Skip to main content

Sens. Reintroduce Connected-Car Data Security, Privacy Bill

A bill reintroduced by Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) would require manufacturers of connected cars to get an owner's opt-in permission to use any information collected by the car for advertising or marketing purposes -- such as triggering a gas pump ad for a local restaurant as the car rolls into the station for a fill-up.

The Security and Privacy in Your Car Act of 2017 (SPY Car Act) would direct the National Highway Traffic Safety Administration and the Federal Trade Commission (which oversees device privacy) to set cybersecurity standards for cars.

In addition to user opt-in for sharing of data, the bill would require "clear and conspicuous notice" to vehicle owners or lessees of the collection, transmission, retention and use of data collected from their cars.

The opt-in would extend to data used for car safety systems. Owner or lessees who decided not to opt in would still get access to navigation tools and other features "to the extent technically possible."

Opting in to data sharing for marketing or ad purposes can't be a condition for the use of any non-marketing related features or functions.

Those car-related provisions track with the FCC broadband privacy rules -- opt in, no marketing quid pro quo -- that Republicans in Congress are trying to overturn, and both Markey and Blumenthal strongly support.

The senators are also reintroducing an aircraft cybersecurity bill.

“Whether in their cars on the road or in aircraft in the sky, Americans should be protected from cyberattack and violations of their privacy,” Markey said of the two bills. “If hackers access the critical systems of a car or plane, disaster could ensue and our public safety could be compromised. We must ensure that as technologies change, our safety and privacy is maintained. I thank Sen. Blumenthal for his partnership on this critical issue.”