A privacy bill unveiled today would prohibit car manufacturers from using data collected from vehicles for advertising or marketing purposes, without the owners' explicit consent.
“We need clear rules of the road that protect cars from hackers and American families from data trackers," stated Sen. Ed Markey (D-Mass.), one of the sponsors of the proposed "Spy Car Act."
The measure, co-sponsored by Sen. Richard Blumenthal (D-Conn.), appears to mark one of the first attempts to enact legislation specifically aimed at regulating the Internet of Things.
Among other provisions, the measure would give car owners (and lessees) the right to opt out of collection of "driving data," including geolocation data, while still retaining the ability to use navigation tools and other features.
The bill also makes clear that car manufacturers can't require drivers to consent to the use of data for marketing purposes in exchange for the ability to use their car's features.
Markey and Blumenthal are unveiling the Spy Act several months after the auto industry adopted a voluntary privacy code that prohibits car manufacturers from providing certain information -- including geolocation data -- without first obtaining drivers' opt-in consent.
That code, approved in November by the Alliance of Automobile Manufacturers and Association of Global Automakers, allows companies to share data about consumers for a host of purposes, including internal research and determining whether consumers have complied with warranties.
In addition to its privacy provisions, the Spy Act seeks to protect drivers from getting hacked while on the road -- a prospect described in harrowing detail today by Wired's Andy Greenberg. To that end, the law would task the National Highway Traffic Safety Administration and Federal Trade Commission with developing cybersecurity standards for cars.