By Toyota Motor North America is now the subject of a class action lawsuit filed in Texas, centering around claims of unauthorized data sharing involving vehicle telemetry. The legal action, initiated by a Florida resident who purchased a Toyota RAV4 in 2021, brings to light growing concerns over how automakers handle driver information in the connected vehicle era.
The plaintiff, Philip Siefke, discovered during an insurance application with Progressive that the insurer already had access to detailed data from his car. This data was reportedly obtained from a data broker named Connected Analytic Services (CAS), which operates in close collaboration with Toyota Insurance Management Solutions (TIMS). Their partnership, according to the lawsuit, had expanded its data-sharing scope in 2022.
Information shared allegedly included vehicle location, speed, braking behavior, swerving patterns, and indicators of driving habits such as cornering. Siefke contends that he was unaware of being enrolled in a data-sharing initiative and never gave informed consent for his personal driving data to be transmitted to third parties.
The complaint claims that members of the class action experienced tangible harm, including diminished control over their personal driving data, infringement of privacy, and increased exposure to potential data misuse or theft. This case has brought attention to the broader debate surrounding consent and transparency in connected vehicle ecosystems.
Incidents like this aren’t isolated. In Europe last year, a security lapse at Cariad—a Volkswagen Group software arm—exposed private data collected from drivers of VW, Audi, Seat, and Skoda vehicles. The information left unprotected included sensitive travel patterns and the regular locations of individuals, making it alarmingly simple to determine personal routines such as home and work addresses, preferred shops, or even political affiliations in some high-profile cases.
Modern vehicles routinely transmit operational and behavioral data to manufacturers or associated service providers. While many owners are encouraged to access this information via companion apps or online dashboards for insights into their driving performance, there’s often little transparency about where else the data goes. The value of this information on the open market has created new monetization opportunities—frequently pursued without the knowledge or permission of the driver.
Given the complexity of purchasing a new car—contracts covering financing, warranties, maintenance, and insurance—it’s plausible that clauses about data sharing might be overlooked or buried in fine print. Still, the implication of implicit consent remains a grey area when drivers aren’t explicitly informed.
Some insurance companies do offer discounts to customers who agree to install tracking devices—commonly known as “black boxes”—to reward safer driving habits. However, today’s connected cars often come equipped with built-in telemetry systems, essentially collecting the same information automatically. This shift raises fresh concerns about the potential for unauthorized data usage.
While vehicle data is often justified as beneficial—such as optimizing charging infrastructure or diagnosing mechanical issues early—it’s becoming increasingly evident that the same data can also be commodified. The line between utility and exploitation is growing thinner, and the Toyota case could set important legal precedents for how that boundary is defined.