Car brands are offering more and more digital features in a bid to make owners’ lives more convenient, but some are being criticised for how they collect, store and handle personal data.
We’ve seen lawsuits in the US relating to data being collected and on-sold to third-party companies, affecting how much motorists are paying for their insurance.
Now, an investigation by Australia’s CHOICE magazine has detailed which carmakers are collecting data locally, and what they’re doing with it.
The publication wrote to 10 of Australia’s best-selling carmakers to explain their policies regarding how they collect and, in some cases, distribute customer’s data.
100s of new car deals are available through CarExpert right now. Get the experts on your side and score a great deal. Browse now.
While Mitsubishi, Isuzu Ute and Subaru don’t have connected service features in Australia – and therefore can’t collect data – seven other brands confirmed they use the technology to harvest data, with some sending it to third-party companies.
Toyota and Ford both said they collect and share driver data with third-party providers, but not biometric data. Ford further advised CHOICE it doesn’t sell data to brokers.
MG said it collects driver data and shares it with unspecified “service providers” but doesn’t share with third parties “other than to provide functionality”
The magazine said it was unclear as to what happens with this data as the Chinese brand didn’t respond to its questions and its privacy policy isn’t clear.
Mazda was also found to collect and share driving data, in addition to “voice consumption” data. The brand didn’t clarify what these parameters were.
It also shares data with third parties for advertising purposes.
The above four brands were given a yellow traffic light status for their respective approaches, but Korean brands Kia and Hyundai were deemed to be worthy of a red light.
Both brands collect and share voice recognition and other data with third-party provider Cerence, a US firm which claims to be a “global industry leader” in AI-powered interactions for the transport industry.
A US Hyundai owner last month filed suit in a California court, claiming Hyundai and Kia had violated the US Fair Credit Reporting Act with their connected car services, including UVO Connect, Kia Connect, Bluelink, and Bluelink+.
Tesla’s data policies were also given red-light status, with the US company not only gathering voice recognition data but also videos and images from its vehicles’ onboard cameras.
The electric vehicle (EV) giant shares some of this data with third parties, and its privacy policy states the data is subject to “privacy preserving techniques”, though without being linked to an owner’s identity.
Last month, Business Insider interviewed an anonymous member of Tesla’s Autopilot team who claimed some of this data was being shared around the brand’s offices, however the practice has been clamped down on.
“Tesla cracked down on image sharing and what we could access after Reuters published a story on it. They essentially told us ‘If you’re caught once, that’s your ticket out the door.’
“After that, you couldn’t access images outside of your allocated team folder anymore, and Tesla put watermarks on some of the images so you could easily tell where it came from, if it was redistributed.
“Sometimes people still pass images around the office, especially if it’s something out of the ordinary, but it doesn’t happen as often.
“There is something very strange about having this very intimate view into someone’s life. It feels odd to see someone’s daily drive, but it’s also an important part of correcting and refining the program.”
Speaking to CHOICE, Dr Vanessa Teague from the Australian National University’s College of Engineering, Computing and Cybernetics said the data collection undertaken by these companies was “totally unacceptable”, and called for new laws to be implemented to prevent it.
“The idea that you can de-identify an image, or a voice is de-identified, it’s nonsense,” Dr Teague said.
“What these car companies are doing is totally unacceptable. It should be illegal. These practices are good evidence that we need the Privacy Act updated or the Privacy Act enforced, because none of this should be acceptable in our country.
“Opt-out is not the answer; you should have to opt-in to some of these features if you want them. Many of these other features should simply be illegal.”
MORE: Why smarter cars are a privacy nightmare
MORE: Hyundai, Kia accused of selling owner data, leading to higher insurance premiums
MORE: GM cuts ties with data-collecting firms after selling driver’s information
MORE: JLR threatened with class action for allegedly collecting, selling customer data
MORE: Carmakers are giving your data to police too easily – and US lawmakers aren’t happy
MORE: Tesla Autopilot developers told to ignore road signs, mind their own business – report