AUTOMOTIVE PRIVACY

Automatic crash notification helps assist vehicle occupants involved in a crash or other emergency situation.

Alerts about traffic conditions help reduce congestion.

Vehicle locator assistance helps locate lost or stolen vehicles.

These and other features are important to automotive customers, and automakers are committed to providing these benefits to customers while respecting their privacy.

Data generated in a vehicle, but not transmitted outside the vehicle, that is necessary for the operation of the vehicle:
Within a car, computer systems constantly exchange data to ensure the smooth operation of the vehicle. From steering to braking, crash avoidance, and acceleration, dozens of onboard computers simultaneously share information as consumers travel down the highway. In most cases, this data is not transmitted outside or retained in the long-term computer memory of the vehicle.

Data transmitted outside of the vehicle:
Certain subscription services can require the transmission of data outside the vehicle. For example, automatic crash notification systems transmit data so that emergency responders can be directed to crash scenes with information on the location and nature of the crash. Diagnostics systems may transmit data outside the car to help consumers identify potential maintenance issues.

Data transmitted into and out of the vehicle:
While basic navigation systems are only receivers for directions coming into the car, enhanced navigation systems both transmit and receive data from outside the vehicle so drivers can learn about traffic conditions and get directions. Trip information may be retained for convenient access to previously accessed destinations. For greater convenience, vehicles can also transmit and receive data so consumers can remotely monitor where their car is, remotely start their car, and access on-board information services.

Data generation that is required by law:
Certain vehicle data is required by law, such as data pertaining to emissions controls, on-board tire pressure sensors, and gauges. The government requires that event data recorders (also known as “EDRs”) monitor critical information about the vehicles in which they are installed, but this information is only stored for seconds at a time and constantly overwritten -- unless there is a crash and then the data (immediately prior to and after the crash) is recorded for use in analyzing the performance of the vehicle’s safety systems.

Data that is shared:
Technical data regarding such matters as warranty or safety may be exchanged with authorized dealers. Some vehilce data may also be shared with affiliates and suppliers for product development and quality purposes. Vehicle information may only be shared for marketing purposes, if the vehicle owner or registered user consents.

First, understand your vehicle manufacturer's privacy policy:
Within a vehicle, internal computers are constantly communicating with each other to operate the vehicle, and automakers work hard to safeguard this in-vehicle computer network to preserve the integrity of safety critical systems. However, not all data needed to operate a vehicle is stored or transmitted. Privacy policies associated with the vehicle system are available to consumers, and automakers encourage their consumers to review them. Automakers may provide consumer notices through a variety of methods, including online, owner’s manuals, paper or electronic registration forms and user agreements, and/or in vehicle displays. Consumers will also find information on how to delete certain data they stored on their vehicles.

Second, always ask about privacy policies and practices of relevant providers, including:

• Wireless carriers: Many consumers pair their mobile devices with vehicle-integrated systems, so we urge them to check the privacy policies of their wireless carriers prior to pairing their device.
• Mobile app providers: When consumers pair their mobile devices with vehicle systems, they may also access mobile apps and websites that have their own policies for consumer review.

Third, delete personal data when selling or renting a car.

• Selling/donating your vehicle: Consistent with Federal Trade Commission recommendations, consumers should cancel or transfer active subscriptions for connected services before selling or donating a vehicle. Before turning a vehicle over to a new owner or user, consumers should delete any personal information – including phone contacts and navigation routes – that may be stored in the vehicle’s infotainment system and disconnect any apps that are used to access vehicle information or control vehicle function.
• Returning a rental vehicle: Consumers who choose to connect their phones to a rental car’s infotainment system should also follow Federal Trade Commission recommendations and delete their personal data from the vehicle before returning it to the rental car company.

Fourth, always ask who wants vehicle data and why:
Many data miners, retailers and service providers want access to consumer vehicle data. For example, insurance companies seek access to vehicle data for setting individual premium rates. Some insurance companies only want mileage driven per year, while others may want much more information, such as driving behaviors like hard braking and accelerations, or even GPS locations of travel. Under the automotive Privacy Principles, consumers must consent to providing third parties with vehicle data.

The most sensitive types of consumer information relate to geolocation (where the vehicle goes), driver behavior (such as vehicle speed or use of safety belts) and biometrics (physical or biological characteristics that identify a person). For each of these categories, the Privacy Principles require clear and prominent notices about the collection of such information, the purposes for which it is collected, and the types of entities with which the information may be shared. In addition, the Privacy Principles require automakers to obtain affirmative consent before sharing this information with third parties.

For instance, a consumer owns a smartphone but not the proprietary system and data that make the smartphone work. As autos evolved into complex computer systems that generate, store, and analyze data, similar questions arose about data ownership related to vehicles. Here are the answers:

• EDR data: Automakers affirm they obtain vehicle owner consent in order to retrieve EDR data. In some situations, vehicle owner consent is not required, such as the driver is injured in a crash and data is need for a law enforcement investigation or court order.
• Infotainment data: Consumers can control the type of information they enter into the infotainment system, such as music and contact lists.
• Personal subscription information: Consumers can control identifying information, including name, address, credit card numbers, telephone numbers, and email addresses.
• Technical data: Automakers reserve the right to use technical data that is stored in, and relates to the functioning of, the vehicle.

Data from contract or subscription-based services:
Some vehicle systems and third-party service providers allow vehicle owners and registered users to access historical data from a variety of subscription-based services, including roadside assistance, navigation, automatic crash notification, entertainment, and concierge services.

Data from in-vehicle diagnostics:
Some data may be accessed by consumers via password protected websites, report emails, and mobile applications, as well as on-board reporting systems or embedded touch screens. This data includes diagnostics and vehicle information on emissions controls, tire pressure, oil life, upcoming service needs and brake life.

By contrast, automobiles rely on the on-board network of computers to function, and these systems cannot be turned off and still allow the vehicle to operate. However, vehicle owners and registered users have access to a variety of subscription-based services offered by manufacturers and third-party service providers. Owners can opt out of subscription-based services or choose not to contract with certain vendors who seek access to various types of data.

For instance, owners and registered users can direct vehicle health reports and forward emails to their repairer of choice. If data is collected by an automaker, owners and registered users are informed of the collection of required data at the point of sale via the owner’s manual or through various service subscriptions upon registration or contract. Data is not collected or shared without such disclosure. Examples of the types of data that consumers may share with third parties include:

• Information necessary to diagnose and repair vehicles.
• Vehicle “health data” such as emissions controls, tire pressure, oil life.
• Driver behavior information such as average speed or engine throttle.
• Subscription-based information and service options such as geolocation, navigation, automatic crash notification, and road-side assistance.

The Privacy Principles acknowledge that technologies and services in automobiles are increasingly designed to enhance vehicle safety, improve vehicle performance, and augment the driving experience, and many of these technologies and services rely upon information generated by vehicle systems. The Principles represent a unified commitment to responsible stewardship of the information collected to provide vehicle services.

By publicly committing to Privacy Principles, participating automakers become accountable not only to their customers, but also to state and federal regulators.