Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Transportation Businesses Privacy

Automakers Sold Driver Data For Pennies, Senators Say (jalopnik.com) 58

An anonymous reader quotes a report from the New York Times: If you drive a car made by General Motors and it has an internet connection, your car's movements and exact location are being collected and shared anonymously with a data broker. This practice, disclosed in a letter (PDF) sent by Senators Ron Wyden of Oregon and Edward J. Markey of Massachusetts to the Federal Trade Commission on Friday, is yet another way in which automakers are tracking drivers (source may be paywalled; alternative source), often without their knowledge. Previous reporting in The New York Times which the letter cited, revealed how automakers including G.M., Honda and Hyundai collected information about drivers' behavior, such as how often they slammed on the brakes, accelerated rapidly and exceeded the speed limit. It was then sold to the insurance industry, which used it to help gauge individual drivers' riskiness.

The two Democratic senators, both known for privacy advocacy, zeroed in on G.M., Honda and Hyundai because all three had made deals, The Times reported, with Verisk, an analytics company that sold the data to insurers. In the letter, the senators urged the F.T.C.'s chairwoman, Lina Khan, to investigate how the auto industry collects and shares customers' data. One of the surprising findings of an investigation by Mr. Wyden's office was just how little the automakers made from selling driving data. According to the letter, Verisk paid Honda $25,920 over four years for information about 97,000 cars, or 26 cents per car. Hyundai was paid just over $1 million, or 61 cents per car, over six years. G.M. would not reveal how much it had been paid, Mr. Wyden's office said. People familiar with G.M.'s program previously told The Times that driving behavior data had been shared from more than eight million cars, with the company making an amount in the low millions of dollars from the sale. G.M. also previously shared data with LexisNexis Risk Solutions.
"Companies should not be selling Americans' data without their consent, period," the letter from Senators Wyden and Markey stated. "But it is particularly insulting for automakers that are selling cars for tens of thousands of dollars to then squeeze out a few additional pennies of profit with consumers' private data."
This discussion has been archived. No new comments can be posted.

Automakers Sold Driver Data For Pennies, Senators Say

Comments Filter:
  • by AmiMoJo ( 196126 ) on Friday July 26, 2024 @04:24PM (#64658592) Homepage Journal

    This would obviously be illegal in Europe due to GDPR, so why isn't it in the US?

    Why don't US politicians make it illegal to violate their constituent's privacy so brazenly and so deeply?

    • by sinij ( 911942 )
      It should go further than GDPR, as reportedly many dealers were activating these features (and providing consent) prior to delivery. So owners truly had no idea.
      • Yeah, at this point we can't even trust companies to handle consent properly. The only solution is to just ban sales of consumer data entirely. Corpos should ONLY be able to use data for the purpose it was given and nothing else, and have to delete it after a certain time period.
    • When I bought my car I never signed the paperwork that would've given the corporation permission to process my cars location data, I still have the form, unsigned.
      • Looks like you are due a check for 29 cents.
      • by sinij ( 911942 )

        When I bought my car I never signed the paperwork that would've given the corporation permission to process my cars location data, I still have the form, unsigned.

        At least in US, that is not enough as your are opted in by default. You have to contact Corp Customer Support and opt out and/or disable cell modem. On some cars it just a fuse, on others you have to dig into dash and pull a module. Disconnecting cell antenna is not enough, as people reported getting 1-bar when driving next to a cell tower even with antenna disconnected.

      • by AmiMoJo ( 196126 )

        If you had GDPR you would have a right to request your data from the company, i.e. you could check if they have been recording it anyway.

      • When I bought my car I never signed the paperwork that would've given the corporation permission to process my cars location data, I still have the form, unsigned.

        Paperwork? I bet at some point it flashed up on your infotainment system and you thought it was just a warning not to use maps while driving and mashed the OK/Accept/Pleasedisapearfrommydisplay button.

    • by ukoda ( 537183 ) on Friday July 26, 2024 @04:40PM (#64658618) Homepage
      I assuming you know the reason and are wanting readers to connect the dot. For the few people who have not worked it out the answer to AmiMoJo's question it is simple. In the USA there is pretty much no limits on how much money corporations can give politicians, so the laws there favor corporations. The sad part is the people so loudly boasting "We're number one" seldom realise how different it is in other countries. Sure corporations try to influence politicians in every country but in places like Europe and here in New Zealand there are laws to limit that.
      • >the people so loudly boasting "We're number one" seldom realise how different it is in other countries.

        It's worse than that. Because they believe in American Exceptionalism, they're immune to any evidence the US isn't the best at something. If something seems better somewhere else, it's because "that wouldn't work here".

