Tucked inside the 2021 Infrastructure Investment and Jobs Act—a 1,039-page spending bill better known for its roads-and-bridges headlines—is Section 24220, a provision that will fundamentally change every new car sold in America. Beginning as early as September 2027, every new passenger vehicle must ship with “advanced drunk and impaired driving prevention technology.” On its face, that sounds reasonable. Impaired driving kills roughly 13,000 Americans a year. Who wouldn’t want safer roads?

But look closer and the picture shifts. The technology required to meet this mandate doesn’t simply check whether you’ve been drinking. It watches you—constantly. Infrared cameras pointed at your face will track your eye movements, measure pupil dilation, and monitor how often you blink. Breath sensors embedded in the cabin will sample the air. Behavioral algorithms will analyze your steering, braking, and lane discipline, scoring you in real time against a model of what a “normal” driver looks like. If the system decides you’re impaired, it can prevent the car from starting, limit its speed, or pull it to the side of the road.

The National Highway Traffic Safety Administration (NHTSA), the agency responsible for writing the technical rules, has already missed its original November 2024 deadline and has not set a new one. No current system meets the law’s required 99.9% accuracy threshold—a standard that, even if met, would still wrongly flag tens of millions of sober drivers every year across the national fleet. Yet the mandate remains on the books, and automakers are tooling up.

A Camera in Every Cabin

To understand the stakes, consider what these sensors actually capture. An infrared camera aimed at your eyes doesn’t just detect drowsiness. It can infer emotional state, track where you’re looking, and even identify individual occupants by their biometric signatures. Breath sensors don’t merely test for ethanol—they sample the volatile organic compounds in your exhalations, data that researchers have shown can indicate medical conditions, medications, and diet.

Pair that with the telematic systems already present in most modern vehicles—GPS location logged every three seconds, speed profiles, hard-braking events, acceleration patterns, phone-connection records—and you have an extraordinarily detailed portrait of a person’s daily life. Where they go, when they leave, how they drive, and now, what their body is doing behind the wheel.

“Cars are now the worst product category we have ever reviewed for privacy.”
— Mozilla Foundation, Privacy Not Included report

The Mozilla Foundation reached that conclusion after evaluating 25 major car brands and finding that every single one collected more personal data than necessary, and 84% shared or sold that data.

The Data Pipeline You Can’t Opt Out Of

Here is where the mandate’s privacy gap becomes dangerous. Section 24220 tells automakers to install monitoring hardware. It says nothing—literally nothing—about what happens to the data those sensors generate. There is no federal requirement that biometric readings stay inside the vehicle. No rule that telematic data be anonymized. No prohibition on packaging it all up and selling it to the highest bidder.

And sell it they do. A CNN investigation in early 2026 found that 90% of new cars already track driving behavior every three seconds and that automakers earn up to $100 per vehicle per year by selling that data. The buyers are data brokers like LexisNexis and Verisk, who aggregate the information into “risk scores” and resell it to insurance companies, fleet managers, marketers, and law enforcement.

General Motors provides a cautionary case study. In 2025, the Federal Trade Commission charged GM with collecting and selling detailed driving data from 1.5 million OnStar-enrolled customers—without clear consent—to consumer-reporting agencies who used it to adjust insurance premiums. Under the resulting settlement, GM was banned from sharing driving data with consumer-reporting agencies for five years and was required to publish a list of every third-party company with which it shares driver data. The fact that a federal enforcement action was necessary to achieve even that baseline level of transparency tells you everything about how the industry operates by default.

Third-Party Pitfalls: Who Profits From Your Commute

When your vehicle data reaches a third party, it enters a secondary marketplace with almost no regulatory guardrails. Consider the downstream consequences:

• Insurance discrimination. Data brokers compile driving scores that insurers use to set premiums. Hard-brake too often on your commute through a pothole-ridden neighborhood? Your rates go up—not because you’re a bad driver, but because an algorithm says so.
• Location tracking and profiling. GPS logs reveal whether you visit a therapist’s office, attend a political rally, or frequent a particular place of worship. That data, once sold, is nearly impossible to recall.
• Employment screening. Fleet-management companies already use telematics to evaluate drivers. There is nothing preventing an employer from purchasing a prospective hire’s aggregated driving profile from a data broker.
• Law enforcement access without a warrant. Government agencies have purchased commercial location data to bypass Fourth Amendment protections. Vehicle telematics are a rich new source.

Almost every major automaker has declined to name the specific companies with which they share driving data. The lack of transparency is not an accident—it’s a business strategy. Opacity protects the revenue stream.

No Meaningful Consent

Defenders of the current system argue that owners agree to data collection when they accept the vehicle’s terms of service. But these agreements are buried inside infotainment-system setup flows, written in dense legalese, and presented on a take-it-or-leave-it basis. Declining often disables navigation, remote-start, crash-notification, and other features that owners reasonably expect from a modern car. That is not informed consent—it is coercion dressed up in a click-through dialog.

Worse, there is currently no federal opt-out provision in the 2027 mandate itself. If the car must monitor you to comply with the law, you cannot simply turn the sensors off. And once those sensors are running, the data they generate becomes another asset on the automaker’s balance sheet.

What you can do right now: Check whether your current vehicle has an active telematics subscription (OnStar, Toyota Connected Services, FordPass, etc.) and review its data-sharing settings. Consumer Reports maintains a guide on opting out where possible. Contact your elected representatives and ask them to support legislation that requires vehicle data to stay inside the vehicle unless the owner explicitly, meaningfully consents.

The Road We Should Be On

Let’s be clear: reducing impaired-driving deaths is a worthy goal. But the means matter. A mandate that puts always-on biometric surveillance hardware in 17 million new vehicles a year—with no enforceable data-protection framework—is not safety policy. It is the construction of one of the largest consumer-surveillance networks ever built, funded by car buyers and monetized by corporations.

Congress has the power to fix this. Lawmakers could amend Section 24220 to require that all impairment-detection data be processed on-device and never transmitted. They could mandate that telematic data belong to the vehicle owner, not the manufacturer. They could impose real penalties—not slap-on-the-wrist settlements—for selling driver data without affirmative, opt-in consent.

Until that happens, every new car rolling off the line in 2027 will be a surveillance platform on wheels—one that watches you drive, decides whether you’re fit to be behind the wheel, and quietly sells the details of your life to anyone willing to pay.

Your car should take you where you want to go. It shouldn’t report back on the trip.

---

Sources: Motor1 · Reason · FTC · Consumer Reports · WardsAuto

By: Adam John