These days we’re connected to the world 24/7, primarily through our smartphones but also by other devices that can track our whereabouts and capture personal data such as sleep patterns, heart rate, and more, while surveillance cameras mounted everywhere from house doors to corporate buildings monitor our every move.
Although your car might seem like a last refuge, they’re also becoming increasingly connected, thanks to cameras and sensors that are monitoring and recording everything from eye movements to moods. Connected car data has been used to alert insurance companies if drivers are accelerating too fast and braking too hard and to supply law enforcement with information on crashes and more. Some automakers have even hinted that they know if you’re having sex in the cabin. And at least right now, there’s very little you can do about it.
https://www.motortrend.com/news/connected-cars-data-privacy-issues-sex-speeding/photos/
“Every one of the 25 car brands across 15 car companies earned our *Privacy Not Included warning label, which is a first,” said Jen Caltrider, Mozilla’s lead researcher for the project.
Recent events have borne out Mozilla’s conclusions. In March, The New York Times published an exposé on how automakers work with data brokers that in turn sell driver data to insurance companies. The story detailed how several owners of General Motors brand vehicles saw their insurance premiums spike even though they didn’t know they signed up for the automaker’s OnStar Smart Driver service. GM described the feature within its connected car apps as using “driving insights to become a smarter, safer driver.” GM did mention—albeit buried in fine print—that the feature shared what that automaker called “select insights,” such as rapid acceleration, hard braking, and driving over 80 mph, with data brokers LexisNexis and Verisk. But not that the two data brokers would in turn sell the data to insurance companies.
A GM spokesperson told The New York Times that Smart Driver is turned on “at the time of purchase or through their vehicle mobile app,” and a GM spokesperson told MotorTrend, "OnStar Smart Driver service is optional to customers, who give their consent three times before limited data is shared with an insurance carrier through a third party.” But The Times also reported that drivers were unknowingly signed up for the service at dealerships and that “salespeople can receive bonuses for successful enrollment of customers in OnStar services, including Smart Driver, according to a company manual.” After the article was published, GM issued a press release that said it would discontinue the Smart Driver service and terminate its relationship with LexisNexis and Verisk.
https://www.motortrend.com/news/connected-cars-data-privacy-issues-sex-speeding/photos/
In a recent blog post, the federal agency warned auto manufacturers they “should take note that the FTC will take action to protect consumers against the illegal collection, use, and disclosure of their personal data,” and it cited several enforcement actions to “underscore the significant potential liability” automakers face. Andrea Amico, CEO of Privacy4Cars and an expert on vehicle privacy and cybersecurity, called the blog post a “shot across the bow from the FTC to the broad auto industry—not just the manufacturers—on the need to dramatically step up their privacy practices.”
But a new car is a product—one that costs tens of thousands of dollars—and Mozilla’s Caltrider noted vehicle data privacy is more difficult to navigate and less transparent than the free and paid services that most tech companies offer. As an example, she pointed to the privacy policy of Apple and its app developers, which she cites as straightforward in its approach. “If I'm looking for a recipe app, I go to the App Store and there's a link to the privacy policy,” she said. Once an app is on your iPhone, it asks for certain permissions. “And if you get creeped out by the app, you can delete it,” she added.
As Caltrider pointed out, the experience in the car is very different, and to date there aren’t any user-friendly opt-in and opt-out choices compared to other technologies. “If you decide you don't want an app or service in your car, you can't just delete it,” she said. “And say you start your car and have to get somewhere, and a screen pops up asking do you agree to these things and you click OK. How do you navigate back to that?”
Compounding the problem, as more vehicles include in-car cameras and other monitoring systems, it’s not just the driver whose personal data is potentially being captured. It’s the passengers’, as well. In this scenario, it would theoretically be the on the driver to let the passengers know the details of an in-cabin monitoring system’s privacy policy. “Nobody picks up their buddy to go to a movie and says, ‘Hold on, I got to read you the privacy policy,’” Caltrider said. “It's a ridiculous situation.”
Continued...
