Auto Data Privacy and Autonomy Act
- Bill Number
- H.R. 6734
- Origin Chamber
- House
- Congress
- 119th Congress, Session 1
- Policy Area
- Commerce
- Status
- Introduced
- Latest Action
- 2025-12-16: Referred to the House Committee on Energy and Commerce.
- Last Updated
- 2026-04-29T12:55:12Z
AI-Generated Summary
Purpose
The Auto Data Privacy and Autonomy Act (H.R. 6734) aims to safeguard the privacy and security of data generated by or transferred to vehicles. It prevents vehicle manufacturers from accessing, selling, or sharing personal and vehicle-related data without the owner's explicit consent, while requiring manufacturers to give owners free, real-time access to and control over this data.
Key Provisions
- Definitions:
- "Covered vehicle" includes motor vehicles (as defined under federal law, including trailers) and vehicles used mainly for farming or construction.
- "Covered data" encompasses "user data" (information transferred to the vehicle by the owner or user, such as settings) and "vehicle-generated data" (electronic data from the vehicle's sensors, computers, or components, including location tracking).
- "Personally identifiable information" (PII) covers details that directly or indirectly identify an individual, such as name, address, gender, race, birth date, location data, or online activity.
- Prohibitions on Data Access and Sharing (Section 3):
- Manufacturers cannot access covered data without the owner's written, informed consent (which must be freely given, specific, and revocable at any time). Access is allowed without consent only to improve vehicle performance or safety.
- Manufacturers cannot sell, lease, or share covered data without consent, except in cases like a valid warrant, a court order (with notice and opportunity to object), or emergencies.
- Manufacturers are banned from sharing PII of U.S. citizens or lawful permanent residents with governments of North Korea, China, Russia, Iran, or Venezuela.
- The Federal Trade Commission (FTC) must submit a report to Congress within 180 days of enactment, detailing data access practices, sharing entities, cybersecurity risks, data breaches (especially those linked to foreign governments), and the feasibility of a neutral, secure interface for owner data access.
- Owner Access and Control (Section 4):
- Manufacturers must provide owners with free, real-time access to all covered data via the vehicle's port or wireless transmission (if equipped).
- Access cannot be restricted, require extra fees, or depend on manufacturer-provided devices; it must support an open system for deleting user data and setting preferences.
- This provision overrides conflicting state or local laws.
- Enforcement (Section 5):
- Violations are treated as unfair or deceptive practices under the FTC Act, allowing the FTC to investigate, penalize, and enforce using its existing powers (e.g., fines, injunctions).
- The FTC's other authorities remain intact.
- Other Details:
- Manufacturers are not required to disclose confidential business information (e.g., trade secrets) except for owner data access.
- The Act takes effect 3 months after enactment and requires no new funding; the FTC uses existing resources.
Significant Changes to Existing Law
This bill introduces the first comprehensive federal standards for vehicle data privacy, filling a gap where no nationwide rules previously governed how manufacturers handle personal or vehicle-generated data. It explicitly bans data sharing with specific foreign adversaries, which is a new restriction not covered in prior laws like the FTC Act. By superseding state laws on data access, it creates uniform national requirements, potentially preempting varied state privacy regulations (e.g., those similar to California's data protection laws). Enforcement ties directly into the FTC's framework for consumer protection, expanding its scope to vehicle data without creating a new agency.
Potential Impacts
- On Citizens: Vehicle owners gain stronger privacy protections and control over their data (e.g., location tracking or personal settings), reducing risks of unauthorized surveillance or data sales. This could empower third-party services (like independent mechanics) to access data without manufacturer restrictions, but it may limit some convenience features if consent is withdrawn.
- On Government Agencies: The FTC will handle enforcement and a required report, increasing its workload on automotive privacy without extra funding. Other agencies (e.g., Department of Homeland Security, Transportation) contribute to the report, potentially informing future cybersecurity or national security policies. The data-sharing ban could affect intelligence or law enforcement access in emergencies.
- On International Relations: By prohibiting PII sharing with designated countries, the Act signals U.S. concerns over data security and foreign influence, potentially straining trade ties with those nations and encouraging allies to adopt similar restrictions. It may also impact global vehicle supply chains if manufacturers with international ties must segregate U.S. data.
Main Stakeholders Affected
- Vehicle Owners and Users: Primary beneficiaries, with rights to consent, access, and control data.
- Vehicle Manufacturers: Must comply with access prohibitions, provide free data tools, and avoid sharing with restricted entities; non-compliance risks FTC penalties.
- Federal Trade Commission (FTC): Leads enforcement and reporting, bearing implementation costs.
- Third-Party Entities: Includes data buyers, service providers (e.g., repair shops), and app developers, who may gain easier data access but face limits on sharing.
- Government Agencies: Such as the Departments of Justice, Homeland Security, and Transportation, involved in reporting and potential data requests.
- Foreign Governments: Specifically those listed (e.g., China, Russia), indirectly affected by the data ban.
Notable Legal, Constitutional, or Political Implications
- Legal: Strengthens consumer privacy akin to laws like the Children's Online Privacy Protection Act but tailored to vehicles; the open API requirement could spur innovation in data tools while challenging manufacturer intellectual property. The Act's preemption of state laws may lead to lawsuits over federal overreach.
- Constitutional: Enhances Fourth Amendment privacy interests by requiring consent and notice for data access, potentially limiting warrantless government access. The foreign data ban raises First Amendment questions on speech/export restrictions but aligns with national security precedents (e.g., export controls).
- Political: Addresses growing concerns over connected vehicles' data vulnerabilities amid U.S.-China tech tensions, appealing to privacy advocates and national security hawks. It avoids new funding, reflecting fiscal conservatism, but could face industry pushback over compliance costs, influencing future auto policy debates.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Cosponsors (4)
Rep. Onder, Robert F. [R-MO-3], Rep. Biggs, Andy [R-AZ-5], Rep. Burchett, Tim [R-TN-2], Rep. Davidson, Warren [R-OH-8]
Recent Actions
- 2025-12-16: Referred to the House Committee on Energy and Commerce.
- 2025-12-16: Introduced in House
- 2025-12-16: Introduced in House
Bill Versions
- Auto Data Privacy and Autonomy Act — issued 2025-12-16 — PDF (9 pages)