News In Context

Handling Of Customer Data Lands Automakers In The Hot Seat

Industry executives gathering this week at IAA Mobility, a massive auto show in Munich, found themselves the subjects of some unwelcome attention: In addition to  activists gluing themselves to the roads and blocking traffic with bicycles to protest the sector’s contribution to climate change, the Mozilla Foundation published a damning  report about automakers’  collection and handling of personal data, an example of how corporates are increasingly being subject to unrelenting scrutiny aby both consumers and industry watchdogs to ensure they live up to their promises.

“All 25 car brands we researched earned our ‘Privacy Not Included’ warning label — making cars the official worst category of products for privacy that we have ever reviewed,” says the Mozilla Foundation September 6 report, which accuses car brands of “collecting more personal data than necessary and using that information for a reason other than to operate consumers’ vehicles and manage their relationship with them.”  Based on the car companies’ track records the Mozilla Foundation says it doesn’t trust the car companies to keep car owner’s data safe. And, the report says, “we don’t think a lot of the ways that your information is being shared or sold benefits drivers or anyone besides the businesses who exist to make money off of your data.” s

The report’s findings led Mozilla Foundation to launch a global petition to “tell car companies to stop their huge data collection programs.

“Modern cars are surveillance-machines on wheels souped-up with sensors, radars, cameras, telematics, and apps that can detect everything we do inside — even where and when we do it,” the authors said in a blog posting. “Whether that means singing at the top of your lungs, engaging in hanky panky in the back seat, or driving to a domestic violence shelter, cars are an increasingly unsafe place to be yourself.”.

The report describes how automakers can collect personal information from how you interact with your car, the connected services you use in your car, the car’s app (which provides a gateway to information on your phone), and can gather even more information about you from third party sources like Sirius XM or Google Maps. “The gist is: they can collect super intimate information about you…in huge quantities. They then use it to invent more data about you through “inferences” about things like your intelligence, abilities, and interests,” the report says.

For example, Nissan’s consent policy specifically includes your “sexual activity,” says the report. Not to be out done, Kia also mentions in its privacy policy that it can collect information about your “sex life”  and six car companies say they can collect your “genetic information” or “genetic characteristics.”

Some 84% of the car brands the Mozilla Foundation researched said they can share your personal data — with service providers, data brokers, and other businesses. Nineteen car companies (76%) say they can sell their clients’ personal data.

Only two car brands, Renault and Dacia (which are owned by the same parent company) say that all drivers have the right to have their personal data deleted.

Car companies assume that you have read and agreed to their policies before you step foot in their cars, says the report.  It cites Suburu’s privacy policy which says that even passengers of a car that uses connected services have “consented” to allow them to use — and maybe even sell — their personal information just by being inside the vehicle.  Nissan car owners must  “promise to educate and inform all users and occupants of your vehicle about the dervices and dystem features and limitations, the terms of the sgreement, including terms concerning data collection and use and privacy,” according to the Nissan Privacy Policy.

What’s more when car companies say they have your “consent” or won’t do something “without your consent,” it often doesn’t mean what it should, says the report.  For example, Tesla’s Customer Privacy Notice says “if you no longer wish for us to collect vehicle data or any other data from your Tesla vehicle, please contact us to deactivate connectivity. “ There are, however, some major caveats. “Please note, certain advanced features such as over-the-air updates, remote services, and interactivity with mobile applications and in-car features such as location search, Internet radio, voice commands, and web browser functionality rely on such connectivity. If you choose to opt out of vehicle data collection (with the exception of in-car Data Sharing preferences), we will not be able to know or notify you of issues applicable to your vehicle in real time. This may result in your vehicle suffering from reduced functionality, serious damage, or inoperability.”  (For this reason and more Tesla got the worse rating of any car company in the report.)

All 25 brands reviewed in the report except for Tesla, Renault, and Dacia, signed on to a list of Consumer Protection Principles from the US automotive industry group Alliance For Automotive Innovation. The list includes great privacy-preserving principles such as “data minimization,” “transparency,” and “choice.”  The number of car brands that follow these principles? Zero, according to the report. “ It’s interesting if only because it means the car companies do clearly know what they should be doing to respect your privacy even though they absolutely don’t do it,” the report says.

