The handling of data collected rountinely now by connected cars was the subject of much discussion at a major conference on the Internet of Things yesterday.
Today’s connected automobiles are now mobile devices on wheels, and this new reality is raising significant concerns among consumers who are asking increasingly tougher questions about collection of their data when they are behind the wheel and what is being done with it. And although most of the leading car-makers have signed on to a set of privacy principles that will go into effect in January, there are still major issues surrounding how automobile-generated data will be handled.
This and other significant issues were the focus of the second annual Internet of Things Privacy Summit held yesterday in Menlo Park, California. The gathering, which was organized and led by the online privacy management services provider TRUSTe, showed that companies are paying much closer attention to data privacy than they were at the first Summit one year ago. But concerns about notice, consumer awareness, and responsible handling of the data remain, especially when it comes to cars. As privacy author Daniel Obodovski asked the audience, “How many people do I want to know that I’m a bad driver?”
As automakers have come under increasing scrutiny from lawmakers and potentially the Federal Trade Commission (FTC) over their collection and security of consumer data, they have moved quickly in the last few months to adopt a set of privacy principles that are scheduled to take effect on January 2, 2016. These include provisions that automakers will begin requiring customer consent to share data with third parties and a commitment they will not provide geolocation data to the government without a warrant or court order.
As Hilary Cain, the technology and innovation policy director for Toyota, told conference attendees yesterday, “At Toyota, we were so frustrated. We were not creepy data hoarders.”
The principles, which have been adopted by nearly all of the major automakers (except for Tesla), represent another example of how the march towards a world where everything is connected all of the time is forcing even traditional manufacturers to start thinking about protecting data. “We don’t know all the uses for this stuff,” admitted Jill Phillips, chief privacy officer for General Motors. “It’s kind of a brave new world.”
Yet, although the automakers are moving quickly to reassure consumers over the handling of their data, questions remain about how much control drivers will really have. Many of the latest model cars include the ability to download apps from third-party suppliers who are not necessarily bound by the automakers’ new principles. “We need to think about who’s in the tent,” said Cain.
In separate remarks during the Summit, FTC attorney Nithin Sannappa dropped a hint that his agency may very well be watching this trend closely as well. Car makers have yet to limit third-party ads which could be pushed to consumers driving past the ever-present Starbucks or McDonalds as they motor down the road.
There is also an increasing trend among insurance companies to market “good driver” discounts to motorists who voluntarily insert devices into new-model USB car ports which will send driving data back to the insurer. It was recently documented by eSecurity Planet that one such device which monitors driving habits – the Snapshot offered by Progressive Insurance – was operating with virtually no security controls at all.
The principles adopted by car makers do not apply to insurance companies so far. “If you buy a dongle (USB device) from Progressive and install it in your car, it’s not our problem,” said Toyota’s Cain.
The TRUSTe Summit reinforced the growing realization that soon every single company doing business in the world today will be affected by the Internet of Things. And this means that all consumers and their accompanying data, for better or for worse, will be affected as well.