Automakers Are Tracking and Monetizing Drivers Without Adequately Informing Them

Kashmir Hill, New York Times:

But in other instances, something much sneakier has happened. Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., Honda, Kia and Hyundai, have started offering optional features in their connected-car apps that rate people’s driving. Some drivers may not realize that, if they turn on these features, the car companies then give information about how they drive to data brokers like LexisNexis.


After LexisNexis and Verisk get data from consumers’ cars, they sell information about how people are driving to insurance companies. […]

If this subject feels familiar to you, you may have read Mozilla’s September report about mass data collection. At the time, I wrote that it was possible a car’s privacy policy is suggesting a greater amount of data collection than is actually occurring. (As an aside, how messed up is it that a car has a privacy policy?) This is something I felt compelled to note, as one of the most circulated disclaimers was Nissan’s permission to collect drivers’ “sexual activity” and “genetic information”, something Mozilla noted was possibly boilerplate stuff. There was lots else in Mozilla’s report I found credible, but this clause in particular read to me like a standard cover-your-ass contract thing — perhaps a template that a law office would keep on hand. While it is not impossible Nissan could, somehow, inadvertently collect this kind of information, it seems unlikely it is actually trying to do so. Why would Nissan want it in the first place?

What Hill’s investigation found is more plausible and understandable — not only because Hill has evidence, but also because everybody involved has a clear financial incentive. Insurance companies can use this information to fiddle with their rates or entirely decline to serve someone. Data brokers and automakers each get paid. Car dealers also get financial bonuses for signing people up — perhaps without their full knowledge.

There is also a mechanism for collecting this information: the car itself knows how you accelerate, brake, and how fast you drive. A pathway this obvious was not present in the Nissan example.

If drivers were fully aware of how their behaviour behind the wheel was disclosed and there were adequate privacy laws protecting its use solely for insurance providers, I think that would be a fair trade off. I would welcome my insurance provider virtually riding along; my one redeeming quality is that I drive like a saint. But this arrangement with data brokers under the mask of driver aides is skeezy in all the ways this same sort of thing appears everywhere. Data is valuable and there are way too many avenues to quietly monetize it.

Update: General Motors has apparently stopped sharing OnStar data with LexisNexis and Verisk.