AUTOMOTIVE PRIVACY
Automakers' Commitment
Memo: No, Your Car Isn't Spying... It's Keeping You Safe
Participating Automakers Commit to:
- Providing customers with clear, meaningful information about the types of information collected and how it is used.
- Obtaining affirmative consent before using geolocation, biometric, or driver behavior information for marketing and before sharing such information with unaffiliated third parties for their own use.
Examples of Data that Support Vehicle Technologies and Services
Vehicles & Safety Information:
Data about the functioning of a vehicle, including maintenance status, mileage, and system operation.
Driver Behavior Information:
Information about how a person drives a vehicle (speed, seat belt use, braking habits).
Location Information:
Precise geographic location of a vehicle.
Account information:
Personal information provided when a vehicle owner or user subscribes to vehicle technologies or services.
Participating Members
Frequently Asked Questions
- What benefits come from vehicle data?
- What data is captured in vehicles today and how is it used?
- How can consumers best protect the privacy of their vehicle?
- Is there any personal information collected?
- What data does a consumer own?
- What data can a consumer review or control?
- What data collection can a consumer turn off?
- What data can a consumer share with a third party?
- Why did the auto industry develop Privacy Principles?
- To whom are automakers accountable?
What benefits come from vehicle data?
Connected Technologies and services available today enable greater road safety.
Automatic crash notification helps assist vehicle occupants involved in a crash or other emergency situation.
Alerts about traffic conditions help reduce congestion.
Vehicle locator assistance helps locate lost or stolen vehicles.
These and other features are important to automotive customers, and automakers are committed to providing these benefits to customers while respecting their privacy.What data is captured in vehicles today and how is it used?
Today, different types of data are generated, transmitted, retained, or shared for different purposes, including the operation of the vehicle. These include:
Data generated in a vehicle, but not transmitted outside the vehicle, that is necessary for the operation of the vehicle:
Within a car, computer systems constantly exchange data to ensure the smooth operation of the vehicle. From steering to braking, crash avoidance, and acceleration, dozens of onboard computers simultaneously share information as consumers travel down the highway. In most cases, this data is not transmitted outside or retained in the long-term computer memory of the vehicle.
Data transmitted outside of the vehicle:
Certain subscription services can require the transmission of data outside the vehicle. For example, automatic crash notification systems transmit data so that emergency responders can be directed to crash scenes with information on the location and nature of the crash. Diagnostics systems may transmit data outside the car to help consumers identify potential maintenance issues.
Data transmitted into and out of the vehicle:
While basic navigation systems are only receivers for directions coming into the car, enhanced navigation systems both transmit and receive data from outside the vehicle so drivers can learn about traffic conditions and get directions. Trip information may be retained for convenient access to previously accessed destinations. For greater convenience, vehicles can also transmit and receive data so consumers can remotely monitor where their car is, remotely start their car, and access on-board information services.
Data generation that is required by law:
Certain vehicle data is required by law, such as data pertaining to emissions controls, on-board tire pressure sensors, and gauges. The government requires that event data recorders (also known as “EDRs”) monitor critical information about the vehicles in which they are installed, but this information is only stored for seconds at a time and constantly overwritten -- unless there is a crash and then the data (immediately prior to and after the crash) is recorded for use in analyzing the performance of the vehicle’s safety systems.
Data that is shared:
Technical data regarding such matters as warranty or safety may be exchanged with authorized dealers. Some vehilce data may also be shared with affiliates and suppliers for product development and quality purposes. Vehicle information may only be shared for marketing purposes, if the vehicle owner or registered user consents.
How can consumers best protect the privacy of their vehicle?
Here are four easy steps consumers should take to help safeguard the information in their vehicles.
First, understand your vehicle manufacturer's privacy policy:
Within a vehicle, internal computers are constantly communicating with each other to operate the vehicle, and automakers work hard to safeguard this in-vehicle computer network to preserve the integrity of safety critical systems. However, not all data needed to operate a vehicle is stored or transmitted. Privacy policies associated with the vehicle system are available to consumers, and automakers encourage their consumers to review them. Automakers may provide consumer notices through a variety of methods, including online, owner’s manuals, paper or electronic registration forms and user agreements, and/or in vehicle displays. Consumers will also find information on how to delete certain data they stored on their vehicles.
Second, always ask about privacy policies and practices of relevant providers, including:
- Wireless carriers: Many consumers pair their mobile devices with vehicle-integrated systems, so we urge them to check the privacy policies of their wireless carriers prior to pairing their device.
- Mobile app providers: When consumers pair their mobile devices with vehicle systems, they may also access mobile apps and websites that have their own policies for consumer review.
Third, delete personal data when selling or renting a car.
- Selling/donating your vehicle: Consistent with Federal Trade Commission , consumers should cancel or transfer active subscriptions for connected services before selling or donating a vehicle. Before turning a vehicle over to a new owner or user, consumers should delete any personal information – including phone contacts and navigation routes – that may be stored in the vehicle’s infotainment system and disconnect any apps that are used to access vehicle information or control vehicle function.
- Returning a rental vehicle: Consumers who choose to connect their phones to a rental car’s infotainment system should also follow Federal Trade Commission and delete their personal data from the vehicle before returning it to the rental car company.
Fourth, always ask who wants vehicle data and why:
Many data miners, retailers and service providers want access to consumer vehicle data. For example, insurance companies seek access to vehicle data for setting individual premium rates. Some insurance companies only want mileage driven per year, while others may want much more information, such as driving behaviors like hard braking and accelerations, or even GPS locations of travel. Under the automotive Privacy Principles, consumers must consent to providing third parties with vehicle data.
Is there any personal information collected?
Personal information may be collected but automakers are committed to protecting this data.
What data does a consumer own?
Increased Internet use and smartphones have raised many questions about data and ownership.
- EDR data: Automakers affirm they obtain vehicle owner consent in order to retrieve EDR data. In some situations, vehicle owner consent is not required, such as the driver is injured in a crash and data is need for a law enforcement investigation or court order.
- Infotainment data: Consumers can control the type of information they enter into the infotainment system, such as music and contact lists.
- Personal subscription information: Consumers can control identifying information, including name, address, credit card numbers, telephone numbers, and email addresses.
- Technical data: Automakers reserve the right to use technical data that is stored in, and relates to the functioning of, the vehicle.
What data can a consumer review or control?
Data from contract or subscription-based services:
Some vehicle systems and third-party service providers allow vehicle owners and registered users to access historical data from a variety of subscription-based services, including roadside assistance, navigation, automatic crash notification, entertainment, and concierge services.
Data from in-vehicle diagnostics:
Some data may be accessed by consumers via password protected websites, report emails, and mobile applications, as well as on-board reporting systems or embedded touch screens. This data includes diagnostics and vehicle information on emissions controls, tire pressure, oil life, upcoming service needs and brake life.
What data collection can a consumer turn off?
On home computers or smartphones, consumers can tell online advertisers and retailers that they want to avoid “tracking cookies” that retain Internet browsing information.
What data can a consumer share with a third party?
In many instances, consumers have a choice.
- Information necessary to diagnose and repair vehicles.
- Vehicle “health data” such as emissions controls, tire pressure, oil life.
- Driver behavior information such as average speed or engine throttle.
- Subscription-based information and service options such as geolocation, navigation, automatic crash notification, and road-side assistance.