The California Privacy Protection Agency (CPPA) wants to know how connected vehicle (CV) companies are using the data they amass from their customers’ automobiles. The review, announced on Monday (July 31), will be the first enforcement action by California’s new privacy regulator and the US’s only such agency.
CPPA’s enforcement division noted that CVs routinely come equipped with several data collection points, including location sharing, web-based entertainment systems, sensors, smartphone integration, and cameras. In a statement, Ashkan Soltani, CPPA’s executive director, called modern cars “connected computers on wheels.”
Autonomous vehicles are known to collect up to 19 terabytes of data per day. Last month, the EV manufacturer Tesla announced an ambitious project to build its own supercomputer, to better store and process the petabytes of real-time data generated by its vehicles around the world.
The CCPA’s review aims to help protect car owners against the misuse of their private data once it lands in the hands of car manufacturers.
Misuse of the data could find a CV manufacturer in breach of California’s Consumer Protection Act (CCPA), which empowers consumers with new data rights. These include the right to know what personal information is collected, the right to delete that data, and the right to stop the sharing or selling of it.
Who owns the data that our smart cars collect?
The modern internet is defined by our data becoming increasingly valuable and expensive, triggering a data rush from corporates. But we tend to think of our laptops and smartphones first when we consider devices that mine our data, even as cars have become more sophisticated towards that same end. “One of the major privacy issues about car data is that it is very, very opaque,” Dorothy Glancy, a transportation law professor at Santa Clara University told Newsweek in 2021.
More than 35 million vehicles are registered in the state of California. Not all of them are CVs, but the proportion grows with every replacement of an old car by a new one.
In a statement, Consumer Watchdog, a consumer protection group in California, called modern cars the equivalent of web browsers. They pick up millions of pieces of personal information on drivers and passengers, such as where they travel, what they like to buy, and what their racial, economic and health characteristics are. The information that CVs collect includes details not just about the people within but also about other automobiles and people in the vicinity.
This information is, in turn, feeding a growing commercial surveillance system that endangers people’s civil liberties and safety, Consumer Watchdog argued.
“We’re glad that the [CPPA] is using its authority to investigate how powerful car companies are collecting and using our personal information under the law,” Justin Kloczko, a tech privacy advocate for Consumer Watchdog, said in the statement. “These companies know more about us than we know about ourselves, and they’re the ones in control of our personal information, not us.”