The California Privacy Protection Agency’s (CPPA) Enforcement Division will perform an audit of the data privacy practices of automakers that produce “connected vehicles.” It will seek to find out if the industry is respecting consumers’ rights.
With more than 35 million vehicles registered on California roads, the question of how connected vehicles handle consumers’ data is anything but trivial. As their means of transportation, a vehicle has access to a lot of its owner’s data.
The CPPA points out that, as automakers work to become increasingly technologically advanced “mobility providers,” the vehicles they sell can gather data about location, online entertainment, smartphone integration, cameras, and more. Further, they don’t just collect data about the people inside of them.
Read: Mercedes Wants To Use Your Driving Data To Help Fix Boston’s Streets
“Modern vehicles are effectively connected computers on wheels,” said Ashkan Soltani, CPPA’s Executive Director. “They’re able to collect a wealth of information via built-in apps, sensors, and cameras, which can monitor people both inside and near the vehicle.”
On that last charge, California isn’t the only jurisdiction to investigate. Tesla was the recent subject of scrutiny in the Netherlands, after it was determined that its Sentry Mode, which films its vehicles’ surroundings while they are parked, could violate pedestrians’ privacy rights. It narrowly avoided receiving a fine by making modifications to the function to let those around its vehicles know that it could be recording them.
The CPPA’s audit will look to see if connected vehicles abide by the California Consumer Privacy Act, which was first adopted in 2018. It provides the state’s residents with the right to know what personal information about them is being collected, gives them the right to delete that information, and to stop its sale or sharing, among others.