Your Car Gossips About You…and YOU Gave It Permission To!
We have ALL been checking ALL the boxes that say we agree to privacy policies as they apply to our personal information, whether it be mobile phone contracts, applications like Facebook and other social media, and our vehicles. Wait – a privacy policy for our vehicles? When you plug in or connect your mobile device via Bluetooth a flood of information is downloaded and sent back to the car manufacturer over a continuously-on Internet connection. Car companies also send information to your vehicle, to fix bugs and add features. With 5G cellular networks being added all around the country, the amount of data moving to and from your vehicle is likely to increase. The difference between checking boxes for your smartphone, Nest or Alexa is that you KNOW those items are collecting data, but you likely didn’t realize that your car is also.
How much could your car possibly know about you? Turns out: quite a bit.
Most new cars sold today in the United States will come with internet: all General Motors, Ford and BMWs, and almost all Toyota and Volkswagens come standard with built-in internet connection. The Tesla Model 3 even has a small camera aimed at the car’s occupants, though it is not turned on; and GM and Subaru make cameras aimed at the driver to alert the driver if it detects drowsiness or distraction. The automakers claim the data is not stored or streamed. Throughout the vehicle there are many “brains” that collect data. Some data is what we might expect and is collected in real-time, things like tire pressure, proximity of objects to the vehicle and fluid levels. Then there is the data the manufacturers collect that may come as a surprise – like how often you drive at night and how hard you brake that is sent to your insurance company (you can decline this option in the manufacturers’ app, but most often the default is turned on when you install the manufacturer’s app). Other details like where you drove the kids to soccer practice, where you stopped off for gas, your weight gain, your music preferences, the restaurants you visited, your call logs and your contact list along with their images is all collected and downloaded to your car’s computer. By some estimates, a car can generate 25 gigabytes of data an hour: and the Personally Identifying Information (PII) data we listed above is worth hundreds of billions of dollars.
Where does my data go? What can I do if I sell my car?
The data is stored in your vehicle and able to be communicated to the manufacturer who then stores your data in their own systems. (We can only hope that they are practicing good cybersecurity practices.) A pressing consumer concern arises when the car user wants to sell their car – all of the data is still contained in the vehicle’s memory. A factory reset does not erase your PII – it may erase your contacts but not the geolocation information and other data. There have been instances where sellers on eBay sell a ripped-out infotainment unit that comes complete with the previous owner’s data.
If you lease a vehicle and use Bluetooth or plug into the infotainment unit, your information is stored there as well: your cable is a data cable where information goes back and forth – not simply a charging cable. It would be wise to NOT use Bluetooth in leased or shared vehicles to avoid sharing your data with strangers. There are apps on the market that claim to erase this data; we recommend instead going to the dealership and asking them to reset it there.
Many cars have USB chargers for devices right in the dashboard, glovebox or console. To get around plugging into those directly with your data cable, you can use the old-school car charge adapter that plugs into your cigarette lighter.
Planning Ahead
Check the privacy disclosures of the vehicle you own or plan to purchase to review what you are giving away when you use the convenient charging, infotainment and navigation systems. You should be in charge of your own data.