At least eight carmakers in the US have admitted they would backtrack on a voluntary privacy agreement and turn over the personal customer data to government and police, prompting calls for an investigation.
Automotive News reports 19 carmakers had voluntarily signed up for the Consumer Privacy Protection Principles in 2014 – standards which would require US government agencies (including police) to obtain a warrant or court order to access customer location data
However, a recent inquiry found Toyota, Nissan, Subaru, Volkswagen, BMW, Mazda, Mercedes-Benz, and Kia would turn over the data if a subpoena was produced – in violation of the standards they signed up for.
According to the report, General Motors, Honda, Ford, Stellantis and Tesla require a warrant for location data, unless it was an emergency or customer consent was provided. Tesla was also the only brand to notify its customers of legal demands.
This has not only raised concerns about what other privacy promises carmakers have made that they won’t keep, but has led to two US Senators calling for the companies to be investigated by the Federal Trade Commission (FTC).
“Automakers have not only kept consumers in the dark regarding their actual practices, but multiple companies misled consumers for over a decade by failing to honour the industry’s own voluntary privacy principles,” said Senators Ron Wyden and Edward Markey in a letter to the FTC.
“Vehicle location data can be used to identify Americans who have travelled to seek an abortion in another state, attended protests, support groups for alcohol, drug, and other types of addiction, or identify those of particular faiths, as revealed through trips to places of worship.”
Mercedes-Benz, Toyota and Kia all defended their practices, while the Alliance for Automotive Innovation – a lobby group for the car industry – claimed government agencies only request location information when there is clear danger to an individual.
“Vehicle location information is only provided to law enforcement under specific and limited circumstances, such as when the automaker is provided a warrant or court order or in situations where there is an imminent threat of serious bodily harm or death to an individual,” an AAI spokesperson told Automotive News.
The calls for an investigation into the data-sharing habits of carmakers comes after General Motors ended its partnerships with two major data brokers, following accusations of sharing information on drivers without their consent.
In March, The New York Times published an in-depth investigation about a Chevrolet Bolt owner who had been quoted a significantly higher insurance renewal premium, later discovering his driving data was being sold to insurance firms by data broker LexisNexis.
This was followed by a second report, detailing a proposed class action lawsuit put forward by a Cadillac XT6 owner who claimed he was denied insurance by seven companies on account of his LexisNexis driving report provided to the firms.
Both of the vehicles were equipped with OnStar, GM’s connected services brand which gathered data used by LexisNexis.
In the wake of the reports, General Motors subsequently ended its partnership with both LexisNexis and Verisk, a similar company which also sold driving data to insurance companies.
According to The New York Times, an internal document circulated within General Motors showed more than eight million vehicles were actively supplying data through OnStar’s Smart Driver program as of 2022.