FTC Hints At Regulatory Action Against Automakers For Terrible Privacy Practices
In 2023, Mozilla released a report noting that modern cars had the worst security and privacy standards of any major technology industry the organization tracks. That was followed by a NYT report earlier this year showing how automakers routinely hoover up oodles of consumer driving and phone info, then sell access to that data to auto insurance companies looking to justify rate hikes.
The very least the auto industry can do is make these transactions clear to car owners, but most of the time they can't even do that.
Now it looks like the FTC might be considering legal action against the auto industry for lax privacy standards. An FTC blog post indicates that the connected car" industry has been on the agency's radar for years," and hinted at potential future actions:
Car manufacturers-and all businesses-should take note that the FTC will take action to protect consumers against the illegal collection, use, and disclosure of their personal data."
The FTC is being prodded into action by the concerns of Senator Ron Wyden, whose office launched an investigation finding that automakers routinely collect not only driver behavior data but data from connected phones, sell access to a myriad of often dodgy third parties and data brokers, and routinely fail to make any of those transactions meaningfully clear to car owners.
Usually customer acceptance for such monetization of data isn't buried in your car paperwork; it's buried in the user agreement connected to automakers' car apps or road-side assistant apps. This is, it should be noted, the same industry that's fighting tooth and nail against right to repair" reforms under the pretense that it just cares a whole lot about consumer privacy and security.
Of course the FTC lacks the resources, staff, and authority (quite by lobbying design) to meaningfully police U.S. tech privacy violations at the scale they're happening. And even should the FTC take action, any fines would likely comprise a tiny fraction of the money made from non-transparently and haphazardly monetizing drivers' every fart for the better part of the last two decades.
And whatever fines that do get levied are often reduced further (or eliminated entirely) thanks to multi-year legal fights within an increasingly corrupt court system.
Still, it's important to try to have standards. It's what separates us from potatoes.
As Wyden's office has made clear, the stakes for our corrupt failure to pass baseline privacy laws or regulate data brokers continue to rise. Demonstrated pretty clearly by his office's recent discovery that a data broker had been selling abortion clinic location data to right wing activists, who then took to targeting vulnerable women with health care disinformation.
But between regulators that have been steadily boxed in by thirty-years of lobbying and corrupt court rulings, and a Congress that's too corrupt to function, it seems like we'll be waiting a long time to see meaningful reform on this front. And that reform is only likely to come courtesy of a privacy scandal whose scope and impact we probably can't imagine.