[NonNefarious]

I suspect that this policy violates some privacy provisions in some states and countries. Don't California (and probably other) laws guarantee you the right to obtain any data a company has on you?

The CA state Web site says:

"You may request that businesses disclose to you what personal information they have collected, used, shared, or sold about you, and why they collected, used, shared, or sold that information. Specifically, you may request that businesses disclose:

-The categories of personal information collected

-Specific pieces of personal information collected

-The categories of sources from which the business collected personal information

-The purposes for which the business uses the personal information

-The categories of third parties with whom the business shares the personal information

-The categories of information that the business sells or discloses to third parties

Businesses must provide you this information for the 12-month period preceding your request. They must provide this information to you free of charge."

The wording is unfortunately vague, though. Disclosing WHAT information they've collected may be interpreted as different from disclosing THE information they've collected. However, I wonder if the "specific pieces" clause might be a basis for demanding "all data specific to a crash on such-and-such a date."

This site seems to indicate that the "specific data" allowance goes further than that: https://www.bclplaw.com/en-US/insights/ccpa-privacy-faqs-if-...

From that page: "Pursuant to Cal. Civ. Code Sections 1798,100(a), and 1798.110(a) and (b), a consumer has a right to request, and a business that 'collects personal information about a consumer' has an obligation to disclose and deliver upon a verifiable request, 'the specific pieces of personal information the business has collected.'"

It seems to me that in California, Tesla has to cough it up.

[onethought]

Armchair lawyering:

It's only if they link the data to an identity. If I were Tesla I would collect the data in an anonymous manner, meaning the data isn't YOURs i.e. there is no way to identify you in the data. Likely they do this via the VIN, it is not private, attaching data to VIN is vehicle data not personal data.

Pretty sure that would be compliant with California/European privacy law.

[NonNefarious]

Mmm, but then they wouldn't be able to comply with even a court order to surrender the data in regard to an accident.

So I'm going to say... no, because the data are linked to a vehicle and thus to a person.

[onethought]

That’s not how it works. If the data is connected to the VIN it is likely considered Teslas data, not yours. (Just like googles logs are theirs, even though your IP/fingerprint is in there). The data they store explicitly against your identity is yours by right in those states that have decent privacy law. It doesn’t include secondary/tertiary/derived data.

If you request your data from Google - you don’t get any web logs… but they definitely have them.