Texas attorney general investigating several connected car manufacturers over data sharing
The Texas Attorney General has launched an investigation into several car manufacturers following reports the industry secretly siphons and sells vast amounts of data extracted directly from drivers’ connected cars.
In an announcement on Thursday, Attorney General Ken Paxton did not say which manufacturers are under investigation. Recorded Future News reported last month that Paxton’s office had opened preliminary investigations into how connected car manufacturers’ data collection and sharing methods might qualify as deceptive trade practice violations under the state’s consumer protection law.
As part of that probe, Kia, General Motors, Subaru and Mitsubishi were sent “civil investigative demand” letters in late April, according to documents obtained by Recorded Future News. It is unclear whether additional car companies received the letters.
“The technology in modern vehicles enables manufacturers to collect millions of data points about the people driving them,” Paxton said in a statement. “Reports of the invasive and unmitigated collection and sale of data without consumer consent are disturbing, and they merit a thorough investigation and appropriate enforcement.”
Car privacy experts said they consider Paxton’s office’s aggressive action to be a sign of forthcoming muscular enforcement practices. They come just before the state’s comprehensive data privacy law takes effect on July 1.
On Tuesday, Paxton announced he established a new data-privacy team inside his consumer protection unit, saying “any entity abusing or exploiting Texans’ sensitive data will be met with the full force of the law.”
The investigation into connected cars will be conducted under the Texas Deceptive Trade Practices Consumer Protection Act, which empowers Paxton’s office to probe “false, misleading, or deceptive acts or practices.”
Auto makers and the third parties who buy data from them have been ordered to turn over relevant documents, including those “showing the disclosures they made to customers about the extent of their data collection practices and subsequent sale of their customers’ data,” the attorney general’s press release said.
In recent months, automakers' mass data collection practices have been in the spotlight due to reports of the sharing of data with law enforcement without a warrant, and with insurers without driver consent. They have also been accused of abetting the stalking of domestic violence survivors.
Suzanne Smalley
is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.