The Washington PostDemocracy Dies in Darkness

Lawmakers want to fine carmakers $5,000 a day for not having a privacy policy

(Reuters/Kim Kyung-Hoon/Files)

Cars of the future are likely to be highly advanced machines with knowledge of the driver's every decision: Do you speed? Brake too hard? Wear a seatbelt?

All this information could potentially be used against you by insurers, data brokers or hackers — potentially without your knowledge. So House lawmakers are proposing a measure, as part of a draft bill to be debated this week, that would open carmakers up to fines of $5,000 a day if they don't submit a detailed privacy policy to the government.

The policies should explain what information a manufacturer collects on drivers, according to the draft text, and lay out the choices consumers have about the use of the data. The automaker would also have to pledge not to keep the driving data for any longer than is necessary for "legitimate business purposes." (If that sounds vague to you, you're not alone. We've written about automotive privacy policies previously here.)

There are a whole slew of other requirements, such as a proposed ban on hacking into car software. (Security researchers have objected to this section over concerns it could prevent them from detecting and warning of gaps in the companies' code.)

Under the draft legislation, car manufacturers could be held liable if they violate any part of their own privacy policies or if they fail to file a privacy policy to begin with. But the maximum penalty automakers face would be limited to $1 million, and they would be shielded from Federal Trade Commission scrutiny for "unfair" or "deceptive" acts related to privacy as long as their privacy policies meet all the legislation's requirements.

This draft legislation is still in the discussion stages, so much could change. But it says a lot about how lawmakers are going into a burgeoning debate about how to regulate intelligent, connected cars.