WeVote

Bill

Bill

HB 1557

Motor Vehicle Data Privacy and Autonomy

2026 Regular Session Introduced by Dotie Joseph

Gives owners control of vehicle operator data with a secure, standardized API, requiring consent to access or share data and banning unauthorized sale or foreign sharing.

Died in Industries & Professional Activities Subcommittee
0
WeVote Research Nonpartisan
Bill Summary · HB 1557

Overview

HB 1557 (2026) – Motor Vehicle Data Privacy and Autonomy Act – would impose new requirements on motor vehicle manufacturers regarding operator data, create a standardized interface for owner access and control of that data, and establish reporting and rulemaking processes. The bill defines key terms, restricts certain data practices, and sets timeline-driven milestones for standards development and oversight.

Main purpose and intent

  • Protect motor vehicle owners by granting them access to and control over operator data generated or stored in their vehicles.
  • Limit manufacturers’ ability to access or share operator data without informed consent or a clear exception.
  • Establish a standardized, secure, technology-neutral interface to manage operator data (including deletion and preferences).
  • Increase transparency through periodic reporting about data practices, cybersecurity, and data sharing, including potential foreign involvement.
  • Create enforcement through the unfair and deceptive trade practices framework and require regulatory rulemaking.

Key provisions and changes

  • Definitions:

    • Operator data: data generated onboard (sensors, processing units) or stored data generated by the operator.
    • Operator preference: configurable vehicle settings chosen by/for the operator.
    • Personal identifying information (PII): defined broadly (direct identifiers, indirect identifiers, or data revealing location/Internet activity).
    • Foreign country of concern / foreign principal, as used in s. 692.201.
  • Restrictions on manufacturers:

    • May not access operator data without affirmative consent that is freely given, informed, specific, unambiguous, in writing, and withdrawable, or if access is solely to improve performance or safety.
    • May not sell, lease, or share operator data unless authorized by a valid warrant, court order with notice and a hearing right, or to facilitate emergency response; or with the owner’s authorization or, if the owner is deceased or incapacitated, the next of kin.
    • May not sell/share PII with foreign countries of concern or foreign principals.
  • Owner access and control:

    • Manufacturers must provide motor vehicle owners access to and control of operator data at no extra cost.
    • Must create a technologically neutral, secure open application programming interface (API/Interface) to:
    • Facilitate deletion of all operator data stored in the vehicle.
    • Enable setting of any operator preference.
  • Standards and oversight:

    • By January 1, 2027, and annually thereafter, the Department of Highway Safety and Motor Vehicles (with specified state and federal agency input) must:
    • Prepare a report detailing data types accessed, actors accessing data, agencies using data, entities with data access or sale, foreign involvement, cybersecurity, and breach history.
    • By January 1, 2027, the department must report on current practices for data generation, storage, transmission, and cybersecurity to the Commerce Committee (House) and Senate Commerce and Tourism Committee (Senate).
    • By January 1, 2028, in coordination with NIST and industry stakeholders, establish at least one standard for the required interface.
    • By January 1, 2033 (and every 5 years thereafter), review and revise the interface standard(s) as appropriate.
  • Compliance and enforcement:

    • Violations are treated as unfair and deceptive trade practices under Florida law.
    • The department is to adopt rules to administer the act.
    • Provisions respect existing protections for proprietary confidential business information, with certain exceptions.
  • Effective date:

    • The act would take effect on July 1, 2026.

Who/what would be affected

  • Motor vehicle manufacturers (subject to consent requirements, data access/sharing restrictions, and interface obligations).
  • Motor vehicle owners (granted access to and control over operator data; can delete data and set preferences).
  • State Department of Highway Safety and Motor Vehicles (and specified agencies) for standard-setting, reporting, and enforcement.
  • Federal agencies and standards bodies via coordination (NIST, FCC, Homeland Security, etc.) in developing interface standards.
  • Potentially foreign countries of concern or foreign principals if differing in data-sharing arrangements (turther restricted).

Procedural and timeline aspects

  • Effective date: July 1, 2026.
  • 2027: Annual reporting on operator data practices, cybersecurity, and access patterns.
  • 2027: First annual report on current data practices (storage, transmission, etc.).
  • 2028: Establish at least one standard for the required interface (in coordination with NIST and stakeholders).
  • 2033 and every 5 years thereafter: Review and revise interface standards.
  • Enforcement: Violations classified as unfair and deceptive trade practices; rules to be adopted by the department.

Potential impact

  • Increased consumer control over vehicle data and greater transparency about data uses.
  • Higher compliance costs for manufacturers to implement open, secure interfaces and consent mechanisms.
  • Enhanced scrutiny of data sharing with third parties and foreign entities.
  • Progressive development of technical standards for data access interfaces, with periodic updates.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.