Carmakers are failing the data privacy test | Inquirer Business

Carmakers are failing the data privacy test

Owners have little or no control over data collected
/ 09:20 AM September 07, 2023

Heavy traffic heads south on Interstate 93 in Boston

Heavy traffic heads south on Interstate 93 over the Zakim Bridge, Friday, Sep. 1, 2023, in Boston. Cars are getting an “F” in data privacy. (AP Photo/Michael Dwyer, File)

BOSTON  — Most major car manufacturers admit they may be selling your personal information — though they are vague on the buyers, a new study finds, and half say they would share it with the government or law enforcement without a court order.

The proliferation of sensors in automobiles — from telematics to fully digitized control consoles — has made them prodigious data-collection hubs.

Article continues after this advertisement

But drivers are given little or no control over the personal data their vehicles collect, researchers for the nonprofit Mozilla Foundation said Wednesday in their latest “Privacy Not Included” survey. Security standards are also vague, a big concern given automakers’ track record of susceptibility to hacking.

FEATURED STORIES

“Cars seem to have really flown under the privacy radar and I’m really hoping that we can help remedy that because they are truly awful,” said Jen Caltrider, the study’s research lead. “Cars have microphones and people have all kinds of sensitive conversations in them. Cars have cameras that face inward and outward.”

Unless they opt for a used, pre-digital model, car buyers “just don’t have a lot of options,” Caltrider said.

Article continues after this advertisement

Cars scored worst for privacy among more than a dozen product categories — including fitness trackers, reproductive-health apps, smart speakers and other connected home appliances — that Mozilla has studied since 2017.

Article continues after this advertisement

Not one of the 25 car brands whose privacy notices were reviewed — chosen for their popularity in Europe and North America — met the minimum privacy standards of Mozilla, which promotes open-source, public interest technologies and maintains the Firefox browser. By contrast, 37 percent of the mental health apps the non-profit reviewed this year did.

Article continues after this advertisement

Sale of personal data

Nineteen automakers say they can sell your personal data, their notices reveal. Half will share your information with government or law enforcement in response to a “request” — as opposed to requiring a court order. Only two — Renault and Dacia, which are not sold in North America — offer drivers the option to have their data deleted.

The automakers are vague on disclosing to whom they are selling what they collect, though the researchers have little doubt it includes data brokers, marketers and dealers. Partners with installed products and services, including SiriusXM, Google Maps and Onstar, are also amassing data.

Article continues after this advertisement

“Increasingly, most cars are wiretaps on wheels,” said Albert Fox Cahn, a technology and human rights fellow at Harvard’s Carr Center for Human Rights Policy. “The electronics that drivers pay more and more money to install are collecting more and more data on them and their passengers.”

“There is something uniquely invasive about transforming the privacy of one’s car into a corporate surveillance space,” he added.

A trade group representing the makers of most cars and light trucks sold in the U.S., the Alliance for Automotive Innovation, took issue with that characterization. In a letter sent Tuesday to U.S. House and Senate leadership, it said it shares “the goal of protecting the privacy of consumers.”

It called for a federal privacy law, saying a “patchwork of state privacy laws creates confusion among consumers about their privacy rights and makes compliance unnecessarily difficult.” The absence of such a law lets connected devices and smartphones amass data for tailored ad targeting and other marketing — while also raising the odds of massive information theft through cybersecurity breaches.

The Associated Press asked the Alliance, which has resisted efforts to provide car owners and independent repair shops with access to onboard data, if it supports allowing car buyers to automatically opt out of data collection — and granting them the option of having collected data deleted. Spokesman Brian Weiss said that for safety reasons the group “has concerns” about letting customers completely opt out — but does endorse giving them greater control over how the data is used in marketing and by third parties.

In a 2020 Pew Research survey, 52 percent of Americans said they had opted against using a product or service because they were worried about the amount of personal information it would collect about them.

On security, Mozilla’s minimum standards include encrypting all personal information on a car. The researchers said most car brands ignored their emailed questions on the matter, those that did offering partial, unsatisfactory responses.

Japan’s Nissan

Japan-based Nissan astounded researchers with the level of honesty and detailed breakdowns of data collection its privacy notice provides, a stark contrast with Big Tech companies such as Facebook or Google. “Sensitive personal information” collected includes driver’s license numbers, immigration status, race, sexual orientation and health diagnoses.

Further, Nissan says it can share “inferences” drawn from the data to create profiles “reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.”

It was among six car companies that said they could collect “genetic information” or “genetic characteristics,” the researchers found.

Nissan also said it collected information on “sexual activity.” It didn’t explain how.

The all-electric Tesla brand scored high on Mozilla’s “creepiness” index. If an owner opts out of data collection, Tesla’s privacy notice says the company may not be able to notify drivers “in real time” of issues that could result in “reduced functionality, serious damage, or inoperability.”

Tesla did not respond to questions about its data practices.

In a statement, Nissan said it takes “privacy and data protection for our consumers and employees very seriously. When we do collect or share personal data, we comply with all applicable laws and provide the utmost transparency.”

Mozilla’s Caltrider credited laws like the 27-nation European Union’s General Data Protection Regulation and California’s Consumer Privacy Act for compelling carmakers to provide existing data collection information.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

It’s a start, she said, by raising awareness among consumers just as occurred in the 2010s when a consumer backlash prompted TV makers to offer more alternatives to surveillance-heavy connected displays.

TAGS: carmakers, Data privacy

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.