Smart Car Privacy: A Recent Court Ruling and What Car Owners Should Know

The integration of technology into modern vehicles has raised privacy concerns. A recent court ruling recently exposed this fact and resulted in implications for both automakers and car owners. In this blog post, we’ll take a brief look at the case, explore the privacy challenges posed by smart cars, and provide basic insights into protecting your personal data.

Understanding the Court Ruling

In early November 2023, a federal judge refused to revive a class action lawsuit that involved infotainment systems in smart cars and the question of privacy protection. The lawsuit, originally filed in 2020, alleged certain car manufacturers’ practice of collecting, recording, and intercepting consumer text messages and phone calls without their knowledge or consent violated the Washington Privacy Act (WPA). The plaintiff’s allegations hinged on the WPA’s prohibition against the interception of private communication without warrants or legal justifications.

The judge ruled that the district court “properly dismissed” the cases against Honda, Toyota, Volkswagen, and General Motors. The ruling stated the practice of using a vehicle’s infotainment system for recording and intercepting mobile phone activity did not meet the WPA’s standard for an illegal privacy violation under state law. Specifically, it did not satisfy the WPA’s statutory injury requirement, which requires a plaintiff to prove an injury to “his or her business, his or her person, or his or her reputation.”

Privacy Risks in Smart Cars

This ruling may raise concerns for consumers and privacy advocates regarding the extent of privacy that can be expected from the use of smart car functions. Auto manufacturers are not only equipping vehicles with infotainment systems that make communication safer and easier, but they’re increasing the capabilities of these systems and the number of sensors placed in vehicles at a rapid pace.

As a result, smart vehicles have become data goldmines able to collect information on vehicle diagnostics, driving habits, location, and even personal preferences such as the music you’re listening to.

Consumers may not be aware of this development, but automakers in the aforementioned case argued buyers agreed to the collection of this type of data when they accepted the terms of service upon purchasing the vehicle.

Data Security in the Automotive Industry

This ruling draws attention to the fact that smart car technology has outpaced regulation on important matters such as the collection of personal data and keeping that data secure. As of today, there is no known federal privacy bill to regulate the sensors and systems used in vehicles, what data they record, and where and how that data is processed. Without a regulatory framework to govern their behavior, consumers cannot be sure that automakers are taking the proper steps to protect their data.

Adding to consumer and privacy advocate concerns are reports from privacy watchdogs like the Mozilla Foundation, which have found automakers are not even meeting minimum privacy standards. Other recent reports have determined that automakers often send the data collected by smart vehicles to data hubs, where the information can be processed.

In the aforementioned lawsuit, for example, Berla Corporation provided the technology to download text messages and phone calls. Berla’s software does not allow the general public to access the downloaded communications, but they do provide access to law enforcement officials.

However, issues can arise when using third parties to process data, such as:

  1. Misuse: The information may be used for purposes other than what is disclosed to customers, such as surveillance, as in the case with Berla. It has also become common industry practice to sell the data collected by smart vehicles to advertisers, although the California legislature has recently introduced a Senate bill to outlaw this practice.
  2. Privacy Breaches: How third parties store and protect data, (this relates to third-party data hubs as well as external connectivity providers) has become a point of contention. Third parties typically rely on anonymization techniques that remove personally identifiable information (PII) and combine user data into large sets. Without robust security techniques and continuous scrutiny, that data may be vulnerable to privacy breaches. For cybersecurity criminals, triangulating between data points to identify a user is not difficult, and this can lead to threats like identity theft.

Protecting Your Privacy

If automakers have the right to collect and store personal information without the explicit consent of users, smart vehicle owners can take steps to protect their data. For example, you can:

  • Update your software regularly. As software providers learn about vulnerabilities, they create security patches to fix the issue. Updating your software as updates become available is a key component of ensuring you have the right protections in place.
  • Choose strong passwords. The more complex your password is, the less chance that a hacker can guess it. Do not use the same password for multiple applications, and create passwords using a combination of letters, numbers, and special characters.
  • Check privacy settings. You can limit what you share with applications, including things like location. Go into the privacy settings on all your applications and use discernment regarding what you want to share.
  • Know what you’re signing up for. Privacy policies and terms of service agreements are long and complex, but reading through them is the only way to find out what you’re sharing and whether or not you can opt out.

By understanding the risks and taking proactive measures, you can better secure your personal data while enjoying the benefits of smart cars.

Final Word

With connected vehicles comes privacy concerns for car owners. The recent court ruling underscores the growing gap between technology integration and regulatory frameworks. The decision not only absolves major automakers of privacy violations but also shows regulations have not kept up with evolving data collection practices. As consumers face potential threats like identity theft, some are starting to take proactive steps to protect their data.

Contact Penney & Associates

Infringement of personal data rights can result in non-material personal damage. If your data has been compromised and resulted in injury to you, your business, or your reputation, you may be entitled to compensation. Contact us to schedule a complimentary consultation with the experienced trial attorneys at Penney & Associates.

Read more:
Personal Injury Statistics: What Three Studies Reveal About California
Filing a Wrongful Death Claim in California: What to Keep in Mind
Product Liability Claims in California: Pursuing Compensation

* This blog is not meant to dispense legal advice and is not a comprehensive review of the facts, the law, this topic or cases related to the topic. For a full review of our disclaimer and policies, please click here.

Computer generated archery target with computer generated arrows stuck in the ground surrounding it

The Pitfalls of Using AI for Legal Research: Nonexistent Cases and ‘Gibberish’

In an attempt to establish precedent in a personal injury case, a lawyer in New York cited six cases. The lawyer, representing a man suing Colombia-based Avianca Airlines for allegedly...
scales sitting with nothing on either side with a dark overlay

Kouri Richins Case: Does the Defense Stand a Chance?

Did Kouri Richins — who this year released a children’s book about coping with her husband’s death — poison him with a lethal dose of fentanyl? The case is being...
Image of a street with buildings in the background retouched with motion blur

Legal Insight: Radio Law Talk Analyzes the Shirilla Verdict

On an early July morning in 2022, police was called to a gruesome scene in the Cleveland suburb of Strongville, Ohio. A Toyota Camry, driven by a 17-year old girl,...