Today, drivers want to be as connected in their cars as they are everywhere else. As vehicles become increasingly connected, automakers are taking action to protect the privacy of customer data.
To enhance privacy, automakers that are now Auto Innovators members pledged to meet or exceed commitments contained in the Consumer Privacy Protection Principles for Vehicle Technologies and Services established to protect personal information collected through in-car technologies. These principles, first developed in 2014, were reviewed again in 2018 and will be reviewed periodically to ensure that they remain relevant and robust. Read about the privacy principles here.
Memo: No, Your Car Isn't Spying... It's Keeping You Safe
Participating Automakers Commit to:
- Providing customers with clear, meaningful information about the types of information collected and how it is used.
- Obtaining affirmative consent before using geolocation, biometric, or driver behavior information for marketing and before sharing such information with unaffiliated third parties for their own use.
These comprehensive and groundbreaking Principles incorporate long-standing Fair Information Practice Principles and Federal Trade Commission Guidance to establish a set of baseline protections for personal information used with connected vehicle technologies.These Principles were submitted to the Federal Trade Commission and Participating Members understand that they are enforceable under Section 5 of the FTC Act. Automakers share information on their privacy commitments with federal and state policymakers, as well as with their customers.
Automakers continue to monitor evolving technologies and developments in privacy protection. Automakers commit to periodically reviewing the Principles to assess whether they continue to provide appropriate protections for personal information. At the conclusion of the previous review in 2018, automakers concluded that the fundamental commitments of the Principles continue to provide appropriate protections for the personal information collected from connected vehicles and to reflect the industry-wide commitment to be responsible stewards of information used for vehicle technologies and services.
Examples of Data that Support Vehicle Technologies and Services
Vehicles & Safety Information:
Data about the functioning of a vehicle, including maintenance status, mileage, and system operation.
Driver Behavior Information:
Information about how a person drives a vehicle (speed, seat belt use, braking habits).
Precise geographic location of a vehicle.
Personal information provided when a vehicle owner or user subscribes to vehicle technologies or services.
What benefits come from vehicle data?
Connected Technologies and services available today enable greater road safety.
Automatic crash notification helps assist vehicle occupants involved in a crash or other emergency situation.
Alerts about traffic conditions help reduce congestion.
Vehicle locator assistance helps locate lost or stolen vehicles.
These and other features are important to automotive customers, and automakers are committed to providing these benefits to customers while respecting their privacy.
What data is captured in vehicles today and how is it used?
Today, different types of data are generated, transmitted, retained, or shared for different purposes, including the operation of the vehicle. These include:
Data generated in a vehicle, but not transmitted outside the vehicle, that is necessary for the operation of the vehicle:
Within a car, computer systems constantly exchange data to ensure the smooth operation of the vehicle. From steering to braking, crash avoidance, and acceleration, dozens of onboard computers simultaneously share information as consumers travel down the highway. In most cases, this data is not transmitted outside or retained in the long-term computer memory of the vehicle.
Data transmitted outside of the vehicle:
Certain subscription services can require the transmission of data outside the vehicle. For example, automatic crash notification systems transmit data so that emergency responders can be directed to crash scenes with information on the location and nature of the crash. Diagnostics systems may transmit data outside the car to help consumers identify potential maintenance issues.
Data transmitted into and out of the vehicle:
While basic navigation systems are only receivers for directions coming into the car, enhanced navigation systems both transmit and receive data from outside the vehicle so drivers can learn about traffic conditions and get directions. Trip information may be retained for convenient access to previously accessed destinations. For greater convenience, vehicles can also transmit and receive data so consumers can remotely monitor where their car is, remotely start their car, and access on-board information services.
Data generation that is required by law:
Certain vehicle data is required by law, such as data pertaining to emissions controls, on-board tire pressure sensors, and gauges. The government requires that event data recorders (also known as “EDRs”) monitor critical information about the vehicles in which they are installed, but this information is only stored for seconds at a time and constantly overwritten -- unless there is a crash and then the data (immediately prior to and after the crash) is recorded for use in analyzing the performance of the vehicle’s safety systems.
Data that is shared:
Technical data regarding such matters as warranty or safety may be exchanged with authorized dealers. Some vehilce data may also be shared with affiliates and suppliers for product development and quality purposes. Vehicle information may only be shared for marketing purposes, if the vehicle owner or registered user consents.
How can consumers best protect the privacy of their vehicle?
Here are four easy steps consumers should take to help safeguard the information in their vehicles.
Within a vehicle, internal computers are constantly communicating with each other to operate the vehicle, and automakers work hard to safeguard this in-vehicle computer network to preserve the integrity of safety critical systems. However, not all data needed to operate a vehicle is stored or transmitted. Privacy policies associated with the vehicle system are available to consumers, and automakers encourage their consumers to review them. Automakers may provide consumer notices through a variety of methods, including online, owner’s manuals, paper or electronic registration forms and user agreements, and/or in vehicle displays. Consumers will also find information on how to delete certain data they stored on their vehicles.
