Data protection: US authority threatens car manufacturers
The Federal Trade Commission is warning the automotive industry in particular about unlawful data collection and use. The authority has been trying for a decade.
Privacy-friendly motor vehicle
(Image: Daniel AJ Sokolov)
"Connected cars collect a lot of data about people," says the US Federal Trade Commission (FTC). And this collection, including analysis and sharing, could "jeopardize consumer privacy and financial well-being", especially when it comes to sensitive data such as biometric data or location data. This is why the FTC is now putting the rod in the window for car manufacturers.
"Automakers – and all businesses – should be on notice that the FTC will take action to stop consumers from illegally collecting, using, and sharing their personal information," FTC staff wrote in a blog post. They remind consumers that geolocation data is sensitive and protected under FTC law.
The secret disclosure of information could constitute unfair competition, which could also lead to action by the FTC. "Companies that have legitimate access to sensitive consumer data must ensure that the data is used only for the purpose for which it was collected," the text summarizes.
Please do not feed algorithms
It could also be illegal to use sensitive data for automated decisions: "Companies that feed consumer data to algorithms could be liable for detrimental automated decisions." As an example, she cites a case brought against the pharmacy chain Rite Aid. Rite Aid introduced video surveillance with automatic facial recognition, some of which relied on poor quality facial images. Repeatedly, people entering one of the pharmacies were unjustifiably alerted; employees threw them out or called the police.
Rite Aid is an example of the weak power of the FTC. The pharmacy chain had already been under special supervision by the FTC since 2010 due to previous data protection offenses. Nevertheless, it was able to use the problematic facial recognition technology from at least 2012 to 2020. It was not until the end of 2023 that the FTC filed a formal complaint, whereupon Rite Aid agreed to refrain from using automatic facial recognition for five years. There is no fine.
Modest balance sheet
The reference to the fact that the authority already raised the issue of data protection in connected vehicles in 2013, 2015 and 2018 is also an unfortunate fact. Because the effects are modest. The car industry's greed for valuable data seems endless; monitored car radios, whose data harvest can be sold to the advertising industry, and second-by-second information about when and where a car was driven with how many occupants in order to "justify" higher insurance premiums are just two examples of the new "value chain" of car drivers.
"The simplest way for companies to avoid harming consumers by collecting, using, and sharing sensitive information is to simply not collect it," says the FTC, explaining the simplest of privacy rules. After all, such announcements are often actually followed by official action. However, the USA still lacks a uniform data protection law, which is why the FTC's options are limited.
(ds)
