Over the past year, the country's top automakers had fallen under federal scrutiny for the ways in which they addressed – or in some cases, failed to address – data privacy. On Thursday, their main trade association outlined a set of principles aimed at better protecting drivers' privacy behind the wheel.
In a letter to the Federal Trade Commission, the 12 manufacturers that are members of the Auto Alliance committed to upholding principles that would provide more transparent notices to consumers about what data is being collected, minimize the amount and time of data that is stored and prohibit this information from being given to law enforcement without a court order.
"Automakers believe that strong consumer data privacy protections are essential to maintaining the trust of our customers," wrote Auto Alliance CEO Mitch Bainwol in a written statement. "Our privacy principles reflect a major step in protecting personal information collected in the vehicle."
US Senator Ed Markey (D-Mass.), a leading advocate for greater consumer control of this data, said the Alliance's agreement didn't go far enough, noting among a list of shortcomings that the commitment still did not "provide consumers with a choice whether sensitive information is collected in the first place."
He plans to release his findings of a months-long probe of automakers' privacy and security practices in the coming weeks, then propose federal legislation that would call for clear rules and not voluntary commitments.
Likewise, AAA, the nation's largest club of car owners, said it remained concerned the Alliance's steps did not go far enough in giving consumers access to their own data and allowing them to choose from a competitive choice in automotive services developing around this data.
"New cars increasingly collect vast amounts of data that can be used to prevent breakdowns, reduce crashes and help drivers save both time and money," said Marshall Doney, AAA's chief operating officer. "Consumers should benefit from market competition as these new services emerge, and no company should put unfair limits on consumer choice."
GAO: Car Companies Make Privacy Difficult
The topic of automotive data security gained wide attention in January, when a report issued by the Government Accountability Office found the steps taken by automakers to safeguard information inadequate. It concluded that, while car companies had taken some steps to protect consumer privacy, they had also made it difficult for motorists to understand the risks and vulnerabilities.
All this onboard information can identify everything from which fast-food shops a car passes along its daily commute to who a driver talks with via a Bluetooth connection to how hard they typically brake. In some cases, it has been unclear how automakers collect that information, how long they store it and how it is shared with third parties.
The Alliance said its members had committed to adopting "reasonable measures" to guard against unauthorized use or access to the data, and that they would provide owners and registered users with "clear, meaningful notices" about how data is collected and shared. But their agreed-upon principles leave open a window: drivers will see geo-targeted advertising from third parties based on their location.
"Putting limits on the use of geolocation information for marketing purposes and providing consumers with access to the collected information are fundamental to empowering consumers and ensuring their privacy," Markey said.
The Alliance said all its members would comply with these new principles by no later than their 2018 model-year vehicles.