Car manufacturers confront escalating data privacy issues, according to experts
In a significant development, General Motors (GM) is facing a lawsuit over allegations that it unlawfully collected and sold private driving data of 1.5 million people in Texas. The lawsuit, announced by Texas Attorney General Ken Paxton, comes about two months after his office revealed it was investigating multiple automakers over similar allegations.
According to the lawsuit, GM did not inform customers it would sell their data or disclose contracts allowing third-party companies to resell driving scores to insurers. This data, it is claimed, was allegedly sold to third parties, who used it to score driver behavior and manipulate consumers' insurance rates.
The case against GM highlights the complex web of rules automakers must consider as they develop the next generation of connected vehicles. OEMs (Original Equipment Manufacturers) and suppliers must comply with unique consumer data privacy laws in 20 U.S. states, the European Union, and other markets.
Ravi Puvvala, general manager of the strategic business unit at the Center for Automotive Research, stated that data privacy regulations in the EU are more stringent than in the U.S. However, legal experts are unsure how the sweeping ruling will affect policymaking, especially when it comes to specific regulations.
Federal officials may have significantly less power to regulate connected car data privacy after the U.S. Supreme Court ended "Chevron deference" in June. However, the FTC's ability to take action against the automotive industry is not likely to be affected by the recent court decision.
In May, the Federal Trade Commission (FTC) said it will take action against companies that unlawfully collect and use connected car data. The FTC amended the safeguards rule in 2021 and 2023 to strengthen consumer data protections for non-banking financial institutions like car dealers and mandate additional data breach reporting for such organizations.
Samuel Goldstick, a data privacy and cybersecurity attorney at law firm Foley & Lardner, emphasizes the importance of greater disclosure and clear, easy-to-understand privacy policies. He suggests that automakers should inform users about data collection practices, potential risks, and how to protect vehicle data. Users should also be given clear instructions on how to adjust data collection settings or opt-out completely.
Automotive executives need to be closely connected with their in-house and outside counsel during product development, according to Rocco Grillo, managing director and head of the global cyber risk and incident response services practice at consultancy Alvarez & Marsal. This close collaboration can help reduce legal risk and ensure compliance with ever-evolving data privacy regulations.
Texas Attorney General Ken Paxton said the state will hold GM accountable for its "egregious business practices." The name of the lawyer who leads the cybersecurity, data protection, and privacy practice at the law firm Clark Hill could not be found in the provided search results.
The FTC settled a case in 2019 against DealerBuilt over poor data security practices that exposed the personal information of millions of consumers. This settlement underscores the importance of robust data protection measures in the automotive industry.
As the automotive industry continues to evolve, it is clear that data privacy will remain a critical concern. Both automakers and consumers must navigate this complex landscape with care and transparency to ensure the protection of personal data.
Read also:
- Development of Restaurant Apps: Expenses and Essential Elements
- Indian Oil Corporation's Panipat Refinery secures India's inaugural ISCC CORSIA accreditation for Sustainable Aviation Fuel production
- Porsche Macan Accelerates into Second Generation of Electric Power
- Ford Bets on an Affordable Electric Pickup Revolution with a $30,000 Design
