Cars and data privacy are becoming a hot topic, as vehicles are becoming smarter than ever. They’re capable of scanning their surroundings, warning you of nearby objects, and even driving themselves! But since they are so smart, they’re also watching and listening to you too.
Data privacy and security is becoming an increasingly alarming issue in the automotive industry. Just as social media websites have alarmed users and governments of privacy breaches, vehicle manufacturers are on fire for the same thing. Unbeknownst to drivers around the world, these companies are collecting their sensitive information and possibly selling them to third parties too.
How does this all work? Read on to find out.
YOUR DATA, YOUR CAR
The smarter your car is, the more it is capable of collecting your data. A car is just as capable of tracking your data as your phone and applications are. Worse, there’s even a possibility that your car could be selling your information. But which part of your car is tracking and siphoning your data from you?
A car’s AI features, built-in sensors, touch-screen devices, microphones and cameras are able to record your actions, even if you’re just sitting there. As these devices collect your information, they’re uploaded to the car’s computer then brought back to the car company and its data management partner to be stored.
If you think this is bad, the foundation revealed that cars also collect data on your surroundings. Again, a car’s sensors are one of its biggest avenues of data collection. While it is helpful for your vehicle to tell you if something is too close, it is also learning about the outer environment. Current road conditions, the weather, and traffic signs are just a few examples of what your outer sensors are collecting information about.
The Mozilla Foundation is an America-based organisation that reviews various brands and products on their level of privacy protection. According to them, “cars are the worst product category we have ever reviewed for privacy.” While marketing their products’ smart features, car manufacturers use vague and broad terms to mask how much data they’re actually stealing from you. Mozilla found six car companies using the terms “demographic data” and “sensor data” in an attempt to disclose to the customer about what they’re collecting. Of course, these companies don’t exactly explain what they mean, so you, the consumer, are ultimately oblivious to what they actually know about you. Did we mention Mozilla found out cars collect “images” too? Yikes.
THE DEAL WITH DATA PRIVACY
So, what is data privacy? According to CloudFlare, it is “the ability of a person to determine for themselves when, how, and to what extent personal information about them is shared with or communicated to others.” This refers to all information about you—your name, where you live, what your occupation is, or even your phone number.
Many websites and apps require you to sign up before you use their services. In the process of registering, you end up giving them your personal information. Even websites and services you don’t register for are able to track or make use of your data to curate personalised ads. Your phone, though mostly silent when not in use, contributes to this as well. Search engine inquiries, who your friends are, and your current location—these are just a few of the many things companies and products keep tabs on. It is not yet common knowledge for most consumers to consider their data privacy rights when buying cars.
THE PRIVACY NIGHTMARE
The biggest offender of cars breaching data privacy is Nissan. Nissan USA’s privacy policy reveals that the company collects your “religious or philosophical beliefs, sexual orientation, sexual activity, precise geolocation, health diagnosis data, and genetic information.” What for? Well, for “business purposes.” Unfortunately, that’s the limit of how specific they get.
While they collect sensitive data about their customers, Nissan reserves the right to give your information to third parties “for targeted marketing purposes.” Your personal preferences, personality characteristics, psychological patterns, general behaviour, intelligence level, and many more are all up for grabs with Nissan’s privacy policy.
News.com.au found that “Kia, Hyundai, and Tesla were the worst” at protecting consumer privacy. The news site revealed that manufacturers share consumers’ “voice recognition data with third parties, along with other information.”
Hyundai and Kia have complimentary apps for when you purchase their cars. These are Bluelink and Kia Connect, respectively. These apps link your car directly to your smartphone. You can access your car’s doors, air conditioning, diagnostics, and location with a few taps of your fingers. This feature may seem convenient at first, but they do raise alarms about data protection. Though, both companies have stated that these apps are completely optional. According to them, the data sent to third parties are used for “live traffic updates.”
While brands like Nissan, Hyundai, and Kia are collecting private information, customers are none the wiser. “Most [car brands] (92%) give drivers little to no control over their personal data,” Mozilla wrote in an article. Mozilla found that only 2 of their 25 reviewed brands give customers the option to delete their stored data—Renault and Dacia. Mozilla implies that since Renault and Dacia are based in Europe, they could just be complying to the EU’s General Data Protection Regulation (GDPR).
CURRENT LAWS
According to Katharine Kemp, a professor from the University of New South Wales’ Faculty of Law and Justice, Australia’s privacy laws are badly in need of reform. According to her article, Australia’s Federal Chamber of Automotive Industries (FCAI) recently submitted a document refuting points of the country’s Privacy Act reforms. The FCAI added its own suggestion called the “Voluntary Code of Conduct for Automotive Data and Privacy Protection.”
Kemp argued that the signatories of the FCAI’s code did not directly promise that they would abide by their own document. Instead, the principles of the code will “drive their approach to treatment of vehicle-generated data and associated personal information.” Furthermore, the FCAI insists that it would “notify” customers about third-party data collection. However, this disclosure is already mandated by the Privacy Act. As mentioned by Kemp in her article, the document did not specify if violators of the code will be penalised.
Kemp advocated for “an updated definition of ‘personal information’ and higher standards for ‘consent’” in her article. It was implied that proper reforms in Australia’s outdated Privacy Act can provide consumers with extra protection against companies’ shady data practices. Kemp suggested that a “fair and reasonable test” would be used to evaluate a company’s “fair” practices. This type of test would dispel the context of the consumer’s consent in relation to data collection. In her words, “this would help avoid claims [that] data practices are lawful just because consumers had to provide consent.”
An update to Australia’s privacy laws is long overdue. The topic of data privacy in cars will also need to be covered by any new reforms. With a growing vehicle market, reforms to protect consumers’ data become increasingly urgent.
For more relevant industry updates and news, subscribe to AfMA’s e-mag, FleetDrive!
