California State Agency Probes Automakers Over Data Privacy Concerns

Amid increasing concerns about the extensive collection of data by vehicles, the California Privacy Protection Agency (CPPA) has initiated a review of the privacy practices of automakers and vehicle technology companies. The CPPA's Enforcement Division is currently conducting inquiries into the data privacy policies of vehicles equipped with various features such as location sharing, web-based entertainment, smartphone integration, and cameras. The agency highlighted the critical nature of these vehicle privacy considerations, as modern vehicles act as connected computers on wheels, capable of collecting a wealth of information that may include consumers' locations, personal preferences, and details about their daily lives.

CPPA Executive Director Ashkan Soltani underscored the significance of this investigation, stating that vehicles today can monitor not only those inside but also individuals near the vehicle. With built-in apps, sensors, and cameras, these cars collect data that raises data privacy concerns for consumers.

As vehicles increasingly gather, store, and transmit data for entertainment, performance, and safety purposes, regulators worldwide have expressed growing unease over the volume of personal information being amassed. The CPPA's review aims to address these apprehensions and assess the data privacy practices of automakers and technology companies operating in California.

However, the agency did not disclose the names of the specific companies under review. It is clear that data privacy is a crucial issue, given that these vehicles have the capability to automatically gather sensitive information about consumers, including their locations, preferences, and daily routines.

The CPPA's move comes after California nonprofit Consumer Watchdog warned the state's regulator last year that "car data is the new gold rush of the auto industry." The organization emphasized that automakers and third-party companies possess detailed profiles of consumers, including information on their driving habits, purchases, texts, and other aspects of their lives, all of which can be used for targeted advertising and other purposes.

California, with over 35 million registered vehicles, has the largest number of vehicles of any state in the U.S., making it an essential market for automakers and technology companies. However, as data collection becomes more pervasive and invasive, the need to safeguard consumer privacy grows more urgent.

The CPPA's investigation aligns with efforts by data watchdogs in other countries to address data privacy concerns related to vehicles. For example, the Dutch personal data watchdog refrained from fining Tesla earlier this year after the carmaker made changes to vehicle security cameras that had raised privacy questions. The regulator noted that Tesla vehicles parked on the street often recorded images of passersby, storing these images for extended periods.

Additionally, automakers like Chrysler-parent Stellantis have established ventures like Mobilisights to license vehicle data to various customers, including rival carmakers. Mobilisights has committed to adhere to strict privacy safeguards and provide personal data to customers only with explicit consent, giving owners the option to opt out even after initially agreeing.

While the trade group representing major automakers has not issued a statement in response to the CPPA's review, the agency's investigation reflects the increasing scrutiny surrounding data privacy in the automotive industry. As technology continues to advance, balancing data collection for functional purposes with the protection of consumer privacy remains a critical challenge for the automotive sector. The outcome of the CPPA's review is likely to have significant implications for the industry's data privacy practices and consumers' rights in California.