The Texas Attorney General\u2019s Office has started an investigation into how Ford, Hyundai, Toyota, and Fiat Chrysler collect, share, and sell consumer data, expanding an earlier probe launched last year into how modern automakers are potentially using customer driving data. <\/p>\n
We’ve addressed cars and privacy<\/a> at some length on Malwarebytes Labs and came to the conclusion\u2014with the help of many experts in the field\u2014that modern cars simply aren’t very good at it. Many politicians in the US agree with that point of view, too, as US senators have asked the Federal Trade Commission (FTC) to investigate car makers\u2019 privacy practices<\/a>.<\/p>\n As part of the investigation in Texas, the state’s Attorney General\u2019s Office sent letters\u2014or “notices”\u2014to four automakers earlier this month, demanding written responses under oath. <\/p>\n The Notice delivered to Hyundai discusses \u201ccovered data,\u201d which is defined as any information or data about a vehicle manufactured, sold, or leased by you, regardless of whether deidentified or anonymized. And selling data is defined as sharing, disclosing, or transferring of personal data in exchange for monetary or other valuable consideration by you to a third party.<\/p>\n The Notices sent to the car manufacturers are not all exactly the same, but it is clear what the Attorney General\u2019s Office is after:<\/p>\n In April of 2024, Texas Attorney General Ken Paxton sent \u201ccivil investigative demands\u201d to Kia, General Motors, Subaru and Mitsubishi seeking details of their data collection and sharing practices.<\/p>\n And in August, Paxton sued General Motors for selling customer driving data to third parties<\/a>.<\/p>\n Only recently we reported<\/a> how the Attorney General also went after the buyers of data like insurance company Allstate and its subsidiary Arity. Arity acts as a data broker which sold insurers the information to set prices on insurance premiums. The car manufacturers involved in that complaint are Toyota, Lexus, Mazda, Chrysler, Dodge, Fiat, Jeep, Maserati, and Ram. But they were not named as defendants in the complaint.<\/p>\n Paxton did single out a few mobile apps<\/a> and warned them that they were violating Texas\u2019 data privacy law. Those apps are: GasBuddy, Life360, Miles, MyRadar, SiriusXM and Tapestri.<\/p>\n An Allstate spokesperson stated that Arity \u201chelps consumers get the most accurate auto insurance price after they consent in a simple and transparent way that fully complies with all laws and regulations.\u201d<\/p>\n But according to the press release from the Attorney General, Allstate and other insurers used what they alleged to be covertly obtained data to justify raising Texans\u2019 insurance rates.<\/p>\n Ford reached out to Malwarebytes to explain that:<\/p>\n Ford does not sell any connected vehicle data to data brokers. With respect to data-sharing in the insurance industry, while Ford did support customers who wished to take advantage of usage-based insurance policies with their insurance carriers, we made the decision last year to phase out our support of these products and focus on other priorities. Also, while Ford previously announced exploratory partnerships with both LexisNexis and Verisk, those exploratory agreements ended without launching any products and we never shared any connected vehicle data with them.\u00a0<\/p>\n<\/blockquote>\n We don’t just report on threats – we help safeguard your entire digital identity<\/strong><\/p>\n Cybersecurity risks should never spread beyond a headline. Protect your\u2014and your family’s\u2014personal information by using identity protection<\/a>.<\/p>\n\n
Update January 28, 2025<\/h3>\n
\n
\n