A major point of contention with the approved ballot initiative is the definition of “mechanical data,” which is defined as “any vehicle-specific data, including telematics system data, generated, stored in or transmitted by a motor vehicle used for or otherwise related to the diagnosis, repair or maintenance of the vehicle.” While this definition is helpful for car manufacturers, opponents of the initiative have pointed out that different car manufacturers define telematics data in different ways, and that a more granular definition of what data should be included in telematics data is absent from the initiative.
Another concern is the protection of the data that is shared, and ensuring that car manufacturers have enough time to create data platforms with security measures that comply with current data privacy and cybersecurity laws. Since model year 2022 cars are currently being designed and built, opponents have signaled that requiring auto manufacturers to create a secure platform on an accelerated timeline could lead to data security vulnerabilities. The language in the initiative, as currently written, does not specify what protections should be incorporated into the law. However, this warning has come from the largest and most vocal cadre of opponents—a coalition of automakers—who similarly opposed the enactment of the 2013 law. Since the data platforms used to transmit the data will need to be designed by the auto manufacturers, right now it is up to each manufacturer to decide the level of protections incorporated into their platform.
Our cybersecurity team is available to assist clients in interpreting how this new initiative may affect their business and their compliance efforts. We will continue to update this space with analysis of the progress of this initiative.
