DRIVER Act
- Bill Number
- H.R. 6687
- Origin Chamber
- House
- Congress
- 119th Congress, Session 1
- Policy Area
- Commerce
- Status
- Introduced
- Latest Action
- 2025-12-12: Referred to the House Committee on Energy and Commerce.
- Last Updated
- 2026-06-05T08:07:22Z
AI-Generated Summary
Purpose of the Legislation
The DRIVER Act (H.R. 6687) aims to ensure that owners of motor vehicles have secure access to and control over the data generated by their vehicles. It promotes privacy by restricting how manufacturers and fleet owners can sell sensitive personal data, while prohibiting sales to certain foreign adversaries. The goal is to empower vehicle owners with real-time data rights without additional costs, supporting lawful uses like repairs or third-party services.
Key Provisions
- Access to Vehicle Data (Section 2): Manufacturers must provide vehicle owners with free, real-time access to all electronic data generated by the vehicle (e.g., from sensors or computers). This access must be secure, unrestricted for lawful purposes, and available through physical ports (like diagnostic ports) or wireless methods if equipped. Owners can authorize third parties to use the data (except those controlled by foreign adversaries, defined as entities linked to countries like China or Russia under existing regulations). Manufacturers cannot charge fees for decryption or require their own devices. The system must allow data deletion and comply with industry cybersecurity standards (e.g., ISO/SAE 24134, which are voluntary guidelines for protecting vehicle networks).
- Controls on Selling Data (Section 3):
- Manufacturers cannot sell "covered data" (sensitive personal information like biometric identifiers—e.g., fingerprints or voice patterns—precise location within 1,750 feet, or driver behavior data used for harmful profiling) without giving owners a clear opt-out option.
- Fleet owners (those with 5+ vehicles or long-term leases) must offer drivers opt-outs before selling such data, except for commercial/government fleets where data is used only for work-related purposes (unless it leads to harmful profiling outside employment).
- Bans sales of any vehicle data to adversarial nations: North Korea, China, Russia, Iran, and Venezuela.
- Exceptions to "sale" (defined as exchanging data for money) include sharing for emergencies, safety responses, research, repairs, warranties, cybersecurity, legal compliance (e.g., warrants), or business transfers like mergers. Data from public sources or de-identified (anonymized) data is excluded.
- Enforcement (Section 4): Violations of data access rules are treated as unfair or deceptive practices under the Federal Trade Commission Act. The Federal Trade Commission (FTC) enforces this with its full powers, including investigations, penalties, and remedies.
- Protections for Businesses (Section 5): The Act does not force manufacturers to reveal confidential business information (trade secrets protected under federal transportation rules).
- Preemption of State Laws (Section 6): Federal rules override any conflicting state or local laws on vehicle data access.
- Definitions (Section 7): Key terms include:
- Motor vehicle data: Any electronic info from vehicle components like sensors.
- Covered data: Personal data tied to biometrics, precise location, or driver behavior (excluding anonymized or public info).
- Personal data: Info linked to an identifiable person.
- Motor vehicle owner: Includes owners, lessees (for 180+ days), or their designees; fleet owners defined similarly for larger operations.
- User data: Info transferred from personal devices to the vehicle (separate from vehicle-generated data).
Significant Changes to Existing Law
This bill introduces new federal mandates for vehicle data access and privacy, which were not previously required at the national level. It builds on the Federal Trade Commission Act by expanding its scope to treat data access violations as deceptive practices, enabling FTC oversight. It also preempts state laws, creating uniform national standards instead of a patchwork of regulations. Additionally, it codifies bans on data sharing with specific foreign adversaries, aligning with but expanding existing export controls under federal regulations.
Potential Impacts
- On Citizens and Drivers: Enhances privacy by giving owners control over sensitive data, reducing risks of unauthorized tracking or profiling. It supports "right-to-repair" by allowing independent mechanics or apps to access data without manufacturer barriers, potentially lowering repair costs. However, fleet drivers in commercial settings may have limited protections.
- On Government Agencies: The FTC gains a direct enforcement role, increasing its workload in monitoring the auto industry for compliance. No direct impacts on other agencies like the Department of Transportation, though it aligns with broader vehicle safety rules.
- On Manufacturers and Businesses: Auto companies must redesign systems for free data access and opt-outs, potentially raising compliance costs but fostering innovation in third-party services. Fleet operators face similar requirements, with exceptions for business use.
- On International Relations: The explicit ban on data sales to adversarial countries could strain trade ties with those nations and deter foreign investment in U.S. auto tech, while strengthening national security by limiting data flows that could aid surveillance or espionage.
Main Stakeholders Affected
- Vehicle Owners and Drivers: Primary beneficiaries, gaining data rights and opt-out protections.
- Motor Vehicle Manufacturers: Required to provide access and restrict data sales; includes major automakers like Ford or Tesla.
- Fleet Owners and Operators: Businesses with multiple vehicles (e.g., rental companies, delivery services) must offer opt-outs to drivers.
- Third-Party Service Providers: Independent repair shops, app developers, or data analysts can access data more easily for lawful purposes.
- Federal Trade Commission (FTC): Enforces the law, acting as a regulator.
- Foreign Entities: Adversarial governments and their controlled companies are barred from receiving data, affecting global data markets.
Notable Legal, Constitutional, or Political Implications
- Legal Implications: Strengthens consumer privacy rights in the growing field of connected vehicles (e.g., those with internet or sensors), treating vehicle data as a form of personal property. Enforcement via the FTC could lead to civil penalties (fines up to $50,120 per violation under existing law) and lawsuits, but exceptions protect legitimate business needs like safety recalls.
- Constitutional Implications: Balances First Amendment concerns (e.g., free speech in data sharing) with Fourth Amendment privacy expectations against unreasonable searches. It upholds property rights by affirming owner control over data without seizing business assets, though preemption of state laws may limit local experimentation under federalism principles.
- Political Implications: Addresses rising concerns over "right-to-repair" movements and data privacy in an era of electric and autonomous vehicles, potentially bridging divides between consumer advocates and industry. The foreign adversary bans reflect bipartisan national security priorities, but could spark debates on overreach in regulating private data sales.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Rep. Harshbarger, Diana [R-TN-1]
Cosponsors (5)
Rep. Weber, Randy K. Sr. [R-TX-14], Rep. Perry, Scott [R-PA-10], Rep. Wagner, Ann [R-MO-2], Rep. Alford, Mark [R-MO-4], Rep. Bell, Wesley [D-MO-1]
Recent Actions
- 2025-12-12: Referred to the House Committee on Energy and Commerce.
- 2025-12-12: Introduced in House
- 2025-12-12: Introduced in House
Bill Versions
- Data Rights for Information and Vehicle Electronics in Real-time Act — issued 2025-12-12 — PDF (12 pages)