California Privacy Laws Under Scrutiny as Data Collected by Car Manufacturers Raises Concerns

The rapid rise of connected vehicles has led to a new era of convenience and functionality in the automotive industry, but it has also ignited a debate over data privacy. With the proliferation of internet-enabled features in cars, concerns are mounting that personal information collected by car manufacturers may potentially violate California's strict privacy laws.

Connected vehicles, a technological phenomenon still in its infancy, have swiftly become a staple in the automotive landscape. In the United States, major manufacturers have integrated these features into their vehicle lines over the past decade, providing drivers with enhanced capabilities such as cameras for security, GPS navigation, streaming media, and more. However, the data these vehicles collect often remains largely unregulated at the federal level.

In a significant development, the state of California is set to tackle this issue head-on with its first case under the new provisions of the California Privacy Rights Act (CPRA). The California Privacy Protection Agency (CPPA) is poised to examine a wide range of data amassed by car manufacturers, including information captured by vehicle cameras and data transmitted through connected apps.

One of the primary concerns surrounding connected vehicles is the unregulated flow of personal information, which can potentially be harnessed for targeted marketing purposes. Although federal regulations do not explicitly restrict the use of data collected by connected vehicles, some states, including California, are taking proactive measures. California transitioned to the upgraded CPRA in March 2023, with enforcement originally slated for July 1, 2023, but subsequently postponed to March 29, 2024. The CPRA empowers the state to scrutinize the personal data amassed by connected cars, assess data retention periods, and evaluate data sharing practices with third-party data brokers.

The ubiquity of connected vehicles raises concerns for consumers who increasingly find it challenging to opt out of internet features. Research indicates that around 91% of new vehicles sold in the US are now equipped with some form of "connected car" functionality, and this figure is projected to rise to 96% by 2023. Globally, nearly half of all new vehicles are outfitted with similar technology.

While the convenience of internet-enabled features is undeniable, vehicle owners often have limited options to disable certain functionalities. For example, many modern vehicles are equipped with cameras for enhanced safety and automation, and they often come with location tracking and data transmission capabilities. As these features become standard, concerns arise about the potential misuse of data and the lack of consumer control.

The lawsuit that sparked this case was filed by a group of Montana residents who were between the ages of 2 and 18 when it was initiated in March 2020. These young plaintiffs represent a growing movement of young people across the nation who are asserting that future generations will bear the consequences of a warming planet, and they are demanding greater attention to data privacy concerns.

While Judge Seeley did not prescribe specific actions for the state to take, her ruling signals a shift towards greater scrutiny of data privacy practices in the automotive sector. As California takes the lead in addressing the complex intersection of connected vehicles and data privacy, the outcome of this case will have significant implications for both the automotive industry and data protection efforts on a broader scale.