Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Want to find out what information your internet-connected car is collecting about you and your passengers, and sending back to the overseas manufacturer—and possibly to third parties?
Some carmakers make it hard to find out. In one case, understanding the data policies required reading over 40,000 words spread across five documents.
This troubling insight comes from a new study by Katherine Kemp of the Law and Justice Department at the University of New South Wales, Driving Blind: The Unexamined Privacy Risks of Connected Cars.
Kemp says it is another reason why Australia needs “urgent reform of privacy laws.”
Many of the reasons your car is watching your every move are benign or even positive: it might detect an accident and call emergency services or notify you if you inadvertently leave a child in the back seat.
However, all 15 cars in the study go beyond helpful uses, collecting data that can reveal a lot about the driver but is of no use to them, yet could be valuable to overseas car manufacturers and a range of third parties, including government agencies and insurance companies.
“Some brands also make inaccurate claims that certain information is not ‘personal information,’ implying the Privacy Act doesn’t apply to that data,” Kemp said.
“Some are also repurposing personal information for ’marketing‘ or ’research,’ and sharing data with third parties.”
In addition to monitoring the car, manufacturers often require drivers to download an app to access various “connected services.”
“It could be disclosed to insurers or data brokers without [a person’s] consent,” she said.
“It could facilitate crimes, including domestic violence, stalking, and robbery.
“Commerce has determined that certain technologies used in connected vehicles from [Communist China] and Russia present particularly acute threats,” it said.
“These countries of concern could use critical technologies within our supply chains for surveillance and sabotage to undermine national security.”
When consumers try to find out what data their vehicle is collecting and where it is being sent, they are directed to an average of three documents totalling around 14,000 words per brand—if they can find them.
“Hurdles for consumers included missing privacy terms, unhelpful interfaces, and significant errors in published privacy policies,” Kemp said.
Kemp says several major brands fail to recognise the full scope of personal information protected by the Privacy Act.
“They claim that certain information ‘does not, on its own, personally identify’ the consumer, and they can use this for ‘any purpose,’” she explained.
The introduction of the technology in Australia has lagged behind other countries, notably the European Union and the United States. However, Austroads predicts that 93 percent of new car sales in Australia will be connected cars by 2031.
In 2023, the Mozilla Foundation analysed connected car privacy terms in the United States—where 63.4 percent of licensed drivers have connected cars and 91 percent of all new car sales include the feature—and concluded it was a “privacy nightmare on wheels.”
English