Auto Data Privacy and Autonomy Act

The term Commission means the Federal Trade Commission.

The term covered data means user data and vehicle-generated data.

The term covered vehicle means a motor vehicle or a vehicle primarily used for farming or construction.

The term geolocation data means information that reveals the past or present physical location of an individual, a covered vehicle, or device.

The term motor vehicle has the same meaning given such term in section 30102(a) of title 49, United States Code, and includes a motor vehicle trailer.

The term personally identifiable information means information that—

(A) directly identifies an individual such as the name, address, social security number or other identifying number or code, telephone number, or email address of an individual;

(B) indirectly identifies an individual such as the gender, race, or date of birth of an individual; or

(C) reveals the geolocation data or internet activity of an individual.

The term user data means data transferred to a covered vehicle by the owner or user of such vehicle.

The term user preference means any choice with respect to a configurable setting of a covered vehicle made by or for the benefit of the owner or user of such covered vehicle.

The term vehicle-generated data means all electronic data generated or processed onboard a covered vehicle, such as data generated by sensors, receivers, computer processing units, or other vehicle components and includes the geolocation data of such covered vehicle.

With respect to a covered vehicle, a manufacturer of such vehicle may not—

(1) access covered data, unless—

(A) the owner of such covered vehicle or, in the event of the death or incapacity of such owner, the next of kin of such owner affirmatively consents to such manufacturer accessing such data and such consent—

(i) is freely given;

(ii) is informed, specific, and unambiguous;

(iii) is in writing; and

(iv) may be easily withdrawn; or

(B) such data is accessed solely to improve covered vehicle performance or safety;

(2) sell, lease, or otherwise share covered data, unless—

(A) required to do so—

(i) pursuant to a lawfully executed warrant;

(ii) pursuant to a court order that provides the covered vehicle owner notice of the order and at least 48 hours to object and request a hearing; or

(iii) to facilitate an emergency response; or

(B) the owner of such covered vehicle, or, in the event of the death or incapacity of such owner, the next of kin of such owner, affirmatively consents to such manufacturer to do so and such consent—

(i) is freely given;

(ii) is informed, specific, and unambiguous;

(iii) is in writing; and

(iv) may be easily withdrawn; or

(3) sell, license, rent, trade, transfer, release, disclose, provide access to, or otherwise make available personally identifiable information of a United States citizen or lawful permanent resident to the following:

(A) The Democratic People’s Republic of Korea.

(B) The People’s Republic of China.

(C) The Russian Federation.

(D) The Islamic Republic of Iran.

(E) The Bolivarian Republic of Venezuela.

Not later than 180 days after the date of the enactment of this Act, the Commission shall, in consultation with the Attorney General, the Secretary of Homeland Security, the Secretary of Transportation, and the Federal Communications Commission, submit to Congress a report that describes with respect to covered data—

(1) the types of such data that a manufacturer of a covered vehicle accesses;

(2) the individuals and entities, other than a manufacturer of a covered vehicle, that access such data;

(3) the Federal or State Government entities that access such data and how such entities use such data;

(4) the individuals and entities to whom such data may be sold or otherwise shared;

(5) the foreign governments to whom such data may be sold or otherwise shared and how such data is used by such foreign governments;

(6) the cybersecurity capabilities and risks associated with covered vehicles;

(7) occurrences of such data being compromised, including the prevalence of such occurrences and any entities with ties to foreign governments associated with such occurrences; and

(8) a description of the feasibility of a technology-neutral, standards-based, secure interface to allow an owner of a covered vehicle access to such data designed without preference or prejudice towards any technology or service used to access and control such data by such owner, and not contingent on ownership or licensing of proprietary technologies by such owner or a manufacturer of a covered vehicle.

The manufacturer of a covered vehicle shall provide to an owner of such vehicle access to, and control of, all covered data generated or processed onboard, or transferred to, such vehicle—

(1) at no cost beyond the purchase price of such vehicle;

(2) in real time;

(3) without any restriction or limitation on use or authorizing access to third parties;

(4) without a requirement that the covered vehicle owner pay a fee or purchase a license to decrypt such data or use a device provided by such manufacturer to access and use such data;

(5) through the vehicle’s interface port and through wireless transmission of such data to the extent such vehicle is equipped with technology to wirelessly transmit such data; and

(6) in a manner that enables the operation of an open application programming interface that—

(A) facilitates deletion of all user data stored in a covered vehicle; and

(B) enables the setting of any user preference by the covered vehicle owner or another user of the covered vehicle.

This section supersedes any statute, rule, requirement or other legal obligation of a State of political subdivision thereof that relates to the requirements of this section.

A violation of this Act shall be treated as a violation of a rule defining an unfair or deceptive act or practice under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)).

The Commission shall enforce this Act in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this Act.

Any person who violates this Act shall be subject to the penalties and entitled to the privileges and immunities provided in the Federal Trade Commission Act (15 U.S.C. 41 et seq.).

Nothing in this Act shall be construed to limit the authority of the Commission under any other provision of law.