Cars are a ‘privacy nightmare on wheels’. Here’s how they get away with collecting and sharing your data Title: “The Dark Side of Mobility: Unraveling the Privacy Intricacies of Car Data Collection”

Cars: A Privacy Nightmare on Wheels

The Concerns

In an age where everything is becoming increasingly connected, cars are no exception. However, a recent study conducted by the Mozilla Foundation has found that cars with internet-connected features pose serious privacy risks. These vehicles have been dubbed as “privacy nightmares on wheels.” The study examined the privacy terms of 25 car brands and discovered that they collect an extensive range of customer data, including everything from facial expressions and sexual activity to the specifics of when, where, and how people drive.

Furthermore, these terms allow for the sharing of this data with third parties, raising concerns about unauthorized access and potential misuse. According to Mozilla, cars are now the worst category of products for privacy, highlighting the urgency for reform in privacy laws. Australia, in particular, lacks the necessary legislation to protect the vast amount of personal information collected and shared by car companies. Additionally, due to the absence of specific disclosures mandated by some US states, Australians have limited knowledge about how car companies use their data.

Data Collection Methods

Cars collect sensitive data through various means. Beyond the information entered directly into a car’s “infotainment” system, vehicles can gather data in the background through cameras, microphones, sensors, connected phones, and apps. Some of the collected data includes speed, steering, brake and accelerator pedal use, seat belt usage, infotainment settings, phone contacts, navigation destinations, voice data, and even footage captured outside the vehicle.

It is crucial to acknowledge that while some of this data has legitimate purposes, such as enhancing safety and driving experiences, it can also be combined with data from other sources to develop in-depth profiles of drivers. For example, data might be collected from a website visit, a test drive at a dealership, or even from third-party devices like TVs, fridges, or baby monitors. The aggregation of these diverse data sets can enable the development of inferences about a driver’s intelligence, abilities, characteristics, preferences, and more.

Data Transmission and Usage

Historically, vehicle information has been stored within the vehicle’s modules and only accessed when physically connected to diagnostic equipment. However, with the advent of connected features, cars now have the capability to transmit data wirelessly to various companies in real-time. This continuous data transmission raises concerns about the destinations and potential uses of this information.

In Australia, there is a lack of transparency regarding how car data is utilized and by whom. A study by Mozilla in the United States revealed that data from consumers’ cars was being disclosed to other companies for marketing and targeted advertising purposes, as well as being sold to data brokers. This level of detail was discovered because laws in California and Virginia require specific disclosures about personal data sharing practices. In contrast, Australian privacy law does not mandate such specific disclosures, resulting in vague statements within car companies’ privacy policies.

Australia’s Privacy Laws and the Need for Reform

Inadequate Privacy Laws

Australia’s privacy laws are currently ill-equipped to protect individuals from the potential abuses of car data collection and sharing. The lack of specific disclosure requirements and lower privacy standards mean that Australians are left in the dark regarding the extent to which car companies utilize their personal data. This information asymmetry between car manufacturers and consumers puts individuals at a significant disadvantage when it comes to safeguarding their privacy.

Furthermore, the broad and ambiguous statements within privacy policies of various companies supplying connected cars in Australia exacerbate these concerns. The lack of clarity regarding data usage for purposes such as customer research, profiling, data analysis, research and development, and marketing strategies further highlights the need for urgently addressing the loopholes in privacy regulations.

The Voluntary Code of Conduct: A Weak Solution

The Federal Chamber of Automotive Industries (FCAI), representing 68 car brands, proposed a Voluntary Code of Conduct for Automotive Data and Privacy Protection as a response to privacy concerns. However, this document is riddled with shortcomings. For instance, car manufacturers are not bound by the code, nor are they obligated to follow its terms. The code merely claims that its principles will guide their approach to treating vehicle-generated data and associated personal information.

Furthermore, the code lacks any penalties for non-compliance and merely reiterates obligations already imposed by existing laws. Additionally, it highlights the increasing interest of third parties, such as insurance companies, parking garage operators, and entertainment providers, in accessing and using consumer data. However, it only vaguely states that companies will “strive to inform” consumers about such data sharing arrangements.

The Urgent Need for Privacy Law Reform

Considering the alarming privacy risks posed by connected cars, it is imperative that Australia’s privacy laws undergo significant reform. The government’s proposed privacy law reforms, following the Privacy Act Review, aim to address crucial issues that have long been neglected. Proposed changes, such as an updated definition of “personal information,” higher consent standards, and a fair and reasonable test for evaluating data practices, have the potential to protect consumers from invasive and manipulative data practices.

Moreover, increasing privacy standards should not be a reason to exclude certain vehicles from the Australian market. While it is true that some vehicles may not be specifically designed for Australia’s relatively small market, safeguarding privacy should take precedence over market availability. Privacy laws are being strengthened in jurisdictions worldwide, and Australia should coordinate with international counterparts to ensure comprehensive protection of drivers’ privacy.

The Path Forward

Addressing the privacy concerns surrounding connected cars requires a multi-faceted approach. First and foremost, Australia must urgently reform its privacy laws to provide stronger protections for individuals. This should include comprehensive disclosure requirements, higher consent standards, and a fair and reasonable test to evaluate data practices.

Secondly, international cooperation is crucial. Collaboration with other countries in upgrading privacy laws and sharing best practices will help establish a global framework for protecting individuals’ privacy in the context of connected cars.

Additionally, car manufacturers must prioritize privacy as a fundamental design principle. Implementing privacy-enhancing technologies and adopting privacy-by-design principles can help minimize the risks associated with data collection and sharing.

Lastly, individuals must be proactive in safeguarding their own privacy. Taking measures such as understanding and configuring privacy settings in connected cars, limiting the amount of personal information shared, and staying informed about privacy practices and policies are crucial steps.

In conclusion, the proliferation of internet-connected features in cars has opened the gateway to extensive data collection and sharing. The urgency for reforming privacy laws in Australia is clear, as current legislation falls short in protecting individuals’ privacy rights. By implementing robust privacy safeguards, fostering international cooperation, and empowering individuals to protect their privacy, we can ensure that our cars are no longer privacy nightmares on wheels.