Government Accountability Office report reviews privacy implications of connected automobiles and what federal agencies are doing about it.
The push to connect vehicles to one another and to the Internet has created a role for federal agencies to clarify its privacy protection role, the Government Accountability Office (GAO) concluded in a report released on Monday. The government watchdog agency is worried that vehicles will continue to collect more and more data while federal standards continue to fall behind, failing to keep up with the pace of change in the industry.
“These vehicles can collect and share data about where drivers go and how they drive, information that used to be impossible or very difficult to collect,” GAO researcher David J. Wise wrote. “As vehicles generate, collect, and transmit more data, members of Congress, the Federal Trade Commission (FTC), and others have recognized the potential for risks to consumers’ privacy.”
GAO researchers contacted the sixteen automakers responsible for 90 percent of the cars and trucks sold in the United States and found that thirteen of them offered automobiles that connected to the Internet. In 2014, GAO released a report focusing on the privacy of in-car navigation devices (view report), but this report focused specifically on systems that use a SIM card to connect to wireless data providers to provide services such as roadside assistance or automatic crash notification.
The sort of data cars might collect include music choices, text messages dictated by voice, location data, the driver’s tendency to speed, the driver’s heartrate through fitness trackers, and the condition of the car’s internal systems. GAO investigators found that none of the automakers collect biometric or personal information like emails, but three collect data about music choices, and all but three recorded driver behavior. All of the automakers collected vehicle health and location data.
Five automakers, for instance, used data about the vehicle’s condition to send targeted advertisements to vehicle owners offering maintenance services. For the most part, the automakers did not share personally identifiable information to third parties outside the dealer network without consent, or a court order.
“Two automakers reported sharing collected data with insurance companies to enable consumers to participate in insurance plans that base premiums on driving behavior,” Wise noted.
Experts interviewed by GAO questioned whether motorists truly gave informed consent, considering most privacy notices are filled with so much legal boilerplate that few ever read them. The GAO concluded the National Highway Traffic Safety Administration (NHTSA) needs to do a better job of defining its role with respect to the privacy of connected vehicle systems. It should also collaborate with the Federal Trade Commission, which plays a lead role on consumer privacy issues.
A copy of the report is available in a 3mb PDF file at the source link below.