A California federal court dismissed a proposed class action against Toyota Motor Corp. (Toyota), Ford Motor Co. (Ford) and General Motors, LLC (GM) this week, after a class of drivers alleged that the car companies failed to protect the drivers’ vehicles from hackers. The court dismissed the action because the drivers failed to establish any actual injury, and because the potential risk of being hacked at some point in the future is not enough to show “injury in fact.” U.S. District Judge William H. Orrick said, “It is difficult for me to conclude whether plaintiffs’ vehicles might be hacked at some point in the future, especially in light of the fact that plaintiffs do not allege that anybody outside of a controlled environment has ever been hacked. Plaintiffs have alleged only that their cars are susceptible to hacking but have failed to plead that they consequently face a credible risk of hacking.”
The drivers also claimed that Toyota, Ford and GM violated their privacy rights under California law, but again, the court determined that the plaintiffs did not have standing because tracking and dissemination of information about the drivers and their vehicle use “is not categorically the type of sensitive and confidential information that [California state] constitution aims to protect.” Additionally, the court determined that it did not have jurisdiction over Ford because the models owned by the driver plaintiffs were manufactured in Kentucky and Mexico, and sold in Oregon and Washington.
This action stems from the announcement back in July of this year of several vehicle recalls for their hacking vulnerabilities, and the National Highway Traffic Safety Administration’s start of an investigation into the effectiveness of the vehicle software updates.