        • The people in the US aren't any dumber than where you live. US citizens realize landing on the moon, creating the largest economy, managing to help win a couple world wars on different continents is in fact exceptional...by the very definition of the word...while also recognizing mistakes, short comings and failures in many other important areas such as racial subjugation and slavery. Exceptional is not thought to mean "better in every way". Not at all. And - my experience has shown me that generalized

    • by Local ID10T ( 790134 ) <ID10T.L.USER@gmail.com> on Friday July 26, 2024 @05:30PM (#64658744) Homepage

      This would obviously be illegal in Europe due to GDPR, so why isn't it in the US?

      Why don't US politicians make it illegal to violate their constituent's privacy so brazenly and so deeply?

      Because if they simply pass a law against it, it is DONE. It has to remain an open issue in order to campaign on it.

      There is no political value in solving problems, only in fighting them.

  • I don't understand why car automakers would sell this data for so little. There must be something else going on, as it makes no sense to screw over thousands of your own customers for such little gain.
    • by jacks smirking reven ( 909048 ) on Friday July 26, 2024 @04:42PM (#64658624)

      It's a little gain but it's also almost 0 work for the automaker, just send the data files or database over and collect a check. Easy dollars are better than zero dollars and screwing over the customer plays no part in that decision.

    • by Lobachevsky ( 465666 ) on Friday July 26, 2024 @04:48PM (#64658642)

      Most likely fake revenue. I have a friend in a related industry. If company A wants to sell a piece of junk for $1 to company B, then B will most likely refuse. But, if company A offers that piece of junk for $1 plus an exchange of $20,000,000 in both directions (no real cash is moved because it nets out to zero), then company B will love it. Both company A and company B can post that $20,000,000 as "revenue". Revenue is among the easiest things to fake. They say money doesn't grow on trees, and that's true for profits because profits is real money. But revenue is fake money. Revenue and fake money /do/ grow on trees. And companies get into deals with other companies for just sloshing fake money around between each other to drive up their revenue. It's a big scam since the 1980s when the issue of "transfer-asset-pricing" came on the radar. But no one knows how to fix it. So companies routinely get into such deals. That's why Warren Buffet ignores revenue and just looks at profits when assessing companies. But many other investors care about revenue, which means companies love to get into shenanigans to print insane revenue.

      The alternative, which is also possible, is bribery. If the insurance company knows it's worth millions, rather than paying millions, they can just find a paper pushing VP at the car company, throw him a $300,000 of "gifts" on the down-low, plus a token $26,000 to the car company, and get a contract signed and save themselves from having to spend millions! So long as it's relatively hush-hush and not many in the car company know they got jipped with a $26,000 contract that should be worth millions, it'll fly under the radar.

      Both are terrible. But the former is legal and widespread, while the latter is illegal but unfortunately all too common.

      • by thegarbz ( 1787294 ) on Friday July 26, 2024 @05:52PM (#64658774)

        That's not likely to be the case here. The whole fake revenue scam works on start-ups and scaleup activities. Long established companies are rarely judged on revenue and shareholders quickly start questioning why no good costs start increasing (remember to make a significant difference on revenue they also have to make the same difference in underlying expenses).

        The reality is simple: Data isn't worth much wholesale. It's single point information from which you can't derive much. There's a reason the likes of Facebook are valued incredibly high but data brokers are effectively worthless, the value ultimately is derived from what analytics you can provide in your data. From some anonymous vehicle information you can do fuck all. But if you manage to collate someone's entire life and then also create a platform to target them with advertising, *that* is where the real money is. That is why data companies like Facebook, LinkedIn and Google are worth a shitton, while companies which have sets of data sell them for basically nothing. The value is not in dealing data, the value is in derive a revenue stream from it through advertisement.

        Data is cheap. It's cheap from GM. It's cheap from your ISP.

        Then the other question is what is the data and of whom. Your data and mine may not be priced equally. The price of data is higher for a younger population (you know, people who didn't just buy a brand new car) than for old as there is more value in locking them in on a product through advertising. 26 cents per car is actually quite high, almost on par with the personal data of someone under the age of 25. Your personal data is worth close to 5-10 cents by the time you hit 50, and let's face it 25 year olds aren't represented in this dataset.

        • Yeah man but like everything you said was about the value of advertising data. This is used to determine the risk of insuring a motorist at a particular price point.

