The Federal Trade Commission's (FTC) Office of Technology has issued a stern warning to automakers regarding data privacy in the era of connected vehicles. In a blog post published Tuesday, the FTC cautioned that the automotive industry does not have "the free license to monetize people’s information beyond purposes needed to provide their requested product or service."

Last January, it was disclosed by a security researcher that a vehicle identification number could allow access to remote services across different car makes, with many APIs being vulnerable to hacking.

While the FTC has not initiated any specific legal actions against automakers, the recent blog post serves as a preemptive caution to the industry. The post references the long-standing attention the FTC has paid to connected cars, including workshops held in 2013 and 2018 and consumer guidance on data wiping before car sales.

The FTC has outlined that automakers, along with other businesses, are obliged to protect user data from illegal collection, use, and exposure. The agency points to enforcement actions in other sectors where companies have faced legal consequences for illegal handling of geolocation data, unauthorized disclosure of sensitive user data, and unlawful use of sensitive data for automated decision-making.

FTC Blog Post