Consumer Rights Wiki

Arity's alleged unauthorized driver data collection through mobile apps: Difference between revisions

← Older editNewer edit →
VisualWikitext
No edit summary
Line 1: Line 1:
{{ToneWarning}}
== Introduction ==
== Introduction ==
Arity is a subsidiary of Allstate founded in 2016. As part of their mission, Arity states they do the following:
Arity, established in 2016 as a subsidiary of Allstate Corporation, positions itself as a leader in mobility data analytics. According to their mission statement:
<blockquote>''...collect{s} and analyze{s} trillions of miles of driving data to create a greater understanding of how people move. With the world's largest driving dataset tied to insurance claims collected through mobile devices, in-car devices, and vehicles themselves''<ref>https://web.archive.org/web/20250114015047/https://arity.com/solutions/vehicle-miles-traveled/</ref></blockquote>
<blockquote>''...collect{s} and analyze{s} trillions of miles of driving data to create a greater understanding of how people move. With the world's largest driving dataset tied to insurance claims collected through mobile devices, in-car devices, and vehicles themselves''<ref>https://web.archive.org/web/20250114015047/https://arity.com/solutions/vehicle-miles-traveled/</ref></blockquote>


[[File:Screenshot of arity.com as of January 15, 2025.png|alt=screenshot of arity.com as of January 15, 2025|thumb|screenshot of arity.com demonstrating their claim of having 40 million active mobile connections]]
[[File:Screenshot of arity.com as of January 15, 2025.png|alt=screenshot of arity.com as of January 15, 2025|thumb|screenshot of arity.com demonstrating their claim of having 40 million active mobile connections]]


Their website touts over 40m active mobile connections, with data captured every 15 seconds or less.<ref>https://web.archive.org/web/20241217184520/https://arity.com/solutions/real-time-insights/</ref> The state of Texas Attorney General's office claims this occurred without the consent of the drivers and has filed a lawsuit against Allstate Corporation and its subsidiaries, including Arity which was founded by Allstate.<ref>https://www.texasattorneygeneral.gov/sites/default/files/images/press/Allstate%20and%20Arity%20Petition%20Filed.pdf</ref>
According to their website, Arity maintains over 40 million active mobile connections, capturing data at intervals of 15 seconds or less.<ref>https://web.archive.org/web/20241217184520/https://arity.com/solutions/real-time-insights/</ref> The Texas Attorney General's office has initiated legal proceedings against Allstate Corporation and its subsidiaries, including Arity, asserting that this data collection occurred without proper driver consent.<ref>https://www.texasattorneygeneral.gov/sites/default/files/images/press/Allstate%20and%20Arity%20Petition%20Filed.pdf</ref>


The State of Texas, led by Texas Attorney Ken Paxton, has named Allstate & Arity, as well as their subsidiaries, as defendants in a lawsuit where they make allegations of data privacy violations.
The State of Texas, under the direction of Attorney General Ken Paxton, has filed a lawsuit naming Allstate, Arity, and their subsidiaries as defendants, alleging multiple violations of data privacy regulations.


== Claims made by the suit ==
== Claims made by the suit ==


=== Laws broken ===
=== Laws broken ===
The lawsuit accuses them of violating state laws such as the Texas Data Privacy and Security Act<ref>https://capitol.texas.gov/tlodocs/88R/billtext/html/HB00004F.htm</ref>, the Data Broker Law<ref>https://statutes.capitol.texas.gov/Docs/BC/htm/BC.509.htm</ref>, and the Texas Insurance Code<ref>https://statutes.capitol.texas.gov/Docs/IN/htm/IN.541.htm</ref>. Allstate & its subsidiaries reportedly harvested this data through software integrated into mobile apps, impacting millions of Americans; not just those who are Texas residents.
The legal action alleges violations of multiple state regulations, including the Texas Data Privacy and Security Act<ref>https://capitol.texas.gov/tlodocs/88R/billtext/html/HB00004F.htm</ref>, the Data Broker Law<ref>https://statutes.capitol.texas.gov/Docs/BC/htm/BC.509.htm</ref>, and the Texas Insurance Code<ref>https://statutes.capitol.texas.gov/Docs/IN/htm/IN.541.htm</ref>. The scope of the alleged data collection, implemented through mobile app software integration, extends beyond Texas residents to affect millions of Americans nationwide.


