The policies should explain what information a manufacturer collects on drivers, according to the draft text, and lay out the choices consumers have about the use of the data. The automaker would also have to pledge not to keep the driving data for any longer than is necessary for "legitimate business purposes." (If that sounds vague to you, you're not alone. We've written about automotive privacy policies previously here.)
There are a whole slew of other requirements, such as a proposed ban on hacking into car software. (Security researchers have objected to this section over concerns it could prevent them from detecting and warning of gaps in the companies' code.)
This draft legislation is still in the discussion stages, so much could change. But it says a lot about how lawmakers are going into a burgeoning debate about how to regulate intelligent, connected cars.