          • No. It's not about advertising data. It's about the general price of data available for brokerage. Anonymised data doesn't help insuring individuals in the slightest, and the generalised risk of people who fall in different identifiable groups (upper class, lower class, age, sex, etc) are already known by insurers. This data is worthless to insurance companies, they have far more accurate data from their own far larger datasets already to generalise on, while at the same time being able to cater that to the

      • It's not jipped. It's gypped. It describes the way gypsies rip people off [npr.org].
      • The IRS should raise things like 'Arms length transaction' , and for revenue 'Artificial back to back dummy transaction'. I agree, they rarely get caught because there is no reward for dobbing them in. Solving the problem is easy:- all the big players use trusts, and fail to make distributions, to fake dummy beneficiaries, like dead people, backpackers and destitute persons. IRS would hit the jackpot if they searched for beneficiaries and checked they got the claimed $$.
        • In the USA, they have created forever trusts, like Delaware and Wyoming, beating out Washington State. The solution here, is no deductions for where the ultimate beneficiary cannot be discovered, like a maze of overseas trusts and international law. They claim it is too hard. One suggests if they added an 18% withholding tax, watch how things change. Thailand introduced a reward system for Lawyers and accountant's getting a large percentage reward for fake legal vehicles.
      • The alternative, which is also possible, is bribery. If the insurance company knows it's worth millions, rather than paying millions, they can just find a paper pushing VP at the car company, throw him a $300,000 of "gifts" on the down-low, plus a token $26,000 to the car company, and get a contract signed and save themselves from having to spend millions! So long as it's relatively hush-hush and not many in the car company know they got jipped with a $26,000 contract that should be worth millions, it'll fly under the radar.

        Both are terrible. But the former is legal and widespread, while the latter is illegal but unfortunately all too common.

        I suspect you're right. This kind of data is worth a fortune to insurance companies (they can jack up anyone's premiums whenever they want!) but why would those insurance companies pay a fortune for the data if they can get it cheap from another business that doesn't value it? And, as you say, the insurance company IS paying for the data, they are just wilder underpaying for it. And that's more of a grey area - all that says is that someone at the automaker made a bad deal, which is very different from stea

    • It's called greed.

      • by sinij ( 911942 )

        It's called greed.

        Greed involves money. $26K/year is less than round-off error for GM. It is probably less than they spend on buying paper clips.

    • by gotamd ( 903351 )
      I agree. I wouldn't be surprised if the automakers got access to some additional datasets from these brokers in addition to the cash compensation.
    • Because it's worth so little. Individual data is practically worthless, especially if you're an older demographic (like the kind who bought a new car). The only people who are valued highly or value data highly are companies which amas huge amounts of it and provide a platform for engagement (reads: advertisement revenue) from it.

      Anonymised car travel information is borderline useless information, I'm genuinely surprised anyone would pay 26cents per car for it.

      As to why would they sell it if it's worth so l

  • I haven't owned a car older than 2010 so I'm not familiar with the tech in newer cars. How exactly is your car connected to the internet? Is this something you have to enable? Is this via a wireless carrier or satellite?

    • Wireless connection to the cellular network, and data form the GPS receiver and, no doubt, from the onboard computer, which is logging your driving habits (how fast you go, how hard you brake, and any and all other data from sensors all over the vehicle).

      It's enough data that if your insurance company was receiving it, and they knew it was your vehicle (which isn't a stretch at all, it would doubtlessly include the vehicle VIN number, which is traceable back to you personally) your insurance rates would be

      • What I really want to know is how to disconnect these cars from the outer world.

        • Another commentor here said he disconnected the 'communications module' in his car. Whether that's true, possible, or not, I don't know, I drive a 2005 Tacoma and it doesn't have any of this stuff in it.

          You could find the GPS and cellular antennas in your car, disconnect them, and connect 50-ohm dummy loads in their place, which should effectively disconnect the car from any wireless access, but of course any features of the vehicle that depend on those would stop working. If you really want to be 100% 'di

          • If you really want to be 100% 'disconnected', you should also put your phone in 'airplane mode' when driving, so your smartphone data can't be used to track you either.

            I'm not really concerned with being 100% disconnected. My smart phone is only useful when connected to the internet. There's an implicit understanding of what that entails. My car is still 100% useful while not connected to the internet. There is no need for it to be sending data back to the manufacturer. It is my property and I would never consent to it. It's apples and oranges as they say.

      • Worse, the NAV in my car shows the speed limit of the road I'm on. It's WRONG a great deal of the time. It'll show the feeder speed limit while on the freeway for example. The car has a auto brake/collision warning feature. It's also wrong, nearly caused me to be rear-ended so I had to disable it. The lane keeping feature tried to steer into a barricade one evening (at an exit, it thought the space between the lanes was the lane, tried to steer into the divider barricade). I'd want to sue for fraud if that
        • You've experienced why these systems for preventing people from speeding they keep talking about aren't going to work: consumer-grade GPS isn't always very accurate. Imagine if you have a system like that in your car, and it will ignore the accelerator pedal if it thinks you're on a frontage road and not the freeway; suddenly you go from 65-70mph to, say, 35mph, and it won't let you go any faster. Hilarity ensues as someone piles into you from behind because you suddenly slowed down. Worse, they decide to c
  • I ripped out the communication module as soon as I had possession of the vehicle. If that had stopped the vehicle from functioning, I would have returned it and demanded a refund.

