As connected vehicles become more embedded in daily life, their potential for misuse has grown especially in the context of domestic abuse. Modern cars increasingly function as mobile data centers, collecting everything from GPS locations and phone contacts to in-cabin audio and driver behavior. While this technology offers convenience and safety features, it also opens the door for intimate partner abusers to surveil, stalk, or control survivors long after a relationship ends.
In response, a wave of new state laws is emerging to address this silent threat by framing connected vehicle data as a form of digital personal information one that demands the same legal protections as smartphones or home security footage. As you’ve seen in our other breakdowns about Texas’s AG fighting back against Allstate and other companies in the space.
How Cars Became Surveillance Tools
Today’s vehicles often include built-in apps, synced phones, and subscription-based telematics services that track real-time location, driving habits, and in some cases, biometric or voice data. When a couple shares a vehicle especially if the abuser is the registered owner they may retain access to this information indefinitely, even after the survivor has physically separated.
For example:
- Location tracking allows abusers to monitor a survivor’s movements in real-time.
- Remote access features can lock/unlock doors, start the engine, or disable the car.
- Synced apps may expose call logs, contact lists, and calendar entries.
What makes this issue more dangerous is that vehicle manufacturers and service providers have often lacked clear procedures for revoking access when relationships change.
Privacy Laws Begin to Catch Up
In 2024 and 2025, several states including California, Colorado, and Washington passed laws requiring automakers and third-party vehicle platforms to implement privacy controls that allow users—especially domestic violence survivors—to easily revoke shared data access. These measures align with broader consumer data protection trends seen in laws like the California Consumer Privacy Act (CCPA) and the Connecticut Data Privacy Act (CTDPA).
Key features of these emerging laws include:
- Mandatory data access termination upon request, without needing consent from the other party.
- Transparency mandates that require automakers to disclose what data is being collected and who has access.
- Expedited privacy controls for survivors with protective orders or police reports.
- Civil penalties for companies that fail to comply, mirroring enforcement trends in other privacy statutes.
These laws also bring car data under the same privacy expectations applied to health records, browser histories, and smart home devices. In doing so, they acknowledge that personal safety now hinges on digital security as much as physical separation.
Automakers and Privacy Compliance
For vehicle manufacturers, these legislative developments signal a turning point. Compliance is no longer just about cybersecurity it’s about ethical data stewardship and designing systems that respect dynamic human relationships. Privacy by design is now more than a principle—it’s a liability shield. If you followed the recent CPPA fine against Honda Motors it wasn’t about the car connectivity but rather the fact that they didn’t properly handle privacy requirements in California. So even on your website you will need to make sure that you have symmetrical options for consent management and opt-out mechanisms that are not overly burdensome. On the connected car side you have another set of requirements.
Manufacturers and connected car platforms must:
- Implement survivor-centered privacy request workflows.
- Align with global privacy frameworks like GDPR and CPRA.
- Train support staff to handle sensitive data requests discreetly and promptly.
- Maintain audit trails to prove compliance in case of regulatory inquiry or litigation.
A Digital Safety Net
As cars become part of the Internet of Things (IoT), privacy protections must evolve in tandem. These new state laws represent a significant first step in reframing connected vehicles not just as products, but as potential vectors of harm if privacy is not adequately protected.
For survivors of abuse, reclaiming autonomy is no longer just about changing locks or moving addresses it’s about cutting off digital access, especially in the machines we rely on every day. The road to safety must now include data privacy and protect everybody that it can affect.