Although your car might seem like a last refuge, they’re also becoming increasingly connected, thanks to cameras and sensors that are monitoring and recording everything from eye movements to moods. Connected car data has been used to alert insurance companies if drivers are accelerating too fast and braking too hard and to supply law enforcement with information on crashes and more. Some automakers have even hinted that they know if you’re having sex in the cabin. And at least right now, there’s very little you can do about it.
https://www.motortrend.com/news/connected-cars-data-privacy-issues-sex-speeding/photos/
Headlines, Headaches, and Hackles
Within the last year, the issue of connected car privacy has made headlines, caused headaches for some vehicle owners, and raised the hackles of federal officials. In September 2023, the Mozilla Foundation’s *Privacy Not Included project outlined that connected cars stood out as overly aggressive collectors of personal data compared to other technologies it examines, according to its report “It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed.”“Every one of the 25 car brands across 15 car companies earned our *Privacy Not Included warning label, which is a first,” said Jen Caltrider, Mozilla’s lead researcher for the project.
Recent events have borne out Mozilla’s conclusions. In March, The New York Times published an exposé on how automakers work with data brokers that in turn sell driver data to insurance companies. The story detailed how several owners of General Motors brand vehicles saw their insurance premiums spike even though they didn’t know they signed up for the automaker’s OnStar Smart Driver service. GM described the feature within its connected car apps as using “driving insights to become a smarter, safer driver.” GM did mention—albeit buried in fine print—that the feature shared what that automaker called “select insights,” such as rapid acceleration, hard braking, and driving over 80 mph, with data brokers LexisNexis and Verisk. But not that the two data brokers would in turn sell the data to insurance companies.
A GM spokesperson told The New York Times that Smart Driver is turned on “at the time of purchase or through their vehicle mobile app,” and a GM spokesperson told MotorTrend, "OnStar Smart Driver service is optional to customers, who give their consent three times before limited data is shared with an insurance carrier through a third party.” But The Times also reported that drivers were unknowingly signed up for the service at dealerships and that “salespeople can receive bonuses for successful enrollment of customers in OnStar services, including Smart Driver, according to a company manual.” After the article was published, GM issued a press release that said it would discontinue the Smart Driver service and terminate its relationship with LexisNexis and Verisk.
https://www.motortrend.com/news/connected-cars-data-privacy-issues-sex-speeding/photos/
Connected Cars Catch the Attention of the Feds
Connected car data privacy has also caught the attention of Sen. Edward Markey, D-Mass., a frequent critic of the auto industry’s tech practices. In December 2023, Markey sent letters to 14 car manufacturers “urging them to implement and enforce stronger privacy protections in their vehicles,” and in May he called on the Federal Trade Commission (FTC) to investigate the car industry’s data privacy practices.In a recent blog post, the federal agency warned auto manufacturers they “should take note that the FTC will take action to protect consumers against the illegal collection, use, and disclosure of their personal data,” and it cited several enforcement actions to “underscore the significant potential liability” automakers face. Andrea Amico, CEO of Privacy4Cars and an expert on vehicle privacy and cybersecurity, called the blog post a “shot across the bow from the FTC to the broad auto industry—not just the manufacturers—on the need to dramatically step up their privacy practices.”
Trading Data for Services
It can be argued that cars are simply joining other connected devices that constantly collect and share personal data, but there are significant differences between the two, Amico said. When posting pics and info on social media, he said most people understand they’re trading personal data like location, search, and buying habits for services. “When I sign up for Facebook, I know in exchange for seeing cat videos and photos of friends, I'm paying with my eyeballs,” Amico added. “Consumers are aware it's happening. The adage in Silicon Valley is if you're not paying for something, you are the product.”But a new car is a product—one that costs tens of thousands of dollars—and Mozilla’s Caltrider noted vehicle data privacy is more difficult to navigate and less transparent than the free and paid services that most tech companies offer. As an example, she pointed to the privacy policy of Apple and its app developers, which she cites as straightforward in its approach. “If I'm looking for a recipe app, I go to the App Store and there's a link to the privacy policy,” she said. Once an app is on your iPhone, it asks for certain permissions. “And if you get creeped out by the app, you can delete it,” she added.
As Caltrider pointed out, the experience in the car is very different, and to date there aren’t any user-friendly opt-in and opt-out choices compared to other technologies. “If you decide you don't want an app or service in your car, you can't just delete it,” she said. “And say you start your car and have to get somewhere, and a screen pops up asking do you agree to these things and you click OK. How do you navigate back to that?”
Compounding the problem, as more vehicles include in-car cameras and other monitoring systems, it’s not just the driver whose personal data is potentially being captured. It’s the passengers’, as well. In this scenario, it would theoretically be the on the driver to let the passengers know the details of an in-cabin monitoring system’s privacy policy. “Nobody picks up their buddy to go to a movie and says, ‘Hold on, I got to read you the privacy policy,’” Caltrider said. “It's a ridiculous situation.”
Continued...