Your Car Data is Your Own: New Act Mandates Explicit Consent Before Manufacturers Can Collect or Share

If you drive a modern car—or even a tractor or excavator—you know it’s basically a computer on wheels, constantly generating data. The Auto Data Privacy and Autonomy Act is designed to give you, the owner, the keys to that data.

This bill establishes a federal baseline for how manufacturers of "covered vehicles"—which includes your daily driver, construction equipment, and farm vehicles—must handle the information they collect. The core of the Act is simple: no data collection, use, or sharing without your express, affirmative consent. This isn't buried in the fine print; the manufacturer has to ask you separately for each specific purpose they want the data for, and they must use clear, plain language (Sec. 1).

The Data Keys Are Yours Now

Think about all the information your vehicle generates: your exact location history (Geolocation data), what you listen to, your driving habits, and even maintenance diagnostics (Vehicle-generated data). This Act makes it clear that you have full control over this digital footprint. For busy people, this means two major things:

1. Access and Deletion Rights: You gain the right to access any data collected from your vehicle, and the right to have it deleted or corrected. Manufacturers must set up an easy process for you to do this (Sec. 1).
2. No Data Hostage: The bill explicitly prohibits manufacturers from using your collected data to disable or limit the functionality of your vehicle. So, if you refuse to share your location data, the manufacturer can’t use that refusal to, say, shut down your navigation system or limit your engine performance (Sec. 1).

Furthermore, the Act requires manufacturers to ensure that your vehicle settings—like your seat position, radio presets, or temperature preferences—are preserved and restored after a software update or repair. No more having your carefully tuned settings wiped out by an overnight patch (Sec. 1).

Open Access for Repair and Customization

Section 4 is huge for anyone who has ever felt locked out of their own vehicle’s system. It requires manufacturers to give vehicle owners free, real-time access and control over all data generated by the vehicle. This includes access through the vehicle’s interface port and, if equipped, wirelessly. They can’t charge you fees or require special devices to decrypt your own data.

Crucially, this section mandates an open application programming interface (API). Why does that matter? It means third-party repair shops, independent mechanics, or even savvy owners could potentially access the diagnostic data they need without paying proprietary licensing fees to the dealer. This could lower repair costs and increase competition, which is a win for everyone from the fleet manager to the family commuter.

The National Security Loophole Closure

Beyond consumer rights, the bill tackles a serious security concern. Under Section 3, manufacturers are strictly prohibited from sharing or selling personally identifiable information of U.S. citizens to several specific foreign governments, including the People's Republic of China and the Russian Federation. This is a direct response to growing concerns about sensitive location and behavioral data being exploited by foreign adversaries.

Who’s Policing the Process?

Enforcement falls to the Federal Trade Commission (FTC). Any violation of this Act is treated as an unfair or deceptive act under existing FTC rules (Sec. 5). This is good because the FTC is already set up for this kind of consumer protection work. However, there’s a catch in Section 8: The Act explicitly prohibits new appropriations, meaning the FTC has to enforce this massive new set of rules using only its existing budget. While this saves taxpayer money, it raises the question of whether the agency will have the resources to effectively police every vehicle manufacturer and data practice. It’s a classic trade-off: great rules, but limited funding for the referee.