=== Claims made ===
=== Claims made ===
This lawsuit makes claims for which '''there is not enough information in the source document to understand where these came from.''' Refer to [[Anonymity & Vagueness in Citations]] to learn more.   
Several assertions in this lawsuit require additional substantiation, as '''the source documentation provides insufficient information to verify their origins.''' For more information on this topic, please refer to [[Anonymity & Vagueness in Citations]].   


==== Claims with evidence ====
==== Claims with evidence ====


===== What data Arity collects =====
===== What data Arity collects =====
Arity collects the following data per the lawsuit, that can be confirmed via their privacy policy<ref name=":0" />:
According to the lawsuit and confirmed by Arity's privacy policy<ref name=":0" />, the company collects:


* Geolocation data
* Geolocation data
Line 43: Line 41:


====== This is technically true ======
====== This is technically true ======
The suit cites Arity's website, where they claim to:
Arity's website makes the following verifiable claims:


# Have the largest collection of driving data
# Possession of the largest driving data collection
# Collect new data on individuals every 15 seconds
# Data collection intervals of 15 seconds
# Have access to trillions of miles of driving data.
# Access to trillions of miles of driving data


====== Evidence of data collection vs. evidence of ''improper'' data collection ======
====== Evidence of data collection vs. evidence of ''improper'' data collection ======
The lawsuit's citations are quotations from Arity's website, that in and of itself contain no evidence of malfeasance. For instance, Geico's smartphone application allows individuals to opt into driver-monitoring data collection offering a chance at decreased insurance rates, and is upfront about this before opting you in.<ref>https://www.geico.com/driveeasy/</ref> While this may not be comforting to privacy minded people, the choice is presented to the customer. The mere mention that a company collects driving data is not an indictment that privacy violations have occurred.
The lawsuit's citations primarily reference Arity's public statements, which alone do not establish wrongdoing. For comparison, Geico's smartphone application implements driver-monitoring data collection with explicit user consent, offering potential insurance rate reductions.<ref>https://www.geico.com/driveeasy/</ref> While such data collection may raise privacy concerns, the transparency of choice differentiates it from alleged improper practices. The mere existence of driving data collection does not inherently indicate privacy violations.


The allegations in the lawsuit hone in on the secretive collection & monetization of insured's private driving behavior data without proper disclosure or consent to the driver, but lack tangible evidence at this time that this has taken place.  
The lawsuit's core allegations focus on the undisclosed collection and monetization of insured drivers' behavioral data without proper consent, though concrete evidence supporting these claims remains pending.


===== Arity's lack of easy opt-out =====
===== Arity's lack of easy opt-out =====
{{Important|Even if a consumer of an application utilizing the Arity SDK wanted to opt out, there was no way for them to do so.}}
{{Important|Consumers utilizing applications with integrated Arity SDK encountered systematic barriers to opting out of data collection.}}
Their privacy policy<ref>https://web.archive.org/web/20241217050443/https://arity.com/privacy/</ref> makes no meaningful mention of how to opt-out of data collection. Their website only occasionally links to outside websites that will be of little help to someone looking to limit Arity's data collection, such as the Apple support center.
The company's privacy policy<ref>https://web.archive.org/web/20241217050443/https://arity.com/privacy/</ref> provides inadequate guidance regarding data collection opt-out procedures. Their website redirects users to external resources, such as the Apple support center, which offer limited practical assistance in restricting Arity's data collection capabilities.


