The $800 Billion Secret Inside Your Car: Data

This week, the California Privacy Protection Agency (CPPA) opened an investigation into how automakers utilize data collected from connected cars. Using the California Consumer Privacy Act of 2018, which grants Californians the right to know what data businesses are collecting, the agency is planning to get clearer on what data automakers and other companies are collecting from the tens of millions of drivers in the state.

Fight to Repair is reader-supported. Subscribe to receive new posts in your inbox (it’s free). Or, become a paid subscriber to get access to premium content.

The fight over vehicle data is essentially a question over ownership. Car companies want to capitalize on the data generated from sensor-rich modern vehicles, claiming rights to the data as part of complex software license agreements that car owners must agree to in order to operate the vehicles. Advocates for vehicle owners believe that the data should be accessible to vehicle owners, who should also be able to opt-out of data collection and tracking.

An $800 billion secret

What isn’t in doubt is that data from vehicles makes companies a lot of money. Data collected from cars is projected to be worth up to $800 billion by 2030, according to a report by CapGemini.

Here’s how it works: car manufacturers collect the data of drivers, package it up, and sell it to those who might want access it – from insurance firms to infotainment companies.1 Businesses buying this data use it to improve services like directions, music, and third-party apps designed to run inside vehicles, or to inform actuarial models used by insurance firms.

Both car companies and buyers of data seem to be getting a lot of value out of tracking drivers’ habits. But at present it doesn’t seem like individual drivers are receiving the same benefits—especially since they don’t have access to data or agency over what gets collected. And few drivers are even aware of what data is being collected from them or how it is being used. According to the CapGemini report, 82% of survey respondents said they did not know what data their vehicle transmits.

And, by keeping consumers in the dark on their data and the workings of their cars, car companies can get away with things that are bad for their customers but good for quarterly earnings numbers.

Take Tesla, which was caught this week “rigg[ing] the dashboard readouts in its electric cars to provide “rosy” projections of how far owners can drive before needing to recharge.” In other cases, automakers use their exclusive control over telematics systems to make repairs more difficult or constrain the use of non-OEM parts, forcing owners to pay a premium. As we reported in November, Tesla is alleged to have configured its telematics software to disable a “trailer mode” designed to safely operate its Model Y sedans if the owners attach a non-Tesla brand hitch to their vehicle.

So who should own that data? It’s a question that extends well beyond automobiles. Farmers, for example, surrender detailed data about their equipment and farm operations to manufacturers like John Deere, whose equipment collects and transmits everything from machine settings, throughput, and sensor readings, to field task details, harvest and yield data, and historical information.

At a personal level: when you go to the gym wearing an Apple Watch or take your iPhone on your daily walk—you are being tracked.2 When you scroll, like, and post things on social media apps, you are generating value for companies who are using that information both keep you engaging with their services. Plus they can build a profile about you based on your data and sell it to advertisers who will use it to market you products (often crap that ends up lining landfills.)

Armed with a toothy state data privacy and ownership law, California’s privacy regulator is now looking to peel back the covers on this mostly unexplored industry.

The fight over vehicle data ownership and access isn’t limited to California either. The proposed federal REPAIR Act would nationalize access to vehicle repair data, including telematics data, in keeping with a Massachusetts state law passed in 2013 and updated in 2020.

In the meantime, California’s investigation could bring to light objectionable practices by automakers while exposing the truth about the lucrative connected vehicle data industry and the high price consumers are paying through the surging costs of repairs.

Other News

Microsoft is now selling repair kits and replacement parts for its Xbox controllers, including the Xbox Elite Series 2 and standard Xbox Wireless Controller, allowing gamers to fix broken parts themselves instead of relying on third-party sources, following in the footsteps of Apple and their decision to start selling repair kits last year.

