Steering Mobility Data to a Better Privacy Regime

Cars today collect a lot more data than they used to, often leaving drivers’ privacy unprotected. Car insurance is mainly regulated at the state level—there’s no federal privacy law for car data—but unsurprisingly there is an active government and private market for vehicle data, including location data, which is difficult if not impossible to deidentify. Advertisers, investment companies, and insurance companies are among those who want to actively collect or use this data to deliver and enhance their products.

While we can’t anticipate all the issues that will emerge, vehicle data should not be used in ways that people do not understand or know about. And even when consumers agree to share their vehicle data, such as in exchange for better prices, we need proper guardrails in place to ensure data may only be used for purposes and by entities that people have agreed to.

Two components of mobility data have the highest value in the marketplace. The first is location data, which is incredibly sensitive. Where we go can easily point to who we are. A widely cited 2013 study from Nature found that four spatio-temporal points from an “anonymous” dataset can reidentify 95 percent of people. Just two could uniquely recognize 50 percent of people. Currently, much of that data is gathered from smartphones, but vehicle data is another common source.

The second is data used to derive risk, often referred to as telematics data. Some telematics data is intuitively familiar—how hard you brake, how sharp you take turns, whether your behavior indicates you’re looking at your phone while you’re driving. But we don’t know what, of all of the kinds of personal data that cars already collect—including, for example footage from in-vehicle cameras—companies might find useful for risk assessment. Today, all the top ten insurance companies have opt-in, voluntary programs that allow consumers to contribute their own telematics data used primarily for pricing auto insurance. Insurance companies should only collect what they need to get a clear, fair assessment of driving risk. To do so, they may not need to collect information such as location data—which, as we have outlined, raises serious and possibly insoluble privacy concerns.

Insurance programs are subject to regulations across each state that they are present in; every state except California currently allows the use of telematics data for insurance rating. But privacy protections for this data vary widely across states. EFF neither recommends nor opposes the use of telematics data for insurance rating. But any state that has or is considering telematics rating should understand the risks it poses and ensure it is done responsibly. All states with or considering telematics rating should require strong privacy-protective regulations to mitigate these risks effectively.

Potential For Harm

Location information is particularly useful for someone who wants to learn and infer a lot about you. If you thought smartphones were exciting for advertisers, for example, wait until they really leverage your vehicle data. Some are already pushing to get car data to serve you ads as you drive—Pull over in two exits for a discount on a cup of coffee!—which would also lead to a lot more data about your daily habits being fed into the advertising data ecosystem. That could happen, for example, through a deal with your smart infotainment software system, or through some arrangement with the toll agencies. Governments and companies are increasingly asking for location data—for real-time traffic information, for example—by tracking your location through your smartphone apps, or even to by putting location-trackers right in your license plate.

Cars can also collect information not only about the vehicle itself, but also about what’s around the vehicle, and that data can reveal a lot about the people inside of the car. Location data has been and can be weaponized against marginalized and underserved communities. Such data extracted from a car could easily be used to identify those who seek reproductive or gender-affirming care, or who aid others in doing so—a real threat after the Supreme Court’s Dobbs decision and other states’ actions to criminalize care for pregnant people and transgender people.

Privacy isn’t the only problem with the car insurance industry—there are also serious equity issues. Insurance rating can rely on a complicated set of indirect measurements—such as the number of times a driver’s been pulled over, the number of years they’ve been driving, and the garaging address of a car. While these factors can predict risk, they can also have a disparate impact on certain consumers who may be penalized for living in a certain neighborhood, for example. Similarly, groups such as Black drivers—who are more likely to be pulled over by law enforcement—may also see a disproportionate negative impact from this method.

Potential For Innovation

We have identified a lot of potential for harm from vehicle data. However, we recognize that data collected from vehicles can also be used to assess real driver behavior in ways people may want measured that departs from older methods. Many people sign up voluntarily for programs that give insurance companies information on their driving habits. By enrolling in these telematics programs, they confirm they are open to sharing this information—but only for the express purpose of setting insurance rates based on those habits.

New tools and resources that show a potential to improve fairness and equity without compromising privacy should not be ignored. Far more research on this subject is needed, and regulators—both those allowing this system now, and those who may be considering it—should consider the comparative effects of both kinds of system.

Rules of the Road Will Help Everyone

Given the sensitivity of this data and what it can reveal about individuals, companies should clearly spell out which data they collect and how that data is directly relevant to determining a driver’s safety.

Any consideration of telematics data must be accompanied by strong, strict data collection, use, and privacy principles to ensure consumer protection, safety, and equity. The telematics industry should reject the approach of so many other companies —collecting broad amounts of data and trying to justify that collection later. Instead, companies should only hold on to this data for as short a time as is practicable, to avoid data breach or other unanticipated sharing. They should also ensure that information collected to protect driver safety does not end up being sold, shared, or accessed by others who wish to use it for other purposes. And any telematics scheme must be introduced on an opt-in only basis that does not penalize those who wish to protect their privacy and must have strong consumer protections in place.

We call on regulators and insurance companies to consider the following principles at a minimum.

– Data Minimization and Informed Consent. Insurance companies may not collect, process, or use any data before a policyholder accepts the terms and conditions of a telematics program directly from an insurer. Insurance companies also cannot do these things after a policyholder revokes their consent.

– Transparency about Data Use. To use telematics data, insurers must tell their customers, either before or at the time they enroll in a telematics program, that the insurer will abide by data use and collection rules. These should include an explanation of how companies capture data; a full description of what data companies collect and use; what data will be used to determine rates; and how people can request access to their information. People must also be told how to dispute any information they think is inaccurate. Companies should also explain which outside parties can access data and when, and give people clear instructions on how to inquire about a program, how to file complaints about it, and how to end their participation.

– Purpose Limitation and Opt-in Consent. A company that operates a telematics program must obtain consent from a consumer before sharing, selling, or disclosing their data. They must also get consent if they want to use a person’s information for marketing or for any other purpose.

– Notice and Transparency about Data Sharing.  Insurers that use telematics must give policyholders notice when they share information. This notice must include the name of the company that received the information.

– Non-Discrimination. All insurers that offer a telematics rating program must also offer an option to be rated without telematics. 

– Location Data Retention and Use. If insurers collect precise geo-locational data, they can only retain it and any information from which precise location may be derived for 18 months after a policy expires, unless required for a claim, litigation hold, or for compliance with a Department of Insurance audit.

We propose these principles because, without appropriate limits and privacy practices regarding the collection and use of personal data, even innovative uses of data can pose enormous harm to consumers and perpetuate structural discrimination and inequity.

People should know what information is being collected about them and have meaningful choices about how and whether that information is shared. Insurers should recognize this; not only because it is right but also because it creates trust with their customers. Privacy is as important behind the wheel as it is for the phone in your pocket—and regulators should give drivers control over how companies collect and use this data.