A data privacy expert thinks California legislation that would give car owners more choice in how data collected by their vehicles is transmitted is defective.
New California legislation aims to give car owners control over who gets to view data generated from their vehicles. But one expert thinks the bill is fundamentally flawed and potentially dangerous.
Fred Cate, privacy expert and law professor at Indiana University's Maurer School of Law, called California Senate Bill 994 – the Consumer Vehicle Information Choice and Control Act – “completely unworkable in practice.” He noted that the bill requires a car manufacturer to provide the registered owner with “access from the motor vehicle to the vehicle information.” But while technologically possible to bring that data up on a console screen, Cate doesn’t think it’s realistic.
“This would mean that the data created by the dozen or so computers used to control braking and fuel injection and other essential components of the car would have to be accessible to the owner from within the car,” Cate said. “I can’t imagine how this would be accomplished or what good it would be to a driver … but it is easy to imagine the staggering cost it would add to the price of a car and the number accidents it might cause as drivers tried to make sense of it.”
SB 994 was authored by Sen. Bill Monning, D-Carmel, as a consumer rights bill intended to give vehicle owners control over personal data generated by on-board technology systems. In a statement introducing the legislation, Monning felt the measure would give car owners the ability to access and control data from their automobiles.
“Our cars are becoming mobile computers, and while this technology provides benefits to consumers, it is imperative that there are basic safeguards in place to ensure consumers can decide who has access to their data,” Monning said. “The modern connected car can greatly improve safety and enhance convenience, but it can also collect a driver’s personal information.”
Automakers have slammed the bill, calling it a ploy to empower insurance companies. Mitch Bainwol, chief executive officer of the Alliance of Automobile Manufactures, criticized SB 994, calling it the “AAA Insurance Data Grab bill,” and believes it will compromise data security.
Bainwol added that SB 994 is enabling AAA to gain access to motorist data to exploit it for commercial purposes and view driving behavior that may be relevant to insurance policies.
“SB 994 severely jeopardizes the security of data generated by an auto, thus posing a threat to motorist safety, privacy and the 21st century future of automotive connectivity as championed by the National Highway Transportation Safety Administration,” Bainwol said in a statement. “What consumers need is an automotive future where their data is secure and the network of connected autos is not threatened.”
Government Technology contacted Monning’s office multiple times seeking comment on SB 994, but the messages were not returned.
Cate said he hasn’t seen similar legislation in other states yet, but fears that the idea behind Monning's bill might spread. He likened SB 994 to “another set of privacy notices” that most people ignore when they interfere with making a decision. In addition, he noted that states love privacy notices because they are cheap and don’t typically deny consumers anything.
“It’s a way to say, ‘Look, we did something to protect privacy,’ but it doesn’t necessarily do anything … and it doesn’t cost the state anything,” Cate said. “That’s a very attractive [model] for other states.”