How long will auto manufacturers get away with this way of managing our data?
From manufacturer control to driver control.
This is a real photo, taken recently by one of our team, of their vehicle’s infotainment screen.
It’s asking them to review updated terms.
On a screen that size. In a car.
The illusion of consent: Manufacturers are asking for legal consent in environments where informed consent is physically impossible.
And like most drivers, they’ll click through—because what’s the alternative?
The terms were probably accepted during the purchase process. In the excitement of collecting a new vehicle, who is realistically going to read them in detail?
Now, as those terms are updated by the manufacturer, messages like this start appearing. The interface doesn’t offer a meaningful choice—only the option to review. And the prompt persists, appearing every time the vehicle is started, until someone—anyone using the vehicle—clicks “Yes”.
This isn’t meaningful consent. It’s compliance theatre.
The scale of the problem
What’s the issue with reviewing the terms later, when you have more time?
Quite simply—time is exactly what you’d need. A lot of it.
As one example, try reading the privacy terms for an Audi vehicle in the UK on your phone. You’ll be scrolling… and scrolling… and scrolling again. Twenty-plus screens’ worth.
And Audi are far from alone.
A report by the Mozilla Foundation went as far as to label cars as the worst category of consumer product for privacy. That was in September 2023—and there’s little evidence things have materially improved since.
Regulators are beginning to act. In 2025, the Federal Trade Commission took action against General Motors for sharing driver data without proper consent. Infosecurity Magazine highlighted many of the issues clearly in their August 2025 article.
Meanwhile, media coverage continues to highlight how driving behaviour data can be shared with insurers—often without drivers fully understanding how or when this happens.
Even leasing companies, which sit close to the customer in many European markets, are now advising caution around connected vehicle features.
The current model is collapsing under the weight of regulatory fines, brand damage, and global security scrutiny.
Why nothing has really changed (yet)
Despite all of this, most drivers aren’t actively engaging with the issue.
Not because they don’t care—but because they’ve never been given a realistic way to act.
There is no practical way to:
meaningfully review terms in context
negotiate how data is used
or manage preferences in a simple, persistent way
So behaviour doesn’t change. And the industry, for now, continues as it is.
But that is unlikely to last.
Change is coming — from multiple directions
Pressure is building.
Employers are beginning to consider connected vehicles as a potential data risk — especially when used for business purposes.
Public awareness is growing, particularly around the sharing of driving data with third parties such as insurers.
And most significantly, regulation is evolving.
In Europe, the introduction of the Data Act marks a step change in how data from connected devices — including vehicles — is governed:
“The Data Act is designed to empower users — both consumers and businesses — by giving them greater control over the data generated by their connected devices.”
In simple terms, this shifts the centre of gravity.
Away from manufacturer control.
Towards user rights.
The legislative hammer. In Europe, the Data Act completely changes the directional flow of data rights. It fundamentally strips unilateral data authority away from the manufacturer and redistributes it directly to the driver.
It challenges a long-standing assumption — that the organisation collecting the data gets to define how it is used.
An industry at a crossroads
Some manufacturers are beginning to respond.
There are examples emerging of more open, cooperative approaches—acknowledging the spirit as well as the letter of regulation.
Others remain rooted in legacy thinking. Acknowledging new requirements, but still insisting on one-sided agreements that customers are expected to accept.
Advisors and industry commentators are also starting to recognise that this shift represents more than just compliance. It is a potential opportunity to rethink how customer relationships are structured in a connected world.
Even the EU itself positions the Data Act in this way:
“A comprehensive initiative… emphasising fair access and user rights, while ensuring the protection of personal data.”
The question is how that opportunity is realised in practice.
A different model is emerging
A recent development from outside the automotive sector may offer a clue.
The IEEE 7012 standard for machine-readable personal privacy terms - now emerging in-market as MyTerms - introduces a fundamentally different model.
Today, the structure is simple:
manufacturers define the terms
drivers accept them (or lose functionality)
MyTerms flips that model:
individuals define their own terms
organisations choose whether to accept them
The digital handshake. A frictionless, cryptographically secure digital handshake where both parties hold verifiable proof of exact, modular agreements.
Because those terms are machine-readable, they can be interpreted, matched, and managed automatically - by systems and AI agents acting on behalf of both parties.
What this could look like in practice
Instead of this:
“Please review and accept updated terms”
Imagine something closer to:
“Your personal data preferences have been received.
This vehicle will operate under your selected terms:– Navigation: enabled
– Driving behaviour sharing: disabled
– Third-party data access: restricted”
No scrolling.
No guesswork.
No repeated prompts.
Just clarity - and control.
From compliance to competitive advantage
This isn’t simply a better user experience.
It’s a different way of thinking about the relationship between manufacturers and customers.
In a market where vehicles are increasingly defined by software, services, and data, trust becomes a differentiator.
The manufacturers who move first—embracing user control rather than resisting it—have an opportunity to lead, not just comply.
So… how long will the current model last?
Probably not as long as many expect.
The direction of travel is clear:
regulation is tightening
awareness is growing
alternative models are emerging
The real question is no longer whether change will happen.
It’s who will lead it.
A legacy brand with a long heritage?
A new EV player with a clean technology stack?
Or a new entrant altogether?
The tools are starting to exist.
The standards are forming.
The opportunity is there.
Who goes first?
Footnote and a Call to Action
If you are:
Designing smart data schemes
Regulating data exchange
Building platforms or AI systems
Then the question is NOT:
“How do we implement another scheme?”
But:
“Are we building towards a network — or away from one?”
We’re currently partnering with a small number of Organisations and Partners to explore these ideas through targeted Proofs of Concept. If you’re thinking seriously about the future of Smart Data, AI, and individual data control - we’d be interested in hearing from you.