CarPro News | CarPro

Special Report:  Is Your Car Reporting Your Driving Habits To Your Insurance Company?

Written by Jerry Reynolds | Mar 20, 2024 5:43:39 PM

Editor's note:  Originally posted March 20, 2024 and updated with new information on March 21, 2024.

Who would have ever thought we might see a day that your own car, that you paid for with your hard-earned money would be ratting you out?  I certainly never thought we’d see this, but it looks like that might be the case.

I talked about this last Saturday on the Car Pro Radio Show.  A New York Times story told of a gentleman whose insurance rates jumped 21%.  An insurance agent told him why:  The OnStar system in his Chevy Bolt was sending his driving habits to Lexis Nexis, a data collection company.  That information was reportedly then purchased by his insurance and they in turn jumped his insurance premiums because of what they learned about the way he drives.  The article said they had over 200 pages of info on his driving habits.

If there is any good news in the drama, it is that I discovered you could go online at LexisNexis and you have the right to request what information they have gathered on you.  I suspect it may be things that reach beyond just your driving habits, but now I really want to know.  Be aware that if you request this information online, you’ll have to give them your social security number and driver license number, which I am not comfortable with-but bit the bullet so I could let you know.  The email back from them said I would get the report back by postal mail within two weeks.  Should you want to obtain the same information, here is the link in which to do so:

Click Here For The LexisNexis Online Request Form →

The mind boggles with the possibilities of this.  If you connect your car to your cell phone and go through the multiple pages that are called “user agreements”, which we all do without reading them, are we granting permission for this invasion of privacy? 

In my research, I ran across an article written by Mr. Thorin Klosowski of the Electronic Frontier Foundation.  He is a Security and Privacy Activist who has researched this issue extensively.  I reached out to him and he granted his permission to share the information with our newsletter subscribers.  The organization states they are “The leading nonprofit defending digital privacy, free speech, and innovation.” 

Here is Mr. Klosowski’s report in its entirety, with much appreciation to him and www.eff.org for graciously sharing this information with us.  His article includes what to do to stop the data sharing, and even includes links on the places to request the gathered information, including asking the maker of your car what info they have on you:

How to Figure Out What Your Car Knows About You (and Opt Out of Sharing When You Can)

Cars collect a lot of our personal data, and car companies disclose a lot of that data to third parties. It’s often unclear what’s being collected, and what's being shared and with whom. A recent New York Times article highlighted how data is shared by G.M. with insurance companies, sometimes without clear knowledge from the driver. If you're curious about what your car knows about you, you might be able to find out. In some cases, you may even be able to opt out of some of that sharing of data.

Why Your Car Collects and Shares Data

A car (and its app, if you installed one on your phone) can collect all sorts of data in the background with and without you realizing it. This in turn may be shared for a wide variety of purposes, including advertising and risk-assessment for insurance companies. The list of data collected is long and dependent on the car’s make, model, and trim.  But if you look through any car maker’s privacy policy, you'll see some trends:

  • Diagnostics data, sometimes referred to as “vehicle health data,” may be used internally for quality assurance, research, recall tracking, service issues, and similar unsurprising car-related purposes. This type of data may also be shared with dealers or repair companies for service.
  • Location information may be collected for emergency services, mapping, and to catalog other environmental information about where a car is operated. Some cars may give you access to the vehicle’s location in the app.
  • Some usage data may be shared or used internally for advertising. Your daily driving or car maintenance habits, alongside location data, is a valuable asset to the targeted advertising ecosystem. 
  • All of this data could be shared with law enforcement.
  • Information about your driving habits, sometimes referred to as “Driving data” or “Driver behavior information,” may be shared with insurance companies and used to alter your premiums.  This can range from odometer readings to braking and acceleration statistics and even data about what time of day you drive. 

Surprise insurance sharing is the thrust of The New York Times article, and certainly not the only problem with car data. We've written previously about how insurance companies offer discounts for customers who opt into a usage-based insurance program. Every state except California currently allows the use of telematics data for insurance rating, but privacy protections for this data vary widely across states. 

When you sign up directly through an insurer, these opt-in insurance programs have a pretty clear tradeoff and sign up processes, and they'll likely send you a physical device that you plug into your car's OBD port that then collects and transmits data back to the insurer. 

But some cars have their own internal systems for sharing information with insurance companies that can piggy back off an app you may have installed, or the car’s own internet connection. Many of these programs operate behind dense legalese. You may have accidentally “agreed” to such sharing without realizing it, while buying a new car—likely in a state of exhaustion and excitement after finally completing a gauntlet of finance and legal forms. 

This gets more confusing: car-makers use different terms for their insurance sharing programs. Some, like Toyota's “Insure Connect,” are pretty obviously named. But others, like Honda, tuck information about sharing with a data broker (that then shares with insurance companies) inside a privacy policy after you enable its “Driver Feedback” feature. Others might include the insurance sharing opt-in alongside broader services you might associate more with safety or theft, like G.M.’s OnStar, Subaru’s Starlink, and Volkswagen’s Car-Net. 

The amount of data shared differs by company, too. Some car makers might share only small amounts of data, like an odometer reading, while others might share specific details about driving habits.

