New cars are a nightmare for data protection
Watch out. Your car is a spy. New cars are a nightmare for data protection. So says the report published by the Mozilla Foundation about the new cars and data protection, that alarms of the large amount of personal data collected by manufacturers, based on the study of the privacy policies of twenty-five major vehicle brands, including Tesla, Volkswagen, BMW, Toyota and Ford.
We are all aware that many digital services and products collect data from users on a constant basis. But as a rule, we do not believe that this is done by a vehicle, despite the fact that many of them are already easily connected to the Internet.
New cars and data protection: key takeaways from the Mozilla study
The study, which has spent more than 600 hours and has taken the United States as a reference, although it has also reviewed the privacy policies of the European Union, has been aimed at analysing the practices of brands when dealing with the collection of data on drivers and the manipulation of all kinds of information.
These data include name, age, gender and home address, username on a social network or contacts in your address book. The foundation also claims that certain brands could even collect sensitive information such as the owner’s ethnicity, facial expressions, health information and sex life data.
All this has shown that companies are failing to comply with the most basic privacy and security standards in the new Internet-connected models.
As the research points out, what makes modern cars an absolute threat is the implementation in them or the use of various data collection tools, such as microphones, cameras, and the phones that drivers connect to their vehicles via Bluetooth. For their part, manufacturers also collect data through their apps and websites, and can then sell or share it with third parties.
The Foundation has also pointed out that they have not even been able to verify whether any of the automakers it analysed complies with its minimum-security standards. We are talking about a set of criteria that specialists consider essential for any product connected to the Internet, such as encryption of data in transit and security updates.
The shield for European users: the GDPR
As cars become more connected and computerized, the chances of breaching data protection regulations are multiplying by leaps and bounds.
However, the GDPR gives individuals greater control over their personal data, requiring informed consent, transparency in data collection and processing, as well as an obligation on companies to ensure security and data breach notification.
In this regard, the regulation stipulates that all data collection without explicit and accepted consent must be anonymized. However, this poses a problem for car companies because they cannot anonymize the information, since it is no longer just the name, surname, e-mail address or telephone number, but also the license plate number, the VIN number and even the IP address to which the car is connected.
After all, all these data are identifiable and may violate the provisions of the GDPR. The analysis shared by Mozilla disproves what we all understood as a safe place and a private space, raises a new perception about privacy and ends up confirming the existence of a new privacy nightmare that is on wheels.
As Data Protection lawyers, at Letslaw by RSM we will help you with any inquiries you may have in terms of new cars and data protection or other services. Do not hesitate to contact us!
Letslaw es una firma de abogados internacionales especializada en el derecho de los negocios.