Technology

California to probe what happens to the data your car collects


California’s newly empowered privacy regulators announced their first case Monday, a probe of the data practices of newer-generation cars that are often or always connected to the internet.

The California Privacy Protection Agency said its enforcement division would review manufacturer’s treatment of data collected from vehicles, including locations, smartphone connections and images from cameras.

The agency was established by a 2020 ballot initiative that toughened the California Consumer Privacy Act of 2018. As of July 1, it can conduct operations to enforce Californians’ right to learn what is being collected about them, the right to stop that information from being spread and the right to have it deleted.

Data collection in cars has surged in recent years, especially in cars that encourage users to plug in their phones to play music, get spoken directions and make hands-free calls. Location information, which can come from nearby cell towers or GPS signaling, is sought after by businesses wanting to pitch their products to nearby drivers.

When combined with web surfing habits and other internet data collated by brokers, movement tracking can paint a full portrait that includes a person’s home, workplace, shopping habits, religious attendance and medical treatments.

Insurance companies also want data on how quickly drivers brake ahead of problems on the road, along with other performance indicators, and they are willing to pay to get it.

Though phone connections beam detailed call logs and contacts lists to the automakers and their business partners, those companies have vague privacy policies, The Washington Post has reported. While California laws requires visibility for consumers, that is often hard to come by.

“Modern vehicles are effectively connected computers on wheels. They’re able to collect a wealth of information via built-in apps, sensors, and cameras, which can monitor people both inside and near the vehicle,” Ashkan Soltani, CPPA’s executive director, said in a statement. “Our Enforcement Division is making inquiries into the connected vehicle space to understand how these companies are complying with California law when they collect and use consumers’ data.”

Vehicle data may prove to be another area where California regulators learn by working with their counterparts in Europe, instead of Washington, where Congress has been unable to agree on a national privacy law.

European investigations have prompted vehicle makers to disclose more about data collection and offer more ways to alter it.