Behind the Wheel - Safeguarding Your Data Privacy in Connected Cars
“Without privacy, there was no point in being an individual.” – Jonathan Franzen. You're in the driver's seat and that means having access to all of your car's features.
From rolling down windows with a press of a button to GPS systems for route planning, cars are becoming increasingly connected to internet networks as many fear their data privacy may be compromised. This is no surprise, considering that McKinsey predicts that 95% of new vehicles sold globally will come with some sort of connectivity by 2030. So how exactly does an automobile such as yours collect your data, what are governments doing about it and how can you go around it?
How Cars Gather Your Personal Information
The first (and most obvious) way is through built-in services like radio or navigation systems, as both are provided either offline or online. There are also plug-in devices like telematics, which transmit information about your driving behavior right over to insurance companies and other parties who request it. You can also integrate phones into the mix if you have one handy through applications from each car service provider and related apps from third party vendors. Moreover, traditional methods still apply as car manufacturers leverage external sources such as social media platforms, agencies operating on behalf of the government (e.g., DMV) and even automobile dealerships who just happen to know what buyers did during test drives. Finally, car makers themselves gather additional data using solutions offered by brokers, aka huge databases filled with personal reports about practically everyone.
EDPB's Take on Vehicle Data Privacy
The European Data Protection Board (EDPB) offers a wide variety of recommendations for dealing with privacy in vehicles that should be taken seriously by businesses and individuals alike. The EDPB recommends data protection practices, such as only collecting location data where it is absolutely necessary and forbidding external processing of personal data that reveals criminal offenses or other infractions (except under very specific conditions). They also recommend providing a non-biometric alternative to the function that would otherwise process biometric data and putting into place security measures that guarantee the security and confidentiality of personal data processing - including encryption unique to each vehicle and enabling immediate patching when new vulnerabilities are found.
Challenging the Collection of Private Information by Vehicles
Vehicle manufacturers have a legal obligation to help customers resolve any issues related to their personal data, and consumers may also be able to utilize privacy regulations like GDPR or CCPA in order to access, correct or delete their own information. In the event of any disputes regarding private information being collected from your vehicle, it's best practice to contact the manufacturer first before taking other steps. Data Protection Report notes that you can ask them about their policies on collecting this type of information from customers, as well as request they delete certain information you do not want them storing. Consumers who believe that their rights have been violated can seek legal action against these data collection practices. If concerns arise about dealership issues like why the dealership didn't give me my title, then individuals can check in with their local Department of Motor Vehicles (DMV) to gain insight on title registration issues.
It's essential for everyone involved – vehiсle owners, сomраnies ԁeveloрing softwаre systems for vehiсles, mаnufасturers– to remаin vigilаnt аbout рotentiаl рroblems in orԁer to keep both parties рroteсteԁ аgаinst аny negаtive сonsequenсes thаt сoulԁ аrise with imрroрer hаnԁling of рersonаl informаtion.