Second, always ask about privacy policies and practices of relevant providers, including:
- Wireless carriers: Many consumers pair their mobile devices with vehicle-integrated systems, so we urge them to check the privacy policies of their wireless carriers prior to pairing their device.
- Mobile app providers: When consumers pair their mobile devices with vehicle systems, they may also access mobile apps and websites that have their own policies for consumer review.
Third, delete personal data when selling or renting a car.
- Selling/donating your vehicle: Consistent with Federal Trade Commission recommendations, consumers should cancel or transfer active subscriptions for connected services before selling or donating a vehicle. Before turning a vehicle over to a new owner or user, consumers should delete any personal information – including phone contacts and navigation routes – that may be stored in the vehicle’s infotainment system and disconnect any apps that are used to access vehicle information or control vehicle function.
- Returning a rental vehicle: Consumers who choose to connect their phones to a rental car’s infotainment system should also follow Federal Trade Commission recommendations and delete their personal data from the vehicle before returning it to the rental car company.
Fourth, always ask who wants vehicle data and why:
Many data miners, retailers and service providers want access to consumer vehicle data. For example, insurance companies seek access to vehicle data for setting individual premium rates. Some insurance companies only want mileage driven per year, while others may want much more information, such as driving behaviors like hard braking and accelerations, or even GPS locations of travel. Under the automotive Privacy Principles, consumers must consent to providing third parties with vehicle data.
Is there any personal information collected?
Personal information may be collected but automakers are committed to protecting this data.
The most sensitive types of consumer information relate to geolocation (where the vehicle goes), driver behavior (such as vehicle speed or use of safety belts) and biometrics (physical or biological characteristics that identify a person). For each of these categories, the Privacy Principles require clear and prominent notices about the collection of such information, the purposes for which it is collected, and the types of entities with which the information may be shared. In addition, the Privacy Principles require automakers to obtain affirmative consent before sharing this information with third parties.
What data does a consumer own?
Increased Internet use and smartphones have raised many questions about data and ownership.
For instance, a consumer owns a smartphone but not the proprietary system and data that make the smartphone work. As autos evolved into complex computer systems that generate, store, and analyze data, similar questions arose about data ownership related to vehicles. Here are the answers:
- EDR data: Automakers affirm they obtain vehicle owner consent in order to retrieve EDR data. In some situations, vehicle owner consent is not required, such as the driver is injured in a crash and data is need for a law enforcement investigation or court order.
- Infotainment data: Consumers can control the type of information they enter into the infotainment system, such as music and contact lists.
- Personal subscription information: Consumers can control identifying information, including name, address, credit card numbers, telephone numbers, and email addresses.
- Technical data: Automakers reserve the right to use technical data that is stored in, and relates to the functioning of, the vehicle.
What data can a consumer review or control?
Data from contract or subscription-based services:
Some vehicle systems and third-party service providers allow vehicle owners and registered users to access historical data from a variety of subscription-based services, including roadside assistance, navigation, automatic crash notification, entertainment, and concierge services.
Data from in-vehicle diagnostics:
Some data may be accessed by consumers via password protected websites, report emails, and mobile applications, as well as on-board reporting systems or embedded touch screens. This data includes diagnostics and vehicle information on emissions controls, tire pressure, oil life, upcoming service needs and brake life.
What data collection can a consumer turn off?
On home computers or smartphones, consumers can tell online advertisers and retailers that they want to avoid “tracking cookies” that retain Internet browsing information.
By contrast, automobiles rely on the on-board network of computers to function, and these systems cannot be turned off and still allow the vehicle to operate. However, vehicle owners and registered users have access to a variety of subscription-based services offered by manufacturers and third-party service providers. Owners can opt out of subscription-based services or choose not to contract with certain vendors who seek access to various types of data.
What data can a consumer share with a third party?
In many instances, consumers have a choice.
For instance, owners and registered users can direct vehicle health reports and forward emails to their repairer of choice. If data is collected by an automaker, owners and registered users are informed of the collection of required data at the point of sale via the owner’s manual or through various service subscriptions upon registration or contract. Data is not collected or shared without such disclosure. Examples of the types of data that consumers may share with third parties include:
- Information necessary to diagnose and repair vehicles.
- Vehicle “health data” such as emissions controls, tire pressure, oil life.
- Driver behavior information such as average speed or engine throttle.
- Subscription-based information and service options such as geolocation, navigation, automatic crash notification, and road-side assistance.
Why did the auto industry develop Privacy Principles?
Automakers take great pride in providing their customers with safe, reliable products, and protecting data privacy.
The Privacy Principles acknowledge that technologies and services in automobiles are increasingly designed to enhance vehicle safety, improve vehicle performance, and augment the driving experience, and many of these technologies and services rely upon information generated by vehicle systems. The Principles represent a unified commitment to responsible stewardship of the information collected to provide vehicle services.
To whom are automakers accountable?
Participating automakers agree to meet or exceed the Privacy Principles.
By publicly committing to Privacy Principles, participating automakers become accountable not only to their customers, but also to state and federal regulators.