Automotive Industry Creates 7 Rules to Protect Driver Data

A privacy policy set by major car manufacturers aims to shield consumers and their driving data from exploitation by insurers and law enforcement.

by / December 12, 2014
The automotive industry has released a new set of self-imposed privacy principles to ensure consumer trust as car technologies grow. Flickr/Yash Gupta

Many might not view their car as a tracking device, but with the rise of automotive tech, the analogy may start to ring true.

Equipped with an increasing amount of gadgetry, some vehicles can now collect and communicate identifiable driver information. And, while navigation and emergency services like OnStar are intended to help drivers, the trend has stirred fears that collected data could be exploited by insurers or law enforcement agencies. Beyond location data, worries circulate around sensitive information like statistics on hard breaking, speeding, seat-belt usage and even compliance with vehicle maintenance standards.

In November, two industry trade groups, the Alliance of Automobile Manufacturers and the Association of Global Automakers, responded to these concerns with a self-imposed set of privacy and transparency regulations meant to keep carmakers in check and protect consumer trust. Regulations, set with an effective date of January 2016, will impact production of 2017 model year cars.

Despite voluntary adoption, the policies are notable due to the organizations’ membership, which includes Ford, GM, Chrysler, Toyota, Honda, Mitsubishi, Mazda, Nissan and many others.

Beyond updating driver’s manuals on collected data, the protections stipulate that drivers will be notified whenever changes in data occur. Similarly, and perhaps to greater effect, manufacturers plan to offer buyers choices on what kind of data is collected and how it’s shared. Further, should law enforcement request such data, the standards demand that companies require a warrant before location data is delivered.

Below is a summary of the trade groups’ privacy fundamentals. A complete review of the “Consumer Privacy Protection Principles” can be found by downloading the PDF here.

1. Transparency: Participating Members commit to providing Owners and Registered Users with ready access to clear, meaningful notices about the Participating Member’s collection, use and sharing of Covered Information [“Covered Information,” denoting collected driver data].


2. Choice: Participating Members commit to offering Owners and Registered Users with certain choices regarding the collection, use and sharing of Covered Information.


3. Respect for Context: Participating Members commit to using and sharing Covered Information in ways that are consistent with the context in which the Covered Information was collected, taking account of the likely impact on Owners and Registered Users.


4. Data Minimization, De-Identification & Retention: Participating Members commit to collecting Covered Information only as needed for legitimate business purposes. Participating Members commit to retaining Covered Information no longer than they determine necessary for legitimate business purposes.


5. Data Security: Participating Members commit to implementing reasonable measures to protect Covered Information against loss and unauthorized access or use.
 

6. Integrity & Access: Participating Members commit to implementing reasonable measures to maintain the accuracy of Covered Information and commit to giving Owners and Registered Users reasonable means to review and correct Personal Subscription Information.


7. Accountability: Participating Members commit to taking reasonable steps to ensure that they and other entities that receive Covered Information adhere to the Principles.