Yes, but, this bill will also initiate the requirement of EDRs in all vehicles. I don't believe that is anything to go crazy about, but it is significant.
It's a sensible requirement. It seems like a reasonable clause in the social contract that if you're going to zoom around at 50-80MPH in a 4000 pound explosive metal box, we should be able to reconstruct as much as possible when that box collides with another box, or a building, or a bunch of people.
If this law required the boxes to be installed surreptitiously (like they are now), or stipulated that the data on the boxes belonged to the government, or stipulated that they RF backhaul the data back to some central government computer, that would indeed be cause for alarm.
I keep missing out here somehow. the Senate bill includes law that says you can't exploit it. And yes the FBI will no doubt try to use this to 'fix' the issue of having to get warrants for gps tracking, which folks will watch out for, but the 'good' parts of an EDR are that you can find out just what the heck happened post 'event.' As a consumer you will be a lot happier if you know that your 'to spec' inflated tire just blew out and rolled you over causing a couple of million in damage isn't going to be your fault.
So there are benefits here, and the public is more educated about the risks. Another benefit of the Senate legislation is that it applies to all EDRs in cars, so folks who put EDRs into your car today and do sell information to third parties (I'm looking at you OnStar) will also be bound by this.
So a more reasonable story might have been:
EDRs are in a lot of vehicles now, they represent both a privacy threat and a potential benefit. There are no explicit rules around what folks can do with them. Your government is 'fixing' that by making explicit what can and can not be done. Generally that would be an encouraging sign, and participating early in the process will help ensure its done in the best interest of the consumer rather than the installer.
Regarding your last sentence though: a likely trend may arise where all EULAs for modern cars include giving consent to the manufacturer to do what they please with the information from the EDR.
This would bypass the discussed bill because the bill allows you to give such consent. I think most people wouldn't be in an uproar about this. Thereby making this bill rather irrelevant; at least tooth-less against protecting the data.
Like CISPA, then, the bill would be a no-op; at worst, a missed opportunity to add more privacy to the status quo.
Unlike CISPA, however, it means assholes who drive 70MPH down residential side streets in Benzes will be accountable when they cause accidents (Benzes don't have EDRs now). In other words: unlike CISPA, it actually does what it sets out to do.
