Specter of risk hangs over Consumer Protection Committee hearing

BOSTON, MA – October 7, 2019 – As Massachusetts legislators settled in for hours of testimony on consumer protection issues Monday, the broader privacy picture was clouded by bills not on the agenda. The group proposing the ballot, funded by aftermarket auto parts suppliers and big box national chains, has filed more than a dozen pieces of legislation seeking access to vehicle data that would create grave new cybersecurity and consumer privacy risks. 

The coalition’s legislation, as well as its similar ballot question effort currently collecting paid signatures, would grant third-parties real-time, remote access to vehicle data, including information on speed and location, without any security protections. If successful, the effort would undo any data privacy protections considered by the legislature during today’s hearing.

“These bills would intentionally expose sensitive consumer data – including a vehicle’s GPS location, in real-time,” said Wayne Weikel, Senior Director, State Affairs for the Alliance of Auto Manufacturers in testimony before the Committee today. “They include no safeguards or limitations on how third-parties could use, sell, store, or protect this consumer information. On top of that, the businesses that would have access to this information would not be bound by any of the protections in today’s bill, as they would fall below the $10 million threshold for inclusion.” 

At issue in today’s hearing was SB 120, filed by Senator Cynthia Creem of Newton, relative to consumer data privacy. In his testimony on the bill, Weikel commended the Legislature for tackling this critical issue, but also cautioned that the telematics bills threatened to undercut any new consumer privacy effort.

“The full impact of the telematics proposal in both its legislative and ballot question must be part of any serious discussion about cybersecurity and data privacy,” Weikel said.

As a result of a 2013 Massachusetts law and a national Memorandum of Understanding signed in 2014, repair shops have access to all the information they need to repair consumer cars and they will continue to in the future. The telematics proposal is not about who about who can fix consumer cars; it is about how many companies and people have remote access to consumer driving habits, patterns, and location in real-time.

“This proposal is a threat to the consumer privacy and cybersecurity of Massachusetts drivers. It risks making personal data readily available to third-party groups and creates no safeguards for how third-parties store and protect your information,” said Conor Yunits, spokesperson for the Coalition for Safe & Secure Data. “Given the world we live in now, we should be finding ways to keep personal information safe, not exposing it to added risk.”

About the Coalition

The Coalition for Safe and Secure Data was formed by groups with an interest in protecting consumer privacy and vehicle cybersecurity. Learn more about the Coalition for Safe & Secure Data at www.ProtectDataPrivacy.com.

For media inquiries, please contact Conor Yunits at info@safeandsecuredata.org.