Senator asks FTC to investigate automakers’ data privacy practices
Calling automakers’ responses to his demand for answers “evasive and vague,” Sen. Edward Markey (D-MA) on Wednesday called on Federal Trade Commission (FTC) Chair Lina Khan to investigate the car industry’s data privacy practices.
In a letter to Khan, Markey said in December he asked 14 major car manufacturers to offer transparency on how they implement and enforce privacy protections in their vehicles. Markey told Khan that the answers he received were far from clear and even prevaricating.
Car manufacturers “sidestepped my questions or focused on the beneficial uses of this data — all while ignoring the real privacy risks their data practices create,” Markey wrote to Khan.
As an example, he said most of the surveyed 14 car manufacturers refused to tell him whether they transfer data for commercial benefit.
Although the manufacturers all said they give consumers the opportunity to consent to having their data collected, just one provided the percentage of consumers that actually give consent, Markey told Khan.
Most automakers surveyed acknowledged they only provide the right to delete data to consumers in states where the automaker is legally required to do so, the senator said. Markey also told Khan that the manufacturers “largely failed to answer whether they collect more data than is needed for the service provided, whether a consumer loses certain vehicle functionality by refusing to consent to the data collection, or whether the manufacturers have suffered a cyberattack in the last ten years.”
“These responses raise far more questions than answers,” he added.
Automakers’ responses to Markey were in some cases skimpy and imprecise and in other cases robust but heavily caveated and carefully worded. Still, common themes emerged, with automakers nearly across the board acknowledging they gather location data and 12 of 14 acknowledging they share car owners’ activities with law enforcement when asked.
Markey noted that those twelve said they typically provide data to law enforcement only in response to a subpoena, warrant or other legal order.
Not all car manufacturers were precise on the point, however. Nissan’s response noted it turns data over to law enforcement when faced with “valid compulsory process,” which car privacy experts said could mean anything.
Markey urged Khan to act now, saying the industry has been operating with little or no oversight for years even as stalkers have been able to exploit location data to harass victims and many Americans have increasingly demanded answers on how car manufacturers treat and monetize their private data.
The Federal Communications Commission (FCC) also announced it is increasing its scrutiny of connected cars Wednesday, saying that a new proposed rulemaking will seek input on the types and frequency of use of connected car services.
According to an FCC press release, the proposal is seeking insights into what steps “connected car service providers can proactively take to protect survivors from the misuse of connected car services.”
Suzanne Smalley
is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.