===== Defendants worked to Integrate the Arity SDK into Mobile Apps =====
===== Defendants worked to Integrate the Arity SDK into Mobile Apps =====
Ken Paxton's office, in this lawsuit, claim is made that Arity & Allstate paid partnered apps such as Routely, Life360, GasBuddy, and Fuel Rewards to integrate their SDK into the apps. The proof for this is not provided in the lawsuit documents. It can be inferred based on economic motives:
The Texas Attorney General's lawsuit asserts that Arity and Allstate established financial arrangements with applications including Routely, Life360, GasBuddy, and Fuel Rewards to incorporate their SDK. While direct evidence of these arrangements is not presented in the legal documentation, the following economic factors support this business model:


# There is a large market for driving data that businesses are willing to pay for.
# The substantial market value of driving behavior data
# App developers have an incentive to receive money from other businesses.
# Financial incentives for app developers to participate in data monetization
# Arity has an incentive to provide their SDK that collects driving data, given the market for driver data.
# Arity's strategic interest in expanding their driver data collection network


Arity's website markets themselves to individuals & businesses that would want to utilize their driver data collection utilities within their applications, in a commercial tone.<ref>https://web.archive.org/web/20240716070042/https://arity.com/article/leveraging-a-telematics-sdk-for-mobile-apps/</ref> That Arity was integrated into these mobile apps can be confirmed by case studies and PR statements made by Arity:
Arity actively markets their SDK integration services to businesses and developers.<ref>https://web.archive.org/web/20240716070042/https://arity.com/article/leveraging-a-telematics-sdk-for-mobile-apps/</ref> Documentation of Arity's app integration exists through:


# Arity has claimed that GasBuddy partnered with Arity to collect personal data from drivers.<ref>https://web.archive.org/web/20241213031839/https://www.prnewswire.com/news-releases/gasbuddy-partners-with-arity-to-bring-personalized-experiences-to-drivers-looking-to-save-even-more-money-on-fuel-301321800.html</ref>
# Public confirmation of the GasBuddy partnership through Arity's press releases<ref>https://web.archive.org/web/20241213031839/https://www.prnewswire.com/news-releases/gasbuddy-partners-with-arity-to-bring-personalized-experiences-to-drivers-looking-to-save-even-more-money-on-fuel-301321800.html</ref>
# Arity has authored a case study regarding Life360's utilization of Arity's products.<ref>https://arity.com/wp-content/uploads/2023/09/arity_case-study_moapps_Life360.pdf</ref><ref>[[:File:Arity case-study moapps Life360.pdf]]</ref>
# Detailed case study documentation of Life360's implementation of Arity's technology<ref>https://arity.com/wp-content/uploads/2023/09/arity_case-study_moapps_Life360.pdf</ref><ref>[[:File:Arity case-study moapps Life360.pdf]]</ref>


===== Arity's claims about usage of data =====
===== Arity's claims about usage of data =====
The lawsuit claims that Arity's terms of service provides information on how your data will be used, which is taken below from Arity's privacy policy<ref name=":0">https://web.archive.org/web/20241217050443/https://arity.com/privacy/</ref>:
The lawsuit references Arity's terms of service regarding data utilization, specifically citing their privacy policy<ref name=":0">https://web.archive.org/web/20241217050443/https://arity.com/privacy/</ref>:


<blockquote>Arity shares your information with its business clients as part of your purchase, or use, of services from those business clients. Those business clients include, but are not limited to, insurance companies as well as mobile app providers who track the location of members of a defined group or who provide weather related information. If you have purchased an insurance product offered by an Arity business client, then your information may also be used by that business client to calculate insurance rates or rewards provided under the product or service. Our insurance company business clients may also use your information to update their pricing and underwriting models. All such use of your personal information by our business clients is subject to their privacy policies and not this Privacy Statement.</blockquote>
<blockquote>Arity shares your information with its business clients as part of your purchase, or use, of services from those business clients. Those business clients include, but are not limited to, insurance companies as well as mobile app providers who track the location of members of a defined group or who provide weather related information. If you have purchased an insurance product offered by an Arity business client, then your information may also be used by that business client to calculate insurance rates or rewards provided under the product or service. Our insurance company business clients may also use your information to update their pricing and underwriting models. All such use of your personal information by our business clients is subject to their privacy policies and not this Privacy Statement.</blockquote>


