In the past decade, the cars we drive have slowly become computers on wheels. While that increased connectedness brings a host of benefits for automakers and consumers alike, there are also many risks associated with having a vehicle that is connected to the internet.
We’ve written before about cybersecurity threats in the automotive industry, which regulators like the National Highway Traffic Safety Administration (NHTSA) have been working to address with guidance and final rules. However, a new risk is now emerging for automakers in the U.S. – data privacy concerns.
What prompted these concerns?
Data privacy is a hot topic for regulators right now, at both the state and federal level, and the automotive industry has not been spared from that scrutiny. Beginning last year, the California Privacy Protection Agency (CPPA) began making inquiries about the data that vehicles collect about the people driving them, noting concerns about how vehicles often automatically collect data without consumers’ knowledge.
Those concerns over vehicle data privacy have now reached the national stage following media reports that automakers are sharing data about consumers’ driving behavior with insurance companies – often without the consumer realizing. While in most cases the consumers do – either knowingly or unknowingly – consent to this data sharing by agreeing to the vehicle’s terms, lawmakers and legal experts are nonetheless raising concerns about this data collection.
In addition to CPPA’s investigation of automakers’ data collection practices, Senator Ed Markey (D-MA), a member of the Senate Committee on Commerce, Science, and Transportation, has recently called on the Federal Trade Commission (FTC) to investigate the data privacy practices as well. Beyond the automotive industry, a committee in the U.S. House has recently released the draft American Privacy Rights Act, a piece of comprehensive data privacy legislation that would establish federal privacy laws and enforcement mechanisms. It is clear that data privacy is a key priority across the board.
Implications for automakers
While it is unclear how the FTC and other lawmakers plan to approach data privacy concerns specific to the automotive industry at this time, it is still important that industry stakeholders take this opportunity to conduct a comprehensive review of their data collection practices. Brand and reputation are among the most valuable assets a business has, and they are increasingly vulnerable in an age of close scrutiny from lawmakers, regulators, and consumers alike. Even if your business complies with all applicable laws and regulations, media reports and consumer beliefs to the contrary can pose a real threat.
Beyond your own data collection practices, it is also necessary to review the practices of your third party partners. Regulators are increasingly expanding the responsibility of manufacturers, dealers, and others throughout the supply chain for product safety issues, regardless of their role. Working with brand protection, legal, and liability insurance experts will remain an important defense against the growing risks in 2024.
Trusted by the world’s leading brands, Sedgwick brand protection has managed more than 7,000 of the most time-critical and sensitive product recalls in 100+ countries and 50+ languages, over 25 years. To find out more about our automotive product recall and remediation solutions, visit our website here.