The road less private: data concerns in today’s cars

The devices we use daily, from smartphones to cars, are constantly collecting data. While this data collection can offer numerous benefits, such as personalized experiences and improved functionality, it also raises significant privacy concerns.

As consumers, we recognize that our cars are essentially smart vehicles, but we often don’t realize that, like other smart devices in our possession, their ability to perform advanced tasks comes at a cost — they can (and do) store personal data (also known as telematics data) onboard and share this data wirelessly with the manufacturers or third-parties.

In this article, we will examine the issue of how our cars collect telematics data on us and our driving habits, how they ‘phone home,’ and a few steps we can take to protect our privacy.

Smart devices — convenience comes at a cost

We love our smart devices. While most of us may be aware of how our smartphones collect information about us — especially increasingly valuable location data — it’s not as obvious that other devices are squirreling away information for use by manufacturers or third parties.

Here are just a few examples:

• Smart TVs are equipped with features like voice recognition, personalized advertisements, and the ability to sync with other devices. To support these features, they collect data about your viewing habits (what shows you watch, the times you watch, and so forth), the apps you use on the TV, and even voice data if you use voice commands.
• Smart appliances such as refrigerators, washing machines, and coffeemakers collect a wide range of information on usage and customer preferences. They might send back data on brands, user settings, time, and frequency of use.
• Home security cameras collect visual data of the surroundings, motion data for triggering alerts, and sometimes audio data, if equipped with a microphone. The information captured by these devices includes data on the residents and their neighbors, delivery companies, and people passing by.

For more information on smart devices and data collection, see our article, Don’t let smart devices outsmart you.

Cars: the overlooked data collectors

Modern vehicles are essentially smart devices on wheels. Unbeknownst to many of us, our cars constantly collect information about us, gathering and storing telematics data within the car’s onboard computers. Some of the information they may collect (depending on make and model) include our driving habits (speed, braking habits, use of safety features), vehicle health data (oil life, tire pressure), location data through built-in GPS, and sometimes even biometric data.

While it might be surprising that our cars are gathering all this information, it may not seem that troubling at first glance. After all, it’s nice to have a car tell us how far we can drive before we need to fill up, when our next oil change is due, or when we have low pressure in our tires. Rear-view cameras and automatic thermostats make journeys safer and more pleasant. And it’s comforting to know that our car can make emergency calls if we’re in a crash. 

Teslas, for all of their prestige and bells and whistles, may also collect more data than any other type of car. IEEE Spectrum reports that every recent Tesla model records its GPS trail for every trip, sharing this data with the company, and although this data is purportedly anonymized, it’s unclear if this is actually the case. Furthermore, Teslas maintain ‘gateway log’ files that capture details such as seatbelt usage and driver interactions with the steering wheel, storing this data for extended periods. Tesla vehicles also have an Autopilot computer that captures images and videos for driver-assistance functions, which can be shared with the company. The Autopilot system also logs detailed trip data every time the car is used, including GPS information, speeds, and road types. 

Privacy concerns and implications of telematics data

All of these conveniences come with a cost — and most of us don’t even realize it. While it’s obvious that our cars now come with computers onboard, what isn’t as obvious is that they send the data they collect to the automobile manufacturers and to third parties, often without our knowing consent.

Would you want your car spying on you if you knew that the data — including your driving habits but also your entertainment preferences, location data, and even phone contacts — could be:

• used by your insurance company to raise your rates?
• sold to advertisers?
• downloaded by local law enforcement or Customs and Border Patrol?
• bundled for use by other third parties and sold for a range of other purposes?

According to The Markup, a recent survey by the Automotive Industries Association of Canada found that only 28 percent of drivers clearly understood the types of data their vehicle produced or who had access to that data.

Jon Callas, Electric Frontier Foundation’s director of technology projects, told Mashable how newer cars

“are in many ways like smartphones that just happen to have wheels. They are often WiFi-enabled, come with over a hundred CPUs, and have Bluetooth embedded throughout. In other words, they’re a far cry from the automobiles of even just 20 years ago.”

Many major US insurance providers, including Allstate, Liberty Mutual, Farmer’s Insurance, Geico, and State Farm, use vehicle data to create ‘usage-based insurance’ (UBI) products priced on driver data. Some of this telematics data comes in the form of a voluntary good-driver discount program, but some cars send telematics data even if the drivers opt not to participate in these programs. 

Other systems also collect data, including OnStar, owned by General Motors, which offers roadside assistance, but also logs extensive vehicle data, including GPS location, speed, airbag deployments, and audio/video information. 

The Intercept reported that a company called Berla makes devices that allow police to later extract that data. Furthermore, Mashable points out that OnStar data has been used by US Customs and Border Protection to track people. Other telematics data has also been used in legal cases, such as a 2016 case when authorities used the data to prove a UK driver was speeding prior to a deadly 2014 crash. Telematics has also been used in car theft and even murder investigations.

Meanwhile, Vice reported on Otonomo, a company that sells granular location data of vehicles, has problematic data practices. While the data it collects and sells is meant to be anonymous, linked only to a non-descript identifier for the car, an investigation revealed that it’s relatively simple to determine who a car likely belongs to and trace their movements. This data can be mapped to track drivers, potentially revealing their home addresses and identities.

Adam Schwartz, an attorney at EFF, labeled Otonomo’s data offering as a “privacy nightmare,” emphasizing concerns about vehicle location data being bundled and sold to data brokers.

And all of this automotive data is big business. The Markup identified 37 companies that are part of the rapidly growing auto data industry, which is predicted to be worth anywhere from $300 billion to $800 billion by 2030. These companies include car manufacturers, vehicle data hubs, navigation and in-vehicle infotainment companies, insurance companies, and telecom operators.

How you can protect your privacy

While there’s no way to disable the computer in your car without impacting basic functionality, there is good news. Vice reported that the automotive privacy company, Privacy4Cars, has introduced a new, free tool that can help you understand what data your car’s manufacturer collects as well as if there are any local dealerships that have transparent privacy policies.

The Vehicle Privacy Report Tool evaluates car manufacturers’ data collection policies. By entering your Vehicle Identification Number (VIN), you can learn more about the data practices associated with your vehicle. Here’s a peek at the kind of data you’ll get back when you use this option:

Privacy4Cars founder Andrea Amico created this site to highlight the issue of cars as data-collecting electronic devices. The tool reveals the types of data a car might gather, including location, biometrics, and mobile phone data, and identifies potential entities to which this data might be shared or sold. It also determines if a car has telematics. You can also ask Privacy4Cars to contact the manufacturer to limit data collection and use, although at this time, whether or not the manufacturer complies is up to local/national privacy laws.

The future of automobile data privacy

While Privacy4Cars is a huge step forward in raising awareness, it doesn’t shut down the data pipeline. Currently, most consumers can’t prevent their vehicle data from being siphoned both by car manufacturers and third parties. 

California regulators are looking into ways to protect consumers. The Washington Post recently reported that the California Privacy Protection Agency’s enforcement division would examine the issue of vehicle data collection and how consumers can request the deletion of this data. Likewise, the European Union has been investigating this issue and had planned to make recommendations later this year. 

For now, the best thing you can do is become better informed and contact government officials and privacy advocates to let them know this issue matters to you. And, of course, use the Privacy4Cars tool to find out the specific data collected from your vehicle and let the manufacturer know you want to opt out. 

And in the meantime, don’t let this news keep you from singing along to your favorite music while driving. There’s still a chance no one is actually listening to you.