===== Drivers not knowingly consenting to these terms =====
===== Drivers not knowingly consenting to these terms =====
Arity's terms of service make the following claims, which customers have not consented to.
The terms of service present significant consent issues:


====== "Arity shares your information with its business clients as part of your purchase, or use, of services from those business clients."<ref name=":0" /> ======
====== "Arity shares your information with its business clients as part of your purchase, or use, of services from those business clients."<ref name=":0" /> ======
This is troublesome as users who are having data collected by the Arity SDK might not be aware of or have consented to, such data sharing agreements. Imagine James is using an app that uses the Arity SDK:
This arrangement presents substantial privacy concerns, illustrated through the following scenario:


# James is using an application developed by an Arity business client.
# A user (James) engages with an Arity business client's application
# James does not know who Arity is.
# James lacks awareness of Arity's existence
# The business client has not told James how Arity uses his data.
# The business client omits disclosure of Arity's data handling practices
# Therefore, there is no way James could have consented to Arity's privacy policy.
# This creates an inherent impossibility of informed consent to Arity's privacy policy


====== "If you have purchased an insurance product offered by an Arity business client, then your information may also be used by that business client to calculate insurance rates or rewards provided under the product or service."<ref name=":0" /> ======
====== "If you have purchased an insurance product offered by an Arity business client, then your information may also be used by that business client to calculate insurance rates or rewards provided under the product or service."<ref name=":0" /> ======
{{Important|Arity's business clients are not always insurance companies. '''This means that Arity is claiming that your insurance rates might be raised due to data collected by someone who is not your insurance company.'''}}
{{Important|The distinction between insurance and non-insurance business clients creates a critical privacy concern: '''Non-insurance entities may collect data that influences insurance rates without user awareness or consent.'''}}


If the application a user is running on their phone does not disclose that the information they are collecting on them may raise their insurance rates, that means they are being materially harmed by terms of a privacy policy they were never made aware of. This can be referred to as a game of [[Game of Telephone privacy policy|telephone privacy policy]].
This structure potentially enables non-disclosed data collection to impact insurance premiums, exemplifying the problematic nature of what can be termed a [[Game of Telephone privacy policy|telephone privacy policy]].


==== Claims without evidence ====
==== Claims without evidence ====
These claims are submitted without citations, or ''"on information and belief"'' - which is a way of saying that while the proof is not yet available, the attorney general expects to find it through the legal process of [[wikipedia:Discovery_(law)|discovery]].
The following allegations rely on the legal principle of ''information and belief,'' indicating that supporting evidence is anticipated through the [[wikipedia:Discovery_(law)|discovery]] process rather than currently available.


{{Important|[[Trust me bro|trust me bro]] cannot be trusted as a source of information when making sweeping claims about nearly all major automotive manufacturers.}}
{{Important|Substantial allegations regarding automotive industry practices require corresponding evidence beyond [[Trust me bro|trust me bro]] assertions.}}


