Vehicle manufacturers are sharing driving information with data brokers, such as LexisNexis, who then share the information with insurance companies, according to a recent New York Times article. 

The article highlights the story of a driver who was confused when his insurance jumped 21% in 2022. While shopping for insurance, an insurer told him his LexisNexis report was a factor, the article says. 

Upon request, the driver received a 258-page consumer disclosure report that detailed 640 trips he and his wife took in his Chevrolet Bolt, the article says. The report included trip start and end times, along with braking or sharp accelerations. 

The New York Times says the report claimed General Motors provided information about the trips. 

A LexisNexis spokesman told the paper that insurers use a risk score LexisNexis creates from the data as “one factor of many” to create insurance coverage for the consumer. 

GM, Honda, Kia, and Hyundai all offer optional features that rate people’s driving, the article says. 

“Some drivers may not realize that, if they turn on these features, the car companies then give information about how they drive to data brokers like LexisNexis,” the article says. “Automakers and data brokers that have partnered to collect detailed driving data from millions of Americans say they have drivers’ permission to do so. But the existence of these partnerships is nearly invisible to drivers, whose consent is obtained in fine print and murky privacy policies that few read.” 

In July, the California Privacy Protection Agency (CPPA) said it is reviewing data privacy practices by vehicle manufacturers and their related technologies. 

“These vehicles are embedded with several features including location sharing, web-based entertainment, smartphone integration, and cameras,” a press release from the agency says. “Data privacy considerations are critical because these vehicles often automatically gather consumers’ locations, personal preferences, and details about their daily lives.”

Last month, U.S. Sen. Edward Markey (D-Mass.) urged the Federal Trade Commission to investigate privacy practices of auto manufacturers. The request came following a letter he sent to 14 OEMs in December calling on them to implement and enforce stronger privacy protections in their vehicles. 

Markey said his letter was sparked by a Mozilla report from September that investigated the privacy policies of 25 car brands and found all of them failed to meet minimum privacy and security standards.

According to Mozilla research, popular global brands — including Mercedes-Benz, Nissan, BMW, Ford, Toyota, Tesla, Kia, and Subaru — can collect deeply personal data such as sexual activity, immigration status, race, facial expressions, weight, health and genetic information, and where you drive.

Mozilla’s report prompted responses from some automakers, including BMW, which stated in a Sept. 14 news release that customers are provided with comprehensive data privacy notices that inform them about the collection of their personal information, which allows vehicle drivers “to make granular choices regarding the collection and processing of their personal information.”

And amid mounting personally identifiable information (PII) and data privacy concerns across the board from devices to vehicles, Porsche shared it has added a privacy center to its My Porsche portal.

The Alliance for Automotive Innovation released a memo in December titled “No, your car isn’t spying…it’s keeping you safe.” 

“Telematic data enables lifesaving safety systems,” the memo says. “It also helps automakers proactively identify potential defects and pinpoint resolutions.”

The memo informs consumers that the auto industry voluntarily created its own Consumer Privacy Principles in 2014. Twenty OEMs signed the principles, which were last reviewed in 2022.

The first principle listed in the document is transparency. 

“Participating Members commit to providing Owners and Registered Users with ready access to clear, meaningful notices about the Participating Member’s collection, use, and sharing of Covered Information,” the document says. 

Other principles include choice, respect for context, data minimization, de-identification and retention, data security, integrity, and access and accountability. 

“These industry-wide standards require even greater protection for particularly sensitive data, including location information (where a vehicle goes), biometric information (physical or biological characteristics), and driver behavior information (how a vehicle is driven),” the December memo says. “Automakers are prohibited from using this sensitive vehicle data for marketing purposes or from sharing this vehicle data with third parties — without consent.” 

Data collected by OEMs can be used for a long list of safety systems, the memo says. This includes lane keeping assistance, blind spot monitoring, crash avoidance systems like automatic emergency braking, and technology to detect if a child is unattended in the back seat. 

“Some companies are even working on technology to detect in real-time if a driver is experiencing a medical emergency while behind the wheel,” the memo says. 

It goes on to say that automakers’ privacy policies are publicly available online with information about how the data is collected and used. 

GM’s privacy statement was last updated on July 1, 2023. It lists seven ways that it could share information collected from its consumers. None of the ways specifically say the information could be given to a data broker or insurance company. 

The ways the information could be shared are vague such as, “with companies we enter into business or marketing arrangements with, such as arrangements supporting services we offer to you and our GM card program.” 

It also says the information could be shared with third parties for research and development purposes. It gives an example of a university research institute. 

“Apart from the purposes listed above, GM will not share information about you or your vehicle with other third parties for their independent use without your prior consent,” the privacy statement says. 

IMAGES

Photo courtesy of metamorworks/iStock