The California Privacy Protection Agency is implementing the seminal new privacy law passed by voters. State residents can weigh in on whether to put privacy and safety before automakers’ profits as the agency drafts rules on personal car data.
By Justin Kloczko, Special to CalMatters
Justin Kloczko follows tech privacy for Consumer Watchdog, a nonprofit that advocates for taxpayer and consumer interests.
Personal car data is the new gold rush of the auto industry. Cars collect more data than our phones. Consumers deserve privacy in their vehicles, and California must lead the way on that issue.
An enormous amount of information is collected while you are driving, including your buying habits, credit score, text messages and even sexual orientation. A total consumer profile is created to sell you things. That data is transmitted at a rate of 25 gigabytes per hour to the automakers’ cloud. And companies share it.
And the targeted advertising we see on our browsers, inboxes and social media feeds is coming for the driver’s seat.
Chevrolet’s OnStar Service feeds users’ data to apps such as Domino’s and Shell, among others, according to The Washington Post.
The software company Telenav is developing in-car advertising, touting its “freemium” model popularized by streaming services such as Hulu and Spotify, in which, in exchange for free services, drivers will be flashed with ads. In a post on its website titled “Why in-car advertising works,” Telenav’s case amounts to “advertising is worth it to the consumer” while disregarding safety and privacy. In this auto surveillance-commerce world, Telenav says there is a large opportunity to capitalize on the $212 billion commuters spend while out driving.
Discrimination is another concern. Although charging car insurance premiums by ZIP-code is illegal in California, providers could try to use data to discriminate against people based on the neighborhoods they frequent. Law enforcement agencies already have access to this data and evade traditional warrant requirements by tapping into information uploaded from a USB port, according to The Intercept.
Companies will know so much about us that the information could become ubiquitous and identity theft could become even more commonplace. While companies tracking us in our cars often claim they traffic in “anonymized data,” there is no such thing. Anonymized data, when paired with other data points such as credit card usage, can be used to identify you and target you, according to car technologists and privacy advocates interviewed by Consumer Watchdog.
While location data can be turned off on your cell phone, there’s not yet an opt-out feature for your car. With the end of federal protections for those who wish to have an abortion, tech surveillance will almost surely be weaponized in the form of criminal prosecution against women. One safeguard is ensuring people can protect their privacy and geolocation from intrusive activity.
Fortunately, California is set to be the first in the nation with an opt-out for precise geolocation. This summer, the California Privacy Protection Agency resumes drafting rules as it implements the California Privacy Rights Act, a seminal new privacy initiative passed by voters in 2020.
Automakers and insurance companies are fighting back, claiming the law is unworkable and that they need such data in order for their products, such as emergency services, to work. But they are weaponizing safety and using the same tracking consent form for a host of reasons. It’s a false choice.
Consumers don’t have to choose between their safety and having their data used for other tracking purposes. The fact is, cars don’t need to share your private information in order to allow you to drive.
One of the biggest misconceptions is that technology is making driving safer. It isn’t. The number of deaths per 100,000 miles driven grew in 2020 by almost 25%, according to the National Safety Council, marking the highest annual increase the organization has recorded in nearly 100 years. Traffic fatalities increased in 2021, prompting the federal government to act. And the death toll could grow if companies increasingly turn our vehicles into vessels for consumerism — or worse, make them vulnerable to hacking.
The California Privacy Protection Agency has an opportunity to put privacy and safety before automakers’ profits. That’s what voters asked for when they passed Proposition 24, the California Privacy Rights Act. The public can respond to the draft regulations when the privacy board convenes for public hearings on Aug. 24 and 25.