===== Arity purchased information from automakers to complement their own data =====
===== Arity purchased information from automakers to complement their own data =====
[[File:Facebook screenshot of insurance app.png|alt=Facebook screenshot of insurance app|thumb|Facebook screenshot of insurance app]]
[[File:Facebook screenshot of insurance app.png|alt=Facebook screenshot of insurance app|thumb|Facebook screenshot of insurance app]]
Arity's information collection was based on smartphone applications. Regardless of how accurate smartphone data collection is, this is an inaccurate way to judge the driving skills of an individual. For instance, if an individual is on a rollercoaster, they are not driving; but they may be judged as a poor driver for sudden turns and acceleration.<ref>https://www.cincinnati.com/story/entertainment/2024/10/08/insurance-cuts-driving-score-man-riding-the-beast-kings-island/75554987007/</ref><ref>https://www.facebook.com/photo/?fbid=8578211025555918&set=gm.8485090164900182&idorvanity=121958981213384</ref>
The smartphone-based data collection methodology presents inherent accuracy limitations. For example, recreational activities like roller coaster rides might erroneously register as dangerous driving behavior.<ref>https://www.cincinnati.com/story/entertainment/2024/10/08/insurance-cuts-driving-score-man-riding-the-beast-kings-island/75554987007/</ref><ref>https://www.facebook.com/photo/?fbid=8578211025555918&set=gm.8485090164900182&idorvanity=121958981213384</ref>


However, no evidence is provided for sales of data from automakers to Arity.
However, the lawsuit's assertion regarding automotive manufacturer data sales remains unsubstantiated.


<blockquote>To potentially account for the Arity SDK Data's limitations, Defendants sought to combine the SDK Data with data collected directly from vehicles. As a result, Defendants began purchasing consumers' driving-related data from car manufacturers, such as Toyota, Lexus, Mazda, Chrysler, Dodge, Fiat, Jeep, Maserati, and Ram. On information and belief, consumers did not consent, nor were otherwise aware that, Defendants purchased their driving-related data from these car manufacturers</blockquote>
<blockquote>To potentially account for the Arity SDK Data's limitations, Defendants sought to combine the SDK Data with data collected directly from vehicles. As a result, Defendants began purchasing consumers' driving-related data from car manufacturers, such as Toyota, Lexus, Mazda, Chrysler, Dodge, Fiat, Jeep, Maserati, and Ram. On information and belief, consumers did not consent, nor were otherwise aware that, Defendants purchased their driving-related data from these car manufacturers</blockquote>


===== Arity's bonus incentives to developers for bundling data collection into their apps =====
===== Arity's bonus incentives to developers for bundling data collection into their apps =====
The suit claims <blockquote>"To encourage developers to adopt Defendants' software, Defendants paid app developers millions of dollars to integrate Defendants' software into their apps. Defendants further incentivized developer participation by creating generous bonus incentives for increasing the size of their dataset."</blockquote>However, no citations or evidence are provided.
The lawsuit states: <blockquote>"To encourage developers to adopt Defendants' software, Defendants paid app developers millions of dollars to integrate Defendants' software into their apps. Defendants further incentivized developer participation by creating generous bonus incentives for increasing the size of their dataset."</blockquote>This claim lacks supporting documentation.


{{Important| There is no evidence that Arity was paying developers to integrate their SDK into their apps present in this suit. One can infer economic incentives for Arity's alleged behavior; if driver data is in high demand, Arity could sell driver data to their partners for more money than the incentives offered to app developers to implement their data-collection-SDK. '''However, there is no evidence presented in the suit.'''}}
{{Important|While economic incentives for such arrangements are theoretically plausible - with potential profits from data sales exceeding developer incentive costs - '''the lawsuit presents no concrete evidence of these financial arrangements.'''}}


===== Automakers who sold data =====
===== Automakers who sold data =====
The automakers that were accused of selling driver data to the defendant Arity were Toyota, Lexus, Mazda, Chrysler, Dodge, Fiat, Jeep, Maserati, and Ram; evidence was not presented for these.  
The lawsuit names Toyota, Lexus, Mazda, Chrysler, Dodge, Fiat, Jeep, Maserati, and Ram as participants in data sales to Arity, without providing supporting evidence for these assertions.  


== References ==
== References ==
Retrieved from "https://consumerrights.wiki/w/Arity%27s_alleged_unauthorized_driver_data_collection_through_mobile_apps"