The Texas attorney general’s office is investigating the data privacy practices of four car companies for potential violations of state law. Kia, General Motors, Subaru, and Mitsubishi received demand letters seeking information on their data collection and sharing practices. This probe marks the first known inquiry into connected car companies’ data practices by a state enforcement body.
The investigation is seen as a proactive move ahead of the implementation of Texas’ comprehensive data privacy law on July 1. Andrea Amico, CEO of Privacy4Cars, noted the assertiveness of requesting data before the law’s effective date, suggesting potential immediate enforcement. The demand letters require the companies to disclose details on the types of data collected, methods of collection, agreements with third parties, and representations made to consumers regarding data sharing.
In addition to data specifics, the attorney general’s office is seeking information on consent mechanisms, data governance policies, and public-facing privacy statements. The requested documents cover data practices dating from 2019 to the present day. The investigation comes amid growing concerns over connected-car data privacy, with the Federal Trade Commission warning manufacturers against illegal data collection and disclosure.