Farmers decry expensive repairs as lawmakers make the rounds – As US Rep U.S. Rep. Marie Gluesenkamp Perez (D-WA) toured Lewis County in her home state, she came face to face with the reality of modern farming. Meeting with Shane Styger at the family’s dairy farm, Glusenkamp – who campaigned on her support for the right to repair – said that his family’s farm was the first in Lewis County to use robotic milking machinery. The equipment has greatly reduced the farm’s reliance on human labor but not without a cost. “According to Linda Styger, they’re lemons,” according to a story in The Chronicle. In the last few years, they’ve spent an estimated $30,000 annually on repairs for the machinery. And, adding insult to injury, she was audited by the IRS for not paying taxes on the repairs as ‘farm upgrades.’ “So, if you went out and bought new, benefitting the manufacturers, you don’t pay taxes on it — that’s an expense. But if you take it to your local shop and get some work done, you’re going to pay taxes on it?” asked Gluesenkamp Perez in an incredulous tone.”

Cory Doctorow is kickstarting his forthcoming book, “The Internet Con: How to Seize the Means of Computation,” which aims to dismantle Big Tech and promote interoperability to end enshittification caused by their crummy products, undemocratic business models, and rigged legal regimes, and explains how to fix the internet and bring back the old good version of it. Doctorow refuses to sell his audiobooks on Amazon due to their mandatory digital-rights-management (DRM), and he advocates for DRM-free publishing through crowdfunding platforms like Kickstarter.

🔊 Cory talked all-things DRM our podcast if you want to learn more.

The upcoming iPhone 15 Pro Max, which is rumored to be easier to repair, will likely have a higher initial cost, but rumors are circulating that consumers could save money in the long run due to potential repairability and reduced need for frequent upgrades.

Court dismisses lawsuit over coffee maker repair – Coffee machine maker De Longhi America Inc. successfully had a lawsuit over repair restrictions in warranties dismissed by a federal court. De Longhi America Inc. won the dismissal of a lawsuit concerning repair restrictions in warranties for its products. The customer who filed the suit didn’t demonstrate any concrete injury as he never sent his malfunctioning coffee maker for repairs or violated the warranty terms. Judge Katherine Polk Failla from the US District Court for the Southern District of New York ruled that a statutory cause of action isn’t sufficient for claiming damages.

Unpatchable AMD Chip Flaw Unlocks Paid Tesla Feature – researchers from TU Berlin found an unpatchable flaw in Tesla’s MCU-Z, allowing them to unlock paid features and access private user data. The researchers used a voltage fault injection attack on Tesla’s MCU-Z, exploiting a known flaw in AMD’s processor.

Successful attacks grant root permissions and allow arbitrary changes to Linux that survive reboots and updates. The exploit provides access to Tesla subsystems and can unlock software-locked features that are usually paid upgrades such as the Enhanced Autopilot and Full Self-Driving. The flaw is “unpatchable,” and Tesla has no known mitigation solutions.

Digital Restrictions Management (DRM) is used by corporations to control users via their machines, files, and processes, with examples such as proposals to limit access to certain websites only through officially supported browsers and Google’s crackdown on ad-blockers on Chrome. It emphasizes the need for awareness and active resistance to DRM to prevent its further spread.

A community composting project called “Restaurant 2 Garden” in Seattle converts food waste from local restaurants into compost for the Danny Woo Community Garden, aligning with Washington state’s efforts to reduce organic waste going to landfills by 75% and increase edible food donations by 20% by 2030, showcasing the potential of localized composting initiatives to support the circular economy and engage with culturally responsive businesses.

A sustainable art installation created from collected clothes to raise awareness about the environmental and humanitarian impacts of the fast fashion industry is encouraging people to adopt more eco-friendly practices like thrifting and reusing clothing.

🚨 Job alert:

The European Environmental Bureau (EEB) is looking to recruit a Circular Economy assistant (CIP internship) to work closely with the Circular Economy team and to focus on product policy and the growing Right to Repair campaign.

Deadline for Application: 27 August 2023

Proposed starting date: October 2023

Wage: 6-month contract – around 1.150€ net/month

Apply here


If you want to learn more about who is buying up vehicle data and for what reasons, check out this article on The Markup.


Fitbit’s fastest growing market is employers tracking their employee’s health data.

Fight to Repair is reader-supported. Subscribe to receive new posts in your inbox (it’s free). Or, become a paid subscriber to get access to premium conten.