By Xu Yuan, MLEX
Automakers’ promise of a personalized “smart” driving experience based on connected technologies like smartphones is already meeting resistance from privacy advocates over how the automakers handle data.
The development of connected vehicular technology allows the newest cars on the road to probe and understand the machine, as well as drivers and riders — enabling a wide range of related services by logging vehicle data to drive entertainment, maintenance needs, e-commerce and insurance options.
But the data-centered approach, which allows companies to know not only one’s location but also phone logs and music preferences, is raising concerns among privacy advocates, and they are already calling on regulators, such as
California’s new privacy agency, to build guardrails against potential abuse caused by excessive or unexpected collection of personal data.
Consumer Watchdog, a non-profit consumer advocacy organization, presented a report on cars’ data collection and use this week to California’s new privacy regulator, following similar comments submitted in November.
The report, “Connected Cars and the Threat to Your Privacy,” warns that data collection via cars needs to be reined in, and it calls on the California Privacy Protection Agency to create clear enforcement rules under the state’s new privacy law, the California Privacy Rights Act, which takes effect next year. The rules, they say, should give car owners the right to block car companies from collecting their specific location information. That kind of location data is critical to data-enabled services that go beyond safety, such as targeted advertising, or insurance rates based on a person’s driving behavior.
Citing previous media reports about the broad swath of personal data that can be collected through a car, the report alleges the complicated privacy terms adopted by carmakers make it difficult for drivers to understand what data they are collecting and using. That poses privacy risks, Consumer Watchdog says.
“While [automakers] state what kind of data is collected, whether it will be shared and for what purpose, most consumers don’t know they allow companies to do this when they agree to purchasing a vehicle,” the report says. “These clauses are buried deep in agreements, lost in a jumble of fine print legalese. The study also found that none of the 13 car makers in the study that collected personal data had easy-to-understand privacy notices.”
It argues much more data is usually collected than is necessary for emergency and safety purposes, with the car user kept in the dark. “The problem is your information is not only being used for emergency respond purposes, but for an array of other uses unrelated to safety,” it says.
In seeking to influence rulemaking in California, the group previously told the regulator that it “intend[s] to offer expert testimony showing that use of precise geolocation is not necessary for the functioning of any vehicle on the road today. To the degree that ‘add on’ services require the use of precise geolocation, the opt-out requirement for the sale and sharing of that data must still apply.”
The report warns against risks associated with the data being used for targeted advertising, surveillance and insurance based on telematics — technologies that record and transmit data related to the use of the car.
Targeted advertising, which is the source of regulatory woes for online platforms including Facebook and Google, presents lucrative monetization opportunities for automakers, enabling them to advertise streaming services, nearby restaurants, shops and services to drivers. “Once a car knows your data profile, your movements and your buying habits, the algorithm will steer you towards a buying frenzy,” the report warns.
It also sounds the alarm on potential government surveillance made possible with connected car technologies, such as forensic tools that extract data from cars, which is used by the Department of Homeland Security. “This poses a huge risk for constitutional protections against unreasonable searches,” it says.
Although California currently doesn’t allow telematics-based insurance, the consumer groups raised concerns that “telematics will only deepen existing discrimination by insurers” over industry efforts trying to change the status quo, and they called on the state’s privacy commissioner to “offer an opt-out provision for telematics tracking done by connected cars.”
— Automakers’ pledge —
Privacy concerns related to cars were being raised long before connected car services become popular. Executives from top automakers are also well aware of the potential consequences they’ll face if the technologies develop as they did with social platforms.
In 2014, the auto industry made promises to the US Federal Trade Commission to protect personal information collected through in-car technologies and consumer privacy. The principles were reviewed in 2018 and will be reviewed periodically to ensure that they remain relevant and robust, according to the Alliance for Automotive Innovation, a lobby group whose members include General Motors and BMW.
According to the group’s website, there are 20 companies currently participating in the initiative.
These self-imposed principles are designed to provide “a set of baseline protections.” The industry group says participating members understand that these principles are enforceable under the Federal Trade Commission Act.
With a market that’s estimated to reach $400 billion in value by 2030, based on analysis by McKinsey & Co., automakers, telecom providers, media companies and online shopping platforms are all seeking to grab a share, with new collaborations to bring more services to cars. But it also means connected cars will increasingly draw scrutiny by privacy activists like Consumer Watchdog.
“A car company like General Motors wants to be like Facebook,” the report says.
— With assistance from Mike Swift and Amy Miller