    • Is it just a separate module? If so, good to know, if I ever find myself owning a vehicle that has this shit in it.
    • I'm surprised it didn't stop functioning, if it's a vehicle produced within the last few years. Certainly that's the direction all the manufacturers are going.

      You can ask for a refund, but there won't be another vehicle on the lot that won't do the same thing.

  • I'll go one better (Score:4, Insightful)

    by fahrbot-bot ( 874524 ) on Friday July 26, 2024 @05:07PM (#64658670)

    "Companies should not be selling Americans' data without their consent, ...

    ... "should not be collecting" ...

  • I like some of your cars, but with features such as personal data shared to data brokers and no phone mirroring you can kindly go fuck yourself and hopefully go out of business.
  • I've been claiming for some time that the proposal by Canadian author Joe Heath would be the truly Libertarian way to pay for roads.

    Every vehicle would be tracked to the block level. You'd get a bill for your morning commute that would bill you separately for the street you live on, which only a dozen people use, the collector road, and the freeway distance you logged. You'd be billed by the block based on the cost of the road, the number using it, the congestion if any. The sum total would come to the present roads upkeep budget, but would be exact user-pay - instead of charging people with no car, so that drivers can quite literally free-ride on them.

    It was only possible after every car could be tracked for its usage of public infrastructure, which is now easy and cheap. But, of course, the *government* tracking you would create an outcry. Private industry got around that by just not telling us.

    • That's because in America there's no restrictions to what you can do with data. It's far less of an issue in Europe where there's consequences for misusing the resulting data. Governments put a lot more effort into tracking over there, they just package it up in fancy euphemisms like "intelligent cities" or "smart cities".

      A "smart city" initiative I was invited to involved me receiving a letter from the government saying "Hey, we notice you drive every day down the A20, we'd like to invite you to a peak hou

    • If roads were "pay as you use", and a flat rate was applied to absolutely everyone, your society would collapse. Roads are what enables civilization on a large scale. What you are describing would end civilization.

      TL;DR, all products shipped via roads, including trash pickup, will become more expensive than you or most other citizens can afford.

      • by rbrander ( 73222 )

        The roads would all still be there, and would cost the same to construct, maintain, and renew. Society could therefore afford them exactly the same.

        The cost distribution would shift from taxes to a utility bill, exactly like cities that started with unmetered water and a flat rate on your city tax bill, moved to water meters when they became technologically possible.

        All the trucks and garbage pickup and all that would receive bills of several thousand dollars per year, for sure, and have to add that to t

  • Though I should not have to pay anything to keep my personal metadata off the market, In the absence of regulation ensuring that, I'd gladly pay $1.

  • Where the Coalition for Safe and Secure Data (which is just shell organization for Alliance for Automotive Innovation whose member consists of nearly all major car manufacturers) put out ads saying that right to repair means anyone can steal your personal information stored in the car and then stalk you or something like it.

    I guess they knew exactly who was downloading your info at the time and didn't want any kind of competition in selling it on, even if they only made pennies from a single car. Talk about

  • "anonmously" (Score:4, Interesting)

    by markdavis ( 642305 ) on Friday July 26, 2024 @06:18PM (#64658822)

    >"If you drive a car made by General Motors and it has an internet connection, your car's movements and exact location are being collected and shared anonymously with a data broker."

    Except they are not being collected OR stored anonymously.

    >"It was then sold to the insurance industry, which used it to help gauge individual drivers' riskiness. "

    Exactly my point. Thank you. And that data will float around forever, get sold again, snarfed by 3 letter agencies, hacked and released, whatever.

    >"Companies should not be selling Americans' data without their consent, period," the letter from Senators Wyden and Markey stated"

    No, they shouldn't be COLLECTING THE DATA AT ALL without full disclosure, and opt-in consent (and without any coercion either), period.

    • People get told their data is "collected anonymously" so often that the meaning of the word has kind of shifted.

      It now means something like "without your knowledge" or "without your consent".

    • Except they are not being collected OR stored anonymously.

      I actually don't give a fuck if people who are unable to influence my life don't store the data anonymously. I care that it is properly anonymised before being handed off to someone who can.

You are in a maze of little twisting passages, all different.

Working...