The Mozilla Foundation calls out car companies for offloading their responsibility to protect  drivers’ private data.. “It’s on you to make sure your data is properly deleted before you sell your car or return a rental. It’s on you to track down the (separate) privacy policies from your car dealership and connected services to learn how they treat your information. It’s on you to inform passengers about your car’s privacy practices. It’s on you to “opt out” of data collection (when possible) — and it’s also on you if that makes your car undrivable,” notes the report.

Another concern cited in the report “is that we can’t tell whether any of the cars encrypt all of the personal information that sits on the car. A failure to properly address cybersecurity might explain their frankly embarrassing security and privacy track records. We only looked at the last three years, but still found plenty to go on with 17 (68%) of the car brands earning the “bad track record” ding for leaks, hacks, and breaches that threatened their drivers’ privacy.”

New sensor technology could help car companies create, collect, combine, and sell even more information about you, notes the report. And more data-collecting cars are replacing more analog (and more privacy-preserving) ones one by one as most new vehicles are already offer connectivity.



Cruise Nears Approval To Mass Produce Robotaxis Without Steering Wheels Or Pedals

GM-backed Cruise said September 7 that the company is close to from getting the green light to begin mass production of its purpose-built autonomous vehicle without a steering wheel or pedals.“We’re testing it and we are, from what we’ve heard from [the National Highway Traffic Safety Administration], just days away from the last regulatory approval, which would let us start production and almost immediately start putting these vehicles on the road,” CEO Kyle Vogt said at a Goldman Sachs event.


Major Carbon Neutral Scheme Dropped As Trust In Schemes Diminishes

The Carbon Trust is ditching its carbon neutral label and replacing it with four new consumer-facing ones that focus on emissions reductions and comparisons of products’ carbon footprints.The move comes against a backdrop of mounting pressure on the green claims made by food and drink brands, especially ‘carbon neutral’ claims achieved through the use of controversial offsets. In recent weeks, a number of food companies have begun phasing out their carbon neutral claims or dropping targets as the concept becomes increasingly synonymous with greenwashing.Nestlé, Leon and contract caterer Sodexo are among those to have backed away from using offsets to claim carbon neutrality. Evian quietly dropped its carbon neutral label back in May. An update on its website noted it was “proud” of its Carbon Trust certification but “will not seek global recertification”.The Carbon Trust’s label currently features on 892 products – 886 in the food and drink category – and can be found on products from Wyke Farms, Evian and Lidl.Carbon Trust director John Newton said consumers and businesses were demanding “more rigorous requirements and detail” when it came to making carbon claims. Understanding of the term carbon neutral varied, he added, so focusing on carbon reductions was “simpler”.


Microsoft To Defend Customers On AI Copyright Challenges

Microsoft will pay legal damages on behalf of customers using its artificial intelligence (AI) products if they are sued for copyright infringement for the output generated by such systems, the company said on September 7.Microsoft will assume responsibility for the potential legal risks arising out of any claims raised by third parties so long as the company’s customers use “the guardrails and content filters” built into its products, the company said. It offers functionality meant to reduce the likelihood that the AI returns infringing content.

Google To Make Disclosure of AI-Generated Content Mandatory For Election Advertisers

Google will make it mandatory for all election advertisers to add a clear and conspicuous disclosure starting mid-November when their ads contain AI generated content, the company said on September 6.The policy would apply to image, video, and audio content, across its platforms, the company said in a blog post.

To read more of The Innovator’s News In Context articles click here.



About the author

Jennifer L. Schenker

Jennifer L. Schenker, an award-winning journalist, has been covering the global tech industry from Europe since 1985, working full-time, at various points in her career for the Wall Street Journal Europe, Time Magazine, International Herald Tribune, Red Herring and BusinessWeek. She is currently the editor-in-chief of The Innovator, an English-language global publication about the digital transformation of business. Jennifer was voted one of the 50 most inspiring women in technology in Europe in 2015 and 2016 and was named by Forbes Magazine in 2018 as one of the 30 women leaders disrupting tech in France. She has been a World Economic Forum Tech Pioneers judge for 20 years. She lives in Paris and has dual U.S. and French citizenship.