Connected Car Privacy: Critics Say Automakers Principles Pledge Needs More Assurances

As the technology on vehicle dashboards collects more data about drivers, automakers are starting to address the issue of privacy. But some experts are questioning whether the industry’s recent voluntarily pledge to uphold consumer trust is enough.

Some newer car technologies that are beginning to go mainstream collect sensitive data as they provide services many drivers want, such as geolocation and route planning. Not only can these technologies expose drivers and passengers to hacking and identity theft, but they can also be used to collect, store and share driving routes and habits.

“Many of these technologies and services are based upon information obtained from a variety of vehicle systems and involve the collection of information about a vehicle’s location or a driver’s use of a vehicle,” says the consumer privacy principles pledge released last week by the two major auto industry trade groups, the Alliance of Automobile Manufacturers and the Association of Global Automakers. “Consumer trust is essential to the success of vehicle technologies and services.”

Marshall Doney, president of the American Automobile Association federation of motor clubs, said the pledge isn’t enough. “The agreement falls short of providing consumers the right to control their own information,” he said in a statement following the release of the privacy principles.

The AAA says automakers should, for example, ensure consumers are able to choose their service provider for in-car connectivity. In January, the group sent its recommendations to the Federal Trade Commission, asking the agency to ensure a “secure and competitive environment” for connected-vehicle technologies.

Sen. Edward Markey, D-Mass., known for championing consumer privacy issues, has a stronger stance on the pledge. The member of the Commerce, Science and Transportation Committee calls the voluntary principles “an important first step” but said automakers need to ensure that geolocation data isn’t shared for marketing purposes and there needs to be a mechanism in place so consumers can access the information that is collected.

“It is unclear how auto companies will make their data collection practices transparent beyond including the information in vehicle owner manuals, and the principles do not provide consumers with a choice whether sensitive information is collected in the first place," Markey said in a statement released on his Senate Web page. “As vehicles are equipped with 21st century wireless technology, we need auto companies to make security and privacy as standard as seatbelts and stereos for drivers and their vehicles.”

The following automakers have agreed to the consumer privacy principles: General Motors, Toyota Motors Sales USA, Ford, Chrysler Group, Volkswagen Group of America, BMW of North America, Mercedes-Benz USA, Porsche Cars North America, Mazda North American Operations, Mitsubishi Motors North America and Volvo Car Group.