The car is a trusty sidekick for many of us—taking us to work, the store, and maybe a weekend escape. But as U.S. Senator Jeff Merkley points out, it’s become much more: a mobile data-harvesting machine. His new legislation, the Car Privacy Rights Act, aims to pump the brakes on this unchecked data grab, ensuring drivers know exactly what’s being shared and, more importantly, with whom.
The premise is simple. Right now, carmakers are selling your data without so much as a courtesy call. And what kind of data are we talking about? Not just your location but driving habits, biometrics, and even voice recognition. Yes, the car playing your favorite tunes also tracks what you say while you sing along. Some automakers, like Honda, are gathering location data within a radius of about 1,850 feet, and Tesla employees were famously caught sharing footage of a child being hit by a car. It’s the kind of privacy nightmare that even Orwell would’ve found extreme.
Merkley’s bill, cosponsored by Senator Elizabeth Warren, aims to cut through this data fog by requiring companies to get your explicit consent before they sell or share any of it. No more vague terms and conditions buried deep within a 50-page contract you skim through at the dealership. In fact, under this law, you’ll have the right to say “no thanks” entirely to data collection.
But it gets better—or at least more detailed. Not only will you have the power to opt out of this data dragnet, but if you ever change your mind, automakers will be required to offer a clear, simple way to revoke consent. Want to take back your data rights? Just head to their website or send a letter—yes, an actual letter in the post.
Yet, this isn’t a blanket ban on data sharing. Data can still be shared with the National Highway Traffic Safety Administration (NHTSA) for road safety, but only after full disclosure. Every year, car manufacturers and insurers must report their data dealings to the Federal Trade Commission (FTC), which will summarize the mess to Congress. It’s like getting a peek under the hood of Big Data.
The real question is: why now?
The timing couldn’t be more perfect. A Mozilla Foundation review of 25 car companies showed that every single one raised privacy red flags. Some 84% sell or share data, and over half don’t even wait for a court order before handing your information to law enforcement. More troubling, nearly 90% of these companies create inferences about you from your driving habits and sell that information to third parties. So, while you’re cruising down the highway, somewhere out there, your data is being peddled to the highest bidder.
GM shared data from 10 million cars with a data broker that has since shut down, while a separate broker, High Mobility, partnered with over a third of the companies Mozilla reviewed. These aren’t isolated incidents—they’re the industry norm.
And consumers? They aren’t thrilled. A staggering 96% of drivers, according to a survey by Jerry, want complete control over the data generated by their cars. Nearly 80% said they’re downright uncomfortable with automakers gathering all this information.
There’s no question that the Car Privacy Rights Act is arriving at a critical moment. As cars get more intelligent, the tug-of-war between convenience and privacy grows more intense. While automakers argue that data collection improves driving experiences (and some of it does—like alerts for hazardous roads), they’ve crossed a line into monetizing your every movement.
If Verisk’s recent announcement to halt its Driver Behavior Data History Report by May 2024 is any indication, industry players might be bracing for change.
So, next time you slide behind the wheel, remember that your car is watching. But if this legislation passes, you’ll finally get to call the shots.