Connected Cars Roll Into Privacy Concerns

Photo credit: Rob Bouwman/
Photo credit: Rob Bouwman/

Speaking at the show, Ford's global vice president of marketing and sales, Jim Farley, confirmed the potential for driver tracking using GPS chips.

"We know everyone who breaks the law, we know when you're doing it – we have GPS in your car, so we know what you're doing,” he said, before adding the qualifier that “we don't supply that data to anyone.” Later, amid concerned outcries, he reiterated that “We do not track our customers in their cars without their approval or their consent” – but that didn’t put the genie back in the bottle.

That genie was only amplified this week, when US transportation secretary Anthony Foxx said that the government will be looking at ways to balance safety and privacy.

"The technology that's emerging raises questions, and we're going to be responsive to those questions,” he said, speaking at the North American International Auto Show in Detroit. “But each technology is different, and each application of it is different, and we want to make sure that we're striking the right balance between helping folks be safe but also making sure that their expectations of privacy are also weighed carefully."

The comments come with a backdrop of a report from the US Government Accountability Office (GAO), which examined information collected by Chrysler, Ford, General Motors, Honda, Nissan and Toyota as well as navigation device-makers Garmin and TomTom and map and navigation app developers Google and Telenav.

Representatives from all 10 selected companies said they already collect location data to provide consumers with location-based services. For example, companies collect location data to provide turn-by-turn directions. Nine companies share location data with third-party companies, such as traffic information providers, to provide services to consumers. Representatives from two companies said they share data where personally identifiable information has been removed (de-identified data) for purposes beyond providing services (e.g., for research), although such purposes are not always disclosed to consumers. All company representatives said that they do not share personally identifiable location data with or sell such data to marketing companies or data brokers.

Overall, much of the privacy language is vaguely worded – and that raises potential issues, the report found.

"Without clear disclosures about the purposes, consumers may not be able to effectively judge whether the uses of their location data might violate their privacy," the report noted, adding that despite an opt-in policy, the data could be used in ways that “consumers did not intend or may be vulnerable to unauthorized access.”

In the wake of the discussion, AAA threw its weight behind consumers. “Connected cars can dramatically improve the driving experience, but companies must be responsible in their use of consumer information,” said Bob Darbelnet, president and CEO of AAA, in a statement. “The data that today can be routinely collected by cars includes some of the most sensitive data that can be collected about a person, including information about their precise location and driving habits.”

He added, “Companies have an obligation to protect consumer rights when offering connected car services. It is a positive sign that automakers have taken initial steps to address the privacy and security of location data, but more must be done to reduce potential risks faced by consumers.”

What’s Hot on Infosecurity Magazine?