FTC Urged to Investigate Car Manufacturers' Data Practices

The Federal Trade Commission (FTC) is being urged to investigate the ongoing practice of car manufacturers collecting and selling driver data without informed consent. In a letter to FTC Chair Lina S. Khan, Senators Ron Wyden (Oregon) and Edward J. Markey (Massachusetts) detailed how companies like General Motors (GM), Honda, and Hyundai collect extensive data from internet-connected vehicles and sell it to third parties, including insurance companies.

The data collected includes precise details about driving habits, such as time, distance, speed, and braking behavior. This data is then used by data brokers like Verisk Analytics to create individual risk scores for insurance purposes, often without the drivers' knowledge. "Companies should not be selling Americans’ data without their consent, period," the senators stated in their letter. "But it is particularly insulting for automakers that are selling cars for tens of thousands of dollars to then squeeze out a few additional pennies of profit with consumers’ private data."

The letter specifically accused GM, Honda, and Hyundai of deceptive practices and the use of "dark patterns" to obtain driver data. Dark patterns are design choices that manipulate users into actions they might not otherwise take, often obscuring the true purpose of the data collection. The senators noted that GM, in particular, failed to obtain informed consent from consumers and used manipulative designs to enroll them in its Smart Driver program.

In March, a New York Times investigation revealed that car manufacturers were handing over driving data to brokers like Verisk and LexisNexis. These brokers then sold the data to insurance companies, leading to higher insurance quotes for many drivers. Despite assurances from companies like GM and Verisk that they had ended such programs, recent findings suggest that the practice continues.

The senators' letter highlighted several specific instances of data misuse:

• General Motors: Confirmed sharing acceleration and braking data with Verisk and customer location data with two unnamed companies.

• Honda: Shared data from 97,000 vehicles with Verisk, receiving US$25,920 in return. Honda also used dark patterns to push consumers into its Driver Feedback program via a mobile app.

• Hyundai: Shared data from 1.7 million vehicles with Verisk, receiving over US$1 million. Hyundai enrolled drivers in its Driving Score program by default without adequately disclosing this practice.

The senators emphasized that these practices are not isolated to these three companies. Other manufacturers like Subaru, Acura, Kia, and Mitsubishi also collect and share driver data, often with similar opaque consent processes.