A bill to protect consumers from security and privacy threats to their motor vehicles, and for other purposes.

Introduced in Senate
Security and Privacy in Your Car Act of 2017 or the SPY Car Act of 2017

This bill directs the National Highway Traffic Safety Administration (NHTSA) to
conduct a rulemaking to issue motor vehicle cybersecurity regulations that
require motor vehicles manufactured for sale in the United States to protect
against unauthorized access to: (1) electronic controls or driving data,
including information about the vehicle's location, speed, owner, driver, or
passengers; or (2) driving data collected by electronic systems built into a
vehicle while that data is stored onboard the vehicle, in transit from the
vehicle to another location, or subsequently stored or used off-board the
vehicle. The regulations must require vehicles with accessible data or control
signals to be capable of detecting, reporting, and stopping attempts to
intercept such driving data or control the vehicle.

A violator is liable to the U.S. government for a civil penalty of up to $5,000
for each violation.

 NHTSA must also conduct a rulemaking to require the fuel economy labeling that
manufacturers attach to motor vehicles to display a "cyber dashboard" with a
standardized graphic to inform consumers about the extent to which the vehicle
protects individuals' cybersecurity and privacy beyond the minimum requirements.

The Federal Trade Commission is required to conduct a rulemaking to: (1) require
motor vehicles to notify owners or lessees about the collection, transmission,
retention, and use of driving data; (2) provide owners or lessees with the
option to terminate such data collection and retention (except onboard safety
systems required for post-incident investigations, emissions, crash avoidance,
and other regulatory compliance programs) without losing navigation tools or
other features; and (3) prohibit manufacturers from using collected information
for advertising or marketing purposes without the owner's or lessee's consent.
Violations are to be treated as unfair or deceptive acts or practices under the
Federal Trade Commission Act.



  • Read twice and referred to the Committee on Commerce, Science, and Transportation.

    Mar 21st, 2017
  • Introduced in Senate

    Mar 21st, 2017