Privacy Activism

Pay as You Drive – Automobile Insurance Comments

“Pay As You Drive” Automobile Insurance:
Comments on the Need to Guard Personal Privacy

July 9, 2009

Comments submitted to the California Department of Insurance by:
Privacy Rights Clearinghouse

Daniel M. Goodell, Senior Staff Counsel
California Department of Insurance
45 Fremont Street 21st Floor
San Francisco, California 94105

RE: Pay-Drive Usage-Based Auto Insurance – File No. REG-2008-00020

Dear Mr. Goodell:

The Privacy Rights Clearinghouse(1)  and PrivacyActivism(2)  appreciate the opportunity to comment on the California Department of Insurance (DOI) proposed amendments to the pay-drive insurance regulations. Both groups are California-based nonprofit organizations.

We direct our comments as follows:

1. Introduction
2. Onboard Technology
3. Secondary Uses of Data – Information Creep
4. Security of Personally Identifiable Information
5. Looking Ahead
6. Conclusions and Recommendations

1. Introduction

On June 18, 2008, PRC and Privacy Activism responded to a call for comments when DOI first considered adopting a pay-drive program(3).

Our June 2008 comments discuss the serious threats to privacy inherent in a pay-drive program that depends on data gathered by onboard technology. Our concerns extended not only to the kinds of data collected by installed devices but also to the potential and unforeseen secondary uses of collected data. With few exceptions, our concerns about the threats to privacy and potential secondary uses of data remain essentially unchanged from those expressed in June 2008.

We recognize that the current proposal makes some concession to privacy protection, especially by not allowing location data to be collected. However, to say only what will not be collected is inadequate disclosure and does not give consumers sufficient information upon which to decide whether to use a pay-drive plan or not.

Before adopting the proposed amendments, we urge the DOI to review and be guided by the principles of Fair Information Practices (FIPs), the universally accepted privacy standards for data collection and use(4).   According to the FIPs, openness along with related concepts of notice and transparency are key elements of privacy protection.

Unfortunately, the proposed amendments do not give consumers adequate notice of the data that an insurer can or may collect with onboard technology. Data collection without transparency, openness, and notice inevitably leads to the keeping of “secret files,” the precise situation the FIPs were adopted to prevent.

Potential for secondary uses of data collected through installation of onboard technology is real. The FIPS also provide that security systems be in place to protect against loss and unauthorized access. DOI’s proposed regulations do not incorporate a requirement for data security. Without strict privacy and security standards in place, data collected through such devices will surely be used in ways unknown or unexpected to consumers at the time the data is collected.

2. Onboard Technology

As proposed, the regulations indeed give a nod to privacy, most notably by prohibiting location information to be gathered by an onboard device. However, this falls far short of full disclosure and openness.

Buried in this statement is the green light for insurers to collect all kinds of data so long as it is not “location” information. However, nowhere in the proposed regulations does DOI require insurers to disclose the kinds of data that can or may be collected through use of onboard technology.

In addition, the proposed regulations allow insurers to collect data that seemingly has no relation to the purpose at hand, that is, to record actual miles. If extraneous data cannot be used by insurers, there seems to be no valid reason to allow insurers to collect it. To allow insurers to collect, accumulate, and store personal information recorded by onboard devices raises significant privacy concerns about how that data might be used in the future.

It does not take a giant leap in imagination to think that data, beyond actual miles, collected today could someday be used to set insurance rates. Not only that, but data once collected is always vulnerable to disclosure in any number of ways, e.g. a subpoena.

Moreover, seemingly without the requirement of prior notice, as technology advances, greater amounts of data may be collected by installation of newer devices. Under the non-disclosure standard set by the proposed regulations, consumers would never need to be notified about the kinds of data being collected.

The purpose of the regulation is to offer consumers lower insurance premiums based on actual miles driven. To accomplish this goal, the only data an onboard device need collect is the number of miles the consumer drives within a given period of time. Thus, the regulations should be amended to limit collected information to recording miles. In this way, consumers will not have to guess at what data the insurer might be collecting or how that data might be used in the future.

In the alternative, DOI should adopt a regulation that requires insurers to disclose exactly what information an onboard device collects. It is not enough to say only what the device will not collect. If the regulations are to allow premiums based on any onboard data except location, consumers should be informed about exactly what data is to be collected.

When given full disclosure, privacy-conscious consumers may well choose a costlier policy based on estimated miles. At least consumers should be given adequate information upon which to base an informed decision.

3. Secondary Uses of Data – Information Creep

Our earlier comments voiced concern about potential secondary uses of data collected by onboard technology. Secondary uses, sometimes called “information creep” or “function creep,” means that information gathered for one purpose will almost certainly be of use to someone in some other way.

The intended purpose of allowing an onboard technological device is simply to record actual miles. Still, the proposal allows devices to collect undefined amounts of data in addition to actual miles driven.

