Skip to main content

Senators Reintroduce Connected-Car Data Security, Privacy Bill

Manufacturers of connected cars will have to get opt-in permission to use any information collected by the car for advertising or marketing purposes—say, triggering a gas pump ad for a local restaurant as the car rolls into the station for a fill-up.

That is according to a bill reintroduced by Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.).

The Security and Privacy in Your Car Act of 2017 (SPY Car Act) would direct the National Highway Traffic Safety Administration and the Federal Trade Commission (which oversees device privacy) to set cybersecurity standards for cars.

In addition to user opt-in for sharing of data, the bill would require "clear and conspicuous notice" to vehicle owners or lessees of the collection, transmission, retention and use of data collected from their cars.

The opt-in for data use would extend to data used for car safety systems and if an owner or lessee decided not to opt in, they would still get access to navigation tools and other features "to the extent technically possible."

Opting in to data sharing for marketing or ad purposes can't be a condition for the use of any non-marketing related feature of function.

Those car-related provisions track with the FCC broadband privacy rules—opt in, no marketing quid pro quo—that Republicans in Congress are trying to overturn and both Markey and Blumenthal strongly support.

The senators are also reintroducing an aircraft cybersecurity bill.

“Whether in their cars on the road or in aircraft in the sky, Americans should be protected from cyberattack and violations of their privacy,” said Markey of the two bills. “If hackers access the critical systems of a car or plane, disaster could ensue and our public safety could be compromised. We must ensure that as technologies change, our safety and privacy is maintained. I thank Senator Blumenthal for his partnership on this critical issue.”