Texas Attorney General Ken Paxton is investigating allegations that vehicle manufacturers violated the Texas Deceptive Trade Practices–Consumer Protection Act by collecting driver data and selling it to insurers. The Attorney General’s office ordered vehicle manufacturers and third parties to turn over relevant documents.
The Texas Deceptive Trade Practices-Consumer Protection Act defines potentially deceptive business practices that the Texas Attorney General may press charges on, such as deceptive advertising or withholding information that may impact a buyer’s choice at point of sale.
Drivers may have been unaware that their car collects driving data to be sold to insurance companies, impacting premium rates.
Is Driver Data Influencing Insurance Rates?
The technology that enables a vehicle to both collect and transmit driving data to a remote location come pre-installed in many newer model vehicles. For instance, Tesla has an insurance program with dynamic monthly rates depending on driving data sent by the insured’s onboarded system.
In theory, safe driving habits can reduce a Tesla vehicle owner’s insurance rates. But the collected data also captures things that can be used against the driver such as when the driver accelerates too quickly, speeds, or hits the brakes hard. That infornation may potentially be used against the driver, raising their insurance rates.
Allowing car manufacturers and insurance companies access to driver data does not necessarily save drivers money. Some vehicle owners signed up hoping to save money on their premiums reported that their rates spiked instead. Attempts to get quotes from other companies only revealed that rates were similarly high.
The problem: Driving data was sent to a company called LexisNexis, which generates risk reports for auto insurance companies.
In one vehicle owner’s case, it generated a 258-page report. The report included data on 640 trips the insured and his wife had taken in their Chevy Bolt, a vehicle that General Motors (GM) manufactures.
Legal and Legislative Concerns
Senators Ron Wyden (D-Oregon) and Edward J. Markey (Massachusetts) wrote to the FTC regarding this issue. In the letter, the senators accuse GM, Hyundai, and Honda of selling data collected by the vehicle to data broker Verisk Analytics.
Allegedly, Verisk Analytics used this data to generate Driving Behavior Data History Reports. GM admitted to selling data to two other unnamed companies, which likely included LexisNexis.
Furthermore, the letter charges that auto manufacturers misled customers about sharing data with third parties and how it might be used. Honda obscured information about sharing data with companies like Verisk on their consent form. The consent form allows the company to collect data and generate a driving score that could make them eligible for insurance discounts. While that much is true, the fact that the data could also be leveraged against the driver was less clear.
Likewise, Hyundai collected information from any vehicle that enabled Internet connectivity by default — which was later sold.
Whether driver data was only used to provide discounts is unclear. Had consumers known their driver data could also adversely affect their auto insurance rates, they may have opted out.
Invasive Driver Data Collection
While collecting and selling driver data without consent is already questionable, the data being collected extends beyond driving habits.
Kia’s privacy policy notes the company’s onboard systems can collect data from a connected device, including search history, text messages, email content, and other sensitive information such as: “name, physical characteristics, address, telephone number, financial account numbers, and medical information.”
The policy also allows for collection of “age, race, color, medical condition, physical or mental disability, or sex and gender information.”
Perhaps most concernedly, Kia’s privacy policy also covers “inferences drawn from the above information that may reflect your preferences, characteristics, predispositions, behavior, attitudes, or similar behavioral information.”
Kia’s hardly the only one. Nissan made headlines last year after Mozilla’s Privacy Not Included pointed out the company’s privacy policy included “sexual activity” and “sexual orientation” The language has since been removed.
However, Nissan still says they can collect Social Security numbers to conduct background checks. Background check company National Public Data is allegedly behind a historic leak that enabled hackers to steal 2.9 billion records. Those included included names, addresses, and social security numbers, and may affect every American.
Nissan’s privacy policy also includes using driver data to “create a profile about a consumer reflecting the consumer’s….psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.”
In other words, the consent granted allowed Nissan to review collected data and make assumptions to generate profiles on the driver. How those profiles are used is unclear.
Unknowing Consumers and Deceptive Tactics
According to the senators’ letter and a New York Times report, GM may have either manipulated users into signing up for its OnStar Smart Driver program without making the full extent of the way the data would be used clear, or neglected to obtain driver consent at all.
The report also found that dealers earned bonuses for successfully signing people up for OnStar at point of sale.
However, like the Wells Fargo cross-selling scandal that led to the financial institution agreeing to a $3 billion settlement, financial incentives may have led some dealers to sign up buyers for unauthorized services.
In an interview, Markey called it “a potential per se violation of Section 5 of the Federal Trade Commission Act” and an example of how much the “Internet of Things” has intruded into people’s lives, often without them realizing it.
Lose-Lose for Consumers
Some impacted vehicle owners say they were considering a lawsuit against manufacturers who may have deceptively collected their data.
One Floridian Cadillac owner, who preferred to remain anonymous, said, “I don’t know the definition of ‘hard brake.’ My passenger’s head isn’t hitting the dash. Same with acceleration. I’m not peeling out. I’m not sure how the car defines that. I don’t feel I’m driving aggressively or dangerously.”
He admitted to occasionally visiting a racetrack with his Cadillac, something he would have never done had he known his driving habits were being recorded and used in determining premiums. He says his insurance rates doubled.
Car insurance rates have risen by 50% since 2020 nationwide. How much of the nationwide rate increase is reflective of data collected from unsuspecting drivers is unknown.
However, if car manufactures are profiting on driver profiling, the economy of driver data may be play a significant role in the background. While dealers get bonuses, LexisNexus collects revenue for the data, and insurance raises premiums, drivers are left with insurance hikes and miss critical context.
Now, the alleged practice of collecting and selling driving data without vehicle owners’ informed consent has gained the attention of the Texas Attorney General and members of Congress. More details on the extent of this practice will come to light in the coming months as the case move forward.
