Cars today collect a lot more data than they used to, often leaving drivers' privacy unprotected. Car insurance is mainly regulated at the state level—there’s no federal privacy law for car data—but unsurprisingly there is an active government and private market for vehicle data, including location data, which is difficult if not impossible to deidentify. Advertisers, investment companies, and insurance companies are among those who want to actively collect or use this data to deliver and enhance their products.
While we can’t anticipate all the issues that will emerge, vehicle data should not be used in ways that people do not understand or know about. And even when consumers agree to share their vehicle data, such as in exchange for better prices, we need proper guardrails in place to ensure data may only be used for purposes and by entities that people have agreed to.
Two components of mobility data have the highest value in the marketplace. The first is location data, which is incredibly sensitive. Where we go can easily point to who we are. A widely cited 2013 study from Nature found that four spatio-temporal points from an “anonymous” dataset can reidentify 95 percent of people. Just two could uniquely recognize 50 percent of people. Currently, much of that data is gathered from smartphones, but vehicle data is another common source.
The second is data used to derive risk, often referred to as telematics data. Some telematics data is intuitively familiar—how hard you brake, how sharp you take turns, whether your behavior indicates you're looking at your phone while you're driving. But we don’t know what, of all of the kinds of personal data that cars already collect—including, for example footage from in-vehicle cameras—companies might find useful for risk assessment. Today, all the top ten insurance companies have opt-in, voluntary programs that allow consumers to contribute their own telematics data used primarily for pricing auto insurance. Insurance companies should only collect what they need to get a clear, fair assessment of driving risk. To do so, they may not need to collect information such as location data—which, as we have outlined, raises serious and possibly insoluble privacy concerns.
...
Given the sensitivity of this data and what it can reveal about individuals, companies should clearly spell out which data they collect and how that data is directly relevant to determining a driver’s safety.
Any consideration of telematics data must be accompanied by strong, strict data collection, use, and privacy principles to ensure consumer protection, safety, and equity. The telematics industry should reject the approach of so many other companies —collecting broad amounts of data and trying to justify that collection later. Instead, companies should only hold on to this data for as short a time as is practicable, to avoid data breach or other unanticipated sharing. They should also ensure that information collected to protect driver safety does not end up being sold, shared, or accessed by others who wish to use it for other purposes. And any telematics scheme must be introduced on an opt-in only basis that does not penalize those who wish to protect their privacy and must have strong consumer protections in place.
We call on regulators and insurance companies to consider the following principles at a minimum.
- Data Minimization and Informed Consent. Insurance companies may not collect, process, or use any data before a policyholder accepts the terms and conditions of a telematics program directly from an insurer. Insurance companies also cannot do these things after a policyholder revokes their consent.
- Transparency about Data Use. To use telematics data, insurers must tell their customers, either before or at the time they enroll in a telematics program, that the insurer will abide by data use and collection rules. These should include an explanation of how companies capture data; a full description of what data companies collect and use; what data will be used to determine rates; and how people can request access to their information. People must also be told how to dispute any information they think is inaccurate. Companies should also explain which outside parties can access data and when, and give people clear instructions on how to inquire about a program, how to file complaints about it, and how to end their participation.
- Purpose Limitation and Opt-in Consent. A company that operates a telematics program must obtain consent from a consumer before sharing, selling, or disclosing their data. They must also get consent if they want to use a person's information for marketing or for any other purpose.
- Notice and Transparency about Data Sharing. Insurers that use telematics must give policyholders notice when they share information. This notice must include the name of the company that received the information.
- Non-Discrimination. All insurers that offer a telematics rating program must also offer an option to be rated without telematics.
- Location Data Retention and Use. If insurers collect precise geo-locational data, they can only retain it and any information from which precise location may be derived for 18 months after a policy expires, unless required for a claim, litigation hold, or for compliance with a Department of Insurance audit.
We propose these principles because, without appropriate limits and privacy practices regarding the collection and use of personal data, even innovative uses of data can pose enormous harm to consumers and perpetuate structural discrimination and inequity.
People should know what information is being collected about them and have meaningful choices about how and whether that information is shared. Insurers should recognize this; not only because it is right but also because it creates trust with their customers. Privacy is as important behind the wheel as it is for the phone in your pocket—and regulators should give drivers control over how companies collect and use this data.