That's just the insurance data sharing. There's little doubt that many cars sell other data for behavioral advertising, and like the rest of that industry, it's nearly impossible to track exactly where your data goes and how it's used.

See What Data Your Car Has (and Stop the Sharing)

This is a general guide to see what your car collects and who it shares it with. It does not include information about specific scenarios—like intimate partner violence— that may raise distinctive driver privacy issues.

See How Your Car Handles (Data)

Start by seeing what your car is equipped to collect using Privacy4Cars’ Vehicle Privacy Report. Once you enter your car’s VIN, the site provides a rough idea of what sorts of data your car collects. It's also worth reading about your car manufacturer’s more general practices on Mozilla's Privacy Not Included site.

Check the Privacy Options In Your Car’s Apps and Infotainment System

If you use an app for your car, head into the app’s settings, and look for any sort of data sharing options. Look for settings like “Data Privacy” or “Data Usage.” When possible, opt out of sharing any data with third-parties, or for behavioral advertising. As annoying as it may be, it’s important to read carefully here so you don’t accidentally disable something you want, like a car’s SOS feature. Be mindful that, at least according to Mozilla’s report on Tesla, opting out of certain data sharing might someday make the car undriveable. Now’s also a good time to disable ad tracking on your phone.

When it comes to sharing with insurance companies, you’re looking for an option that may be something obvious, like Toyota’s “Insure Connect,” or less obvious, like Kia’s “Driving Score.” If your car’s app has any sort of driver scoring or feedback option—some other names include GM’s ”Smart Driver,” Honda’s “Driver Feedback,” or Mitsubishi’s “Driving Score”—there’s a chance it’s sharing that data with an insurance company. Check for these options in both the app and the car’s infotainment system.

If you did accidentally sign up for sharing data with insurance companies, you may want to call your insurance company to see how doing so may affect your premiums. Depending on your driving habits, your premiums might go up or down, and in either case you don’t want a surprise bill.

File a Privacy Request with the Car Maker

Next, file a privacy request with the car manufacturer so you can see exactly what data the company has collected about you. Some car makers will provide this to anyone who asks. Others might only respond to requests from residents of states with a consumer data privacy law that requires their response. The International Association of Privacy Professionals has published this list of states with such laws. 

In these states, you have a “right to know” or “right to access” your data, which requires the company to send you a copy of what personal information it collected about you. Some of these states also guarantee “data portability,” meaning the right to access your data in a machine-readable format. File one of these requests, and you should receive a copy of your data. In some states, you can also file a request for the car maker to not sell or share your information, or to delete it. While the car maker might not be legally required to respond to your request if you're not from a state with these privacy rights, it doesn’t hurt to ask anyway. 

Every company tends to word these requests a little differently, but you’re looking for options to get a copy of your data, and ask them to stop sharing it. This typically requires filling out a separate request form for each type of request.

Here are the privacy request pages for the major car brands:

Sometimes, you will need to confirm the request in an email, so be sure to keep an eye on your inbox. 

Check for Data On Popular Data Brokers Known to Share with Insurers

Finally, request your data from data brokers known to hand car data to insurers. For example, do so with the two companies mentioned in The New York Times’ article: 

Now, you wait. In most states, within 45 to 90 days you should receive an email from the car maker, and another from the data brokers, which will often include a link to your data. You will typically get a CSV file, though it may also be a PDF, XLS, or even a folder with a whole webpage and an HTML file. If you don't have any sort of spreadsheet software on your computer, you might struggle to open it up, but most of the files you get can be opened in free programs, like Google Sheets or LibreOffice.

Without a national law that puts privacy first, there is little that most people can do to stop this sort of data sharing. Moreover, the steps above clearly require far too much effort for most people to take. That’s why we need much more than these consumer rights to know, to delete, and to opt-out of disclosure: we also need laws that automatically require corporations to minimize the data they process about us, and to get our opt-in consent before processing our data. As to car insurers, we've outlined exactly what sort of guardrails we'd like to see here

As The New York Times' reporting revealed, many people were surprised to learn how their data is collected, disclosed, and used, even if there was an opt-in consent screen. This is a clear indication that car makers need to do better.

[Republished with permission from EFF.]

 

UPDATE 3/21/24

Since tracking this story down for you, trying to understand this complex issue, I noticed something when I started the INFINITI QX60 I am reviewing this week.  This appeared on the infotainment screen:

Come to think of it, a LOT of cars I review have a similar notification.  I have never taken the time to read it before, instead I just hit OK, like most of us do with things like this, user agreements, etc.  Too often we just click I have read and understand this agreement.

I went one step further and googled the Infiniti data transmission online.  WOW.  I gave them permission to share all kinds of information!  Here is the webpage:

INFINITI Privacy Notice →

I'm confident that every automaker probably has a similar page.  This is one of the pages inside the privacy policy I found particularly interesting:

INFINITI Privacy Notice: Categories of Information We Collect, Use and Disclose →

 Bear in mind, I didn't download the INFINITI In-Touch app on my phone, which I suspect would give them even more information.  I would encourage you to watch your car for similar screens and choose decline.  You can bet I'll be doing that from now on.

 

File Photo Credit: GM teams up with Google Cloud on AI initiatives/GM.