[EDRM Editor’s Note: The opinions and positions are those of Michael Berman.]
Doug Austin wrote an interesting blog, Police May be Coming for Your Tesla as a Potential Crime Witness (ediscoverytoday.com)(Sept. 4, 2024). Doug wrote that: “In Oakland and beyond, police called to crime scenes are increasingly looking for more than shell casings and fingerprints. They’re scanning for Teslas parked nearby, hoping their unique outward-facing cameras captured key evidence.” Doug’s blog explains that, when a Tesla is in “sentry mode,” “a system of cameras and sensors that records noise and movement around the vehicle when it is empty and locked, storing it in a USB drive in the glove box.” Just as an aside, I turn “sentry mode” off on my car.
But, that’s not all: “Cars collect a lot of our personal data, and car companies disclose a lot of that data to third parties. It’s often unclear what’s being collected, and what’s being shared and with whom. A recent New York Times article highlighted how data is shared by G.M. with insurance companies, sometimes without clear knowledge from the driver.” Thorin Klosowski, How to Figure Out What Your Car Knows About You (and Opt Out of Sharing When You Can) | Electronic Frontier Foundation (eff.org)(Mar. 15, 2024).
After reading Doug’s excellent blog, I was interested in Cassandre Coyer and Jorja Siemons, Car Surveillance Rules Risk Gaps Amid Agencies’ Piecemeal Moves (bloomberglaw.com)(Sept. 10, 2024). They wrote:
Cars with connectivity features collect swaths of data on driving patterns that can identify where people live, work, and frequently travel. Compatibility with phones can share call logs and messages. Car sensors can track people’s eyes and hand movements.
That creates a “big picture about our habits” that automakers have access to, said Emile Ayoub, senior counsel in the Brennan Center for Justice’s Liberty & National Security Program.
Fast-evolving artificial intelligence models are compounding consumer’s fears, he added, by enabling companies to make more inferences and create even more detailed profiles of drivers. All that stands in their way, as of now, are their own privacy policies.
Car Surveillance Rules Risk Gaps Amid Agencies’ Piecemeal Moves (bloomberglaw.com)(Sept. 10, 2024).
The implications for civil litigation are obvious. They may involve complex preservation and collection issues. Should preservation demands and legal hold notices in auto torts, for example, include these types of data? If ESI in an automobile can show where a vehicle frequently travels, consider the relevance in, for example, family law cases or personal injury cases.
And, for example, Ms. Coyer and Siemons wrote that: “The Federal Communications Commission floated rules … to help survivors of domestic violence control who can access connectivity features in vehicles.”
The two Bloomberg authors reported that: “The Federal Trade Commission and the California Privacy Protection Agency have also told automakers they’re also keeping a close eye on connected cars’ data-privacy practices.”
Their analysis is that, in the absence of a national data privacy law, a “resulting patchwork of regulations… could leave critical blind spots that ultimately fail to address consumers’ growing uneasiness over their cars’ consumption of sensitive information or stem the tide of consumer data-privacy class actions against automakers.”
In fact, they report a 2023 survey in which more than 75% of U.S. carmakers “revealed [that] their privacy norms allow them to sell user data to third-parties. More than half said they’re permitted to share the information with law enforcement or government officials.”
This has led to litigation. For example: “Texas sued General Motors Co. and OnStar LLC in August, accusing the companies of selling drivers’ data to insurance companies without their consent. Insurers used the data to make decisions such as monthly premium increases and coverage denials, Texas Attorney General Ken Paxton said.”
Finally, Bloomberg notes that:
For drivers, it can be hard to learn exactly what their car knows about them, said Andrea Amico, founder of Privacy4Cars. His group’s research has found that drivers wanting to understand their cars’ handbooks—assuming companies’ data practices are “well-disclosed”—would face about “five and a half hours of reading.” [emphasis added].
Car Surveillance Rules Risk Gaps Amid Agencies’ Piecemeal Moves (bloomberglaw.com)(Sept. 10, 2024).
Much of the Bloomberg article focuses on the Supreme Court’s overruling of Chevron in Loper Bright, however, it also discussed “blind spots” in the law:
Federal privacy legislation could help alleviate the current complexity by clarifying companies’ compliance responsibilities and consumers’ rights, said Adonne Washington, policy counsel for data, mobility, and location with the Future of Privacy Forum.
Congressional action could also sort out the roles of states and federal agencies. But the prospects for any comprehensive federal bill are uncertain at best.
The resulting data privacy “patchwork quilt is something really new to car industries who really were looking at the federal level for many years, but now have to deal with state regulation as well,” said Hinshaw & Culbertson LLP partner Cathy Mulrow-Peattie .
But without a national standard, the regulatory push and consumer-led litigation automakers face will continue on “different tracks,” Baker said….
Still, data brokers could soon be reined in.
The FTC in 2022 launched a rulemaking to address the data-broker economy, noting the large swaths of data harvested by companies now amounts to what the FTC calls “commercial surveillance.”
The agency warned car manufacturers earlier this year it “will take action to protect consumers against the illegal collection, use, and disclosure of their personal data.”
“Connected cars have been on the FTC’s radar for years,” the FTC said in a May blog post urging automakers to tread lightly in the data space. The “easiest way” to avoid harming consumers by sharing data is by “simply not collecting it in the first place.”
Car Surveillance Rules Risk Gaps Amid Agencies’ Piecemeal Moves (bloomberglaw.com)(Sept. 10, 2024).
The e-discovery issues presented by these articles and technologies are fascinating. The Electronic Frontier Foundation suggests:
Start by seeing what your car is equipped to collect using Privacy4Cars’ Vehicle Privacy Report. Once you enter your car’s VIN, the site provides a rough idea of what sorts of data your car collects. It’s also worth reading about your car manufacturer’s more general practices on Mozilla’s Privacy Not Included site.
How to Figure Out What Your Car Knows About You (and Opt Out of Sharing When You Can) | Electronic Frontier Foundation (eff.org)(Mar. 15, 2024).
The EFF blog also provides links to privacy request pages for major manufacturers and other suggestions. How to Figure Out What Your Car Knows About You (and Opt Out of Sharing When You Can) | Electronic Frontier Foundation (eff.org) It adds: “Without a national law that puts privacy first, there is little that most people can do to stop this sort of data sharing. Moreover, the steps above clearly require far too much effort for most people to take.”
Assisted by GAI and LLM Technologies per EDRM GAI and LLM Policy.