A U.S. lawmaker is calling on 14 OEMs to implement and enforce stronger privacy protections in their vehicles to prevent data from being shared with third parties.
In a letter sent last week, Sen. Edward Markey (D-Mass.) said that as cars become increasingly sophisticated, they’re producing “vast amounts of data” on drivers, passengers, pedestrians, and even other drivers.
This, he said, could lead to severe privacy violations.
“This data could reveal sensitive personal information, including location history and driving behavior, and can help data brokers develop detailed data profiles on users,” Markey wrote in one letter to Ford.
“I am writing to request additional information about your company’s policies on data collection, use, and disclosure. I also urge your company to implement and enforce strong privacy protections for consumers to ensure that cars do not become another critical area where privacy is disappearing.”
Letters were also sent to BMW, General Motors, Honda, Hyundai, Kia, Mazda, Mercedes-Benz, Nissan, Stellantis, Subaru, Tesla, Toyota, and Volkswagen.
Markey said his letter was sparked by a Mozilla report from September that investigated the privacy policies of 25 car brands and found all of them failed to meet minimum privacy and security standards.
According to Mozilla research, popular global brands — including Mercedes-Benz, Nissan, BMW, Ford, Toyota, Tesla, Kia, and Subaru — can collect deeply personal data such as sexual activity, immigration status, race, facial expressions, weight, health and genetic information, and where you drive.
Other brands evaluated were Chrysler, GMC, Cadillac, Dacia, Jeep, Lincoln, Acura, Fiat, Volkswagen, Dodge, Buick, Lexus, Honda, Audi, Chevrolet, Renault, and Hyundai.
None of the brands received Mozilla’s “Best Of” designation, though researchers identified Renault as the least problematic. However, Mozilla notes that Renault has to comply with the General Data Protection Regulation (GDPR) — a stringent law in Europe governing the way in which personal data is used, processed, and stored.
Markey said Mozilla’s findings were unacceptable.
“Although certain data collection and sharing practices may have real benefits, consumers should not be subject to a massive data collection apparatus, with any disclosures hidden in pages-long privacy policies filled with legalese,” he wrote. “Cars should not — and cannot — become yet another venue where privacy takes a backseat. As more and more cars become computers on wheels, automakers must implement strong privacy policies to protect users.”
Markey asked that the automakers he reached out to respond to a list of questions by Dec. 21. He wants to know if companies:
- Collect user data from vehicles;
- Provide notice to vehicle owners or users of their data practices;
- Give vehicle owners or users an opportunity to consent to data collection and request their data be deleted;
- Take steps to anonymize user data when it is used for the OEM’s purposes, shared with service providers, or shared with third parties;
- Have privacy standards or contractual restrictions for third-party software it integrates into vehicles; and
- Provide collected data to law enforcement.
Mozilla’s report prompted responses from some automakers, including BMW which stated in a Sept. 14 news release that customers are provided with comprehensive data privacy notices that inform them about the collection of their personal information, which allows vehicle drivers “to make granular choices regarding the collection and processing of their personal information.”
“Further, we allow our customers to delete their data whether on their apps, vehicles, or online,” BMW said. “BMW NA [North America] does not sell our customer’s in-vehicle personal information and provides our customers the opportunity to opt out of BMW targeted behavioral advertising on the Internet.
And amid mounting personally identifiable information (PII) and data privacy concerns across the board from devices to vehicles, Porsche has shared it has added a privacy center to its My Porsche portal.
Porsche wasn’t evaluated by Mozilla but the automaker says its central, clear, and easily accessible My Porsche portal allows customers to specify which data they want to share with just a few clicks.
Featured image courtesy of metamorworks/iStock