks in the road.

More Insights

Flex Economy: Research Shows Most Gig Work Supplements Other Income Sources

New research from the Mercatus Center shows that workers with app-based gig jobs make up <10% of the independent contractor workforce.

By Mark Drapeau

Sticker Shock: While Food Delivery Companies Fight Fee Caps, Indie Restaurants Fight Delivery Companies – Will Anyone Win?

DCI Retail Fellow Hitha Herzog discusses whether or not a government-imposed food delivery fee cap in New York City will meet the intended goal of helping independent restaurants.

By Hitha Herzog