The potential for secondary uses of collected data is unlimited. For example, as we noted in earlier comments, the California Insurance Information and Privacy Protection Act, (Insurance Code 791-791. Section 791.13) does not shield consumers when information is disclosed to a law enforcement or other government agency. Nor is data, under this law, immune from disclosure in response to a subpoena or search warrant.

California drivers have a right to know that data collected by their insurer may someday be used against them in a court of law.

4. Security of Personally Identifiable Information

The lack of notice is not the only aspect of Fair Information Practices ignored. The principle of security is also absent here.  There are no provisions in the proposed rules to require insurers to safeguard the personally identifiable information that they collect.

The proposed rules allow an insurance company to require consumers to install a GPS device in their cars in order to participate in a pay-drive plan. Since substantial amounts of personal information may be collected and the risk of a data breach is high, companies that collect this information should be required to have a security plan in place(5).

5. Looking Ahead

Privacy considerations for pay-drive systems are a harbinger for the road tax systems that are likely to be implemented within the next dozen years.  California and Oregon have discussed adopting a by-the-mile road tax that would replace a by-the-gallon fuel tax. The University of Iowa is now field testing a by-the-mile tax according to the Kansas City Star(6).   The University is testing computer and GPS systems in six states to track the miles and simulate billing of consumers.  Also, according to the article, the National Surface Transportation Infrastructure Financing Commission pegged 2020 as the year for the federal fuel tax to be phased out and replaced by a road tax.  If this plan goes to fruition, the time is now to be leading the way as California often does, and protect consumer privacy from the inception of any pay-drive system or road-tax system.

Similarly, intelligent transportation systems(7) , also on the horizon, are purported to reduce traffic congestion and accidents, as well as improving other road conditions. Such systems would be based on the use of sensors, RFID (radio frequency ID systems), and GPS to track and bill motorists. A pay-drive insurance plan in California is akin to dipping toes in the water to test it out.  Getting people used to the idea of being tracked continuously using a pay-drive system makes it easier to promote the idea of road usage taxes and intelligent transportation systems, without building in privacy protecting options for those who want them.

Retrofitting statutes and agency rules to protect privacy rarely works well. Privacy protections need to be built in at the beginning, and goals and ramifications thought out beforehand.  Years ago the Electronic Frontier Foundation and Stanford law professor Larry Lessig(8)  spoke about “architecture as policy” as related to the Internet.  The idea was that you get what you build.  You can build in openness, and everyone can participate.  You can build in censorship, and cause people to be shut out.  The same logic applies with privacy as it does to roads.  We can continue to design and build systems where people are not tracked and monitored as they go through their daily travels, or we can build in surveillance and track anyone at all times.  We advocate for privacy.

6. Conclusions and Recommendations

We urge the DOI to reconsider the proposed pay-drive regulations and ensure Californians have accurate and complete information about all data to be collected through use of onboard technology. In doing so, DOI should follow the guidelines established by the Fair Information Practices, the widely accepted principles that form the foundation for the federal Privacy Act of 1974, 5 USC 552a, and subsequent privacy legislation. California drivers deserve no less.

So that consumers are fully informed about the kinds of data to be collected in order to participate in the pay-drive plan, DOI should:

•    Specify that only actual miles driven can be collected by onboard devices.
•    If additional data is to be collected by onboard devices, DOI should require notice of precisely what data will be collected.
•    Require insurers to notify consumers that information is subject to disclosure to law enforcement, government agencies, or in response to a subpoena or search warrant.

The PRC and PrivacyActivism, again, appreciate the opportunity to comment on the DOI’s proposed pay-drive rules.


Beth Givens, Director
Tena Friery, Research Director
Privacy Rights Clearinghouse
3100 5th Ave.
San Diego, CA 92103


Deborah Pierce
Executive Director
4026 18th Street SF, CA 94114

1. The Privacy Rights Clearinghouse is a nonprofit consumer education and advocacy organization based in San Diego, CA, and established in 1992. The PRC advises consumers on a variety of informational privacy issues, including financial privacy, medical privacy and identity theft, through a series of fact sheets as well as individual counseling available via telephone and e-mail. It represents consumers’ interests in legislative and regulatory proceedings on the state and federal levels.

2. Privacy Activism is a nonprofit organization whose goal is to enable people to make well-informed decisions about the importance of privacy on both a personal and societal level.

3. See:

4. A discussion of the established FIPs can be found on the web site of the California Office of Privacy Protection at:

5. A Webroots study showed that 41% of companies had a data breach within the last twelve months.

6. By-the-mile road tax could replace by-the-gallon federal fuel tax

7. Intelligent Transportation Systems home page:

8. Address by Lawrence Lessig at the National Press Club.

Tags: , ,

Leave a Reply

You must be logged in to post a comment.