Your Car Has A Data Privacy Problem

Posted by Q McCallum on 2023-09-13
Image of a car's speedometer. There are orange numbers on a black background.

(Photo by CHUTTERSNAP on Unsplash)

I’ve noted before that cars have become the new smartphones: devices that are always with us, capable of gathering all kinds of sensitive personal data. Usually without our full knowledge of how that data gets used.

I have a long-overdue article draft on this very topic and occasionally stumble across additional support material to reference. This article from The Verge is the latest such example:

‘Modern cars are a privacy nightmare,’ the worst Mozilla’s seen

According to a report published by the Mozilla Foundation on Wednesday, cars are “the official worst category of products for privacy” that it’s ever reviewed. The global nonprofit found that 92 percent of the reviewed automakers provide drivers with little (if any) control over their personal data, with 84 percent sharing user data with outside parties.

When you consider the ubiquity of cars, and how much they can reveal about our personal and professional lives, this is a rather disconcerting find.

The Everything Company

The privacy concerns are tough enough to swallow. What I find even more frustrating is that consumers are about to experience another round of what I call “The Everything Company.” Auto manufacturers have a lot of experience being car companies, sure; and now they also need to be:

  • technology companies – building the tools to collect and store the data
  • data companies – analyzing that data and using it to build data products
  • marketplace companies – operating the spaces to sell the raw data and derived data products

Car makers need to be good at all of these. But they can’t be good at these. At least, not at the start. They’ll need time to figure out the best practices of being data brokers in the age of ubiquitous AI. Consumers are left holding the bag until the auto companies sort this all out.

We’ve seen this before. Remember early-day iOS? Apple already had tons of experience building computers, operating systems, and apps by that point. That was a huge leg up for them when entering the smartphone space. But Apple was new to running a marketplace full of third-party apps, and the company seemed to lack the adversarial thinking required to identify and resolve problems in advance. Instead, iDevices didn’t get real privacy controls until iOS version 6. A number of misbehaving apps were able to – and most certainly did – harvest address books and location data till then.

Looking ahead

To be fair, I’m not all gloom and doom about the cars/smartphones parallels. While connected cars are poised to become the next data privacy nightmare, they don’t have to be.

There’s plenty of potential for some truly useful (even fun) outcomes.

(Something I’ve been thinking about a lot is the car equivalent of Apple Pay. You pull up to the window and the vehicle’s embedded payment system – let’s call it “MercedesPay” – takes care of it while charging your credit card behind the scenes. We already have the precursors of this in IPass/EZPass. And even Starbucks is hinting at a need for this kind of solution. It’s only a matter of time.)

If we’re going to have the fun things, though, we also need to bake in a lot of security and privacy from the start. That’s how consumers will be able to derive the full benefit.