A class action lawsuit has been filed in Texas against Toyota North America. The action claims Toyota unlawfully shared drivers’ information with a third-party, specifically data specialist CAS.
The class action was instituted by a Florida resident who purchased a new Toyota RAV4 in 2021. Philip Siefke applied for vehicle insurance with Progressive, which told Siefke during his application that it already had access to telemetry data from his vehicle.
Progressive had obtained the data from data brokers CAS, which is an affiliate of Toyota Insurance Management Solutions (TIMS). CAS and Toyota Motor North America have a partnership the scope of which was extended in 2022.
Data shared between Toyota Motor, TIMS, CAS, and Progressive included vehicle locations, speed, braking and swerving telemetry, and data on driving style such as cornering.
Siefke alleges he was not informed of a trial data sharing agreement he was signed up for during his purchase, and did not give explicit permission for data sharing. Under the law, the members of the class action have stated they suffered ‘”actual injury” in the form of “damage to and diminution of the value of their driving data, violation of their privacy rights, and the likelihood of future theft of their driving data.”
Similar issues surfaced last year in Europe, when Cariad, a VW subsidiary, left a database open to public access, containing drivers’ data collected by in-vehicle telemetry on newer models of VW, Seat, Audi and Skoda cars. In that case, individual drivers’ locations and other data were happened upon by data privacy advocates.
It is relatively trivial to infer the home and work addresses from such information, as well as determine details of drivers’ lifestyle choices – which stores cars are parked outside, residential addresses where cars remains overnight, gym membership, favoured bars and hangouts, etc. In the German case, the exposed information included data detailing the lifestyles of controversial politicians and several public figures.
Information collected by in-car telemetry on manufacturers’ recently-produced vehicles is typically sent to manufacturers or their affiliates. Owners can access their data using a mobile app or web interface to examine their driving habits and vehicle performance. However, in many cases, the manufacturer or partners share collated data among themselves, and are presented with an oppurtunity to monetise any information on the data brokerage market.
The process of a new car purchase involves a significant amount of paperwork on the part of the purchaser, so references to data sharing could easily be missed among the various Terms and Conditions around the sale, finance agreement, bundled insurance, maintenance and service agreements, etc.
Several insurance companies offer discounted rates for drivers willing to install a so-called ‘black box’ in their vehicle which tracks and reports on driving habits and style, so rewarding careful and accident-free drivers. But in recent models of vehicle, such devices are effectively built-in, giving the manufacturer a wealth of demographic information about drivers.
Manufacturers use telemetry data to help them plan supporting infrastructure, such as where to station recharging points, and to pre-emptively identify mechanical issues on a vehicle before they become problematic. However, it is also apparent that such data also offers new sources of revenue, which in some cases are pursued without drivers’ consent.
(Image source: Toyota)
See also: Vodafone taps IoT and AI to help protect National Parks
Want to learn about the IoT from industry leaders? Check out IoT Tech Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Cyber Security & Cloud Expo, AI & Big Data Expo, Intelligent Automation Conference, Edge Computing Expo, and Digital Transformation Week.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
