Is your smart car spying on you?

The interior of a car with digital images.
Adobe Stock

The increasing integration of smart technologies into vehicles has sparked a new privacy concern among consumers. Your modern car, much like your smartphone, collects data – but with one significant difference: it often does so without your explicit consent. 

Insurers used to offer incentives, like reduced premiums, to try to encourage people to agree to install apps or devices in their cars to monitor their driving and collect data. Insurance companies would use that data to monitor risk and change premiums accordingly. But since 58% of people are uncomfortable with sharing their data with car companies and insurance providers, automakers and insurers have been finding more subtle ways to collect the same data without asking for permission. Their methods have put cars at the top of the list for privacy violations, with Mozilla calling modern cars "the official worst category of products for privacy." 

This data collection breaches privacy and may even have tangible negative effects on your everyday life, such as increased insurance premiums now that automakers are sharing information directly with auto insurers. So how can you protect yourself? 

When your car knows too much

Cars are certainly not the only devices that threaten your privacy. The technology that powers smartphones is now pervasive, embedding itself across a range of devices, including smart watches or even smart home appliances like ovens and refrigerators. All of these devices employ tactics like location tracking, behavioral monitoring, and passive data collection. While smart cars stand out conspicuously for their blatant privacy problems, the truth is that they are merely following a widespread practice. 

Here are some of the subtle ways automakers and insurers have been able to avoid asking for permission when tracking your data. For starters, even standard smart car apps, like those for infotainment, activities that shouldn't have anything to do with monitoring your driving, sometimes have questionable privacy policies. These policies may allow the apps to collect data on acceleration, braking, and other driving habits and share that information with third parties or with your insurer. Other apps that could be monitoring you include vehicle management apps, which allow users to monitor various aspects of their vehicle's health and status, such as tire pressure, oil life, and fuel level. 

Another prevalent method of collecting information involves on-board sensors that monitor a wide array of data points, from vehicle speed and brake usage to more invasive metrics such as driver biometrics. These sensors feed data critical for the operation of advanced driver-assistance systems (ADAS), like adaptive cruise control and collision avoidance systems. But the depth and breadth of the data collection are often not clear to smart car owners. Your car may also be forwarding this data to automakers and, potentially, to insurance companies. 

A third method automakers use is to bury data collection permissions in the papers you sign when you purchase a new car. Somewhere in all that fine print, you may be giving your automaker permission to share certain information with your insurer or with other parties, including advertisers. 

By using these tactics, automakers and insurers can collect information on everything from your car's location, acceleration habits, braking, cornering, or even your phone usage. Not only can they use that information to increase your premiums, but you can also find yourself in legal trouble depending on your driving habits. Many automakers have admitted that they readily share such information with law enforcement upon request. And when automakers suffer a breach, like the one Nissan experienced last year, that data can get exposed on the open web and even sold publicly via data broker sites. 

And finally, some automakers even share data directly with data brokers as part of their normal procedure. A New York Times article revealed how General Motors had shared details about trips and driving with LexisNexis, a databroker that then shared the information with insurance companies, directly affecting consumers' premiums. If any of that information appears publicly on data broker sites, malicious actors can cross-reference this data to create a complete profile of an individual for the purpose of fraud or identity theft. 

The need for regulation

Now that smart car privacy practices have become public, I'm seeing an urgent need for stronger consumer privacy protections and transparency requirements for automakers. And I'm certainly not the only one. Late last year, U.S. Senator Edward Markey (D-Mass.) called on 14 automakers to enforce better privacy protections in their vehicles. While the automakers themselves have been slow to respond, state legislators have started to act. In the past six months, New York, Tennessee, New Jersey, and California have introduced legislation to improve privacy protections in cars. 

For the most part, the privacy protections introduced by these states aim to enhance consumer rights and control over personal data. This legislative movement consistently emphasizes principles like informed consent, the right to access and delete personal information, and stricter limits on data sharing and retention. Ultimately, the goal for automakers should be data minimization – collecting as little information as necessary. However, current practices often fall short of this standard. Until automakers make substantial changes, consumers will need to remain vigilant and proactive in protecting their own privacy.

You can begin by scrutinizing the fine print when you purchase or lease a car. This includes closely reading any terms related to data sharing or insurance policies. It's crucial to understand what you're agreeing to before consenting to share your data. Specifically, opt out of any agreements that allow your driving data to be shared with insurance companies, as this can affect your premiums and privacy. Additionally, enhance your understanding by researching your automaker's privacy policies online. Check if there are options to contact the automaker directly to explicitly opt out of data sharing arrangements. Knowing these options can empower you to take proactive steps in controlling what information is shared and with whom.

Next, closely monitor the permissions requested by apps in your car, especially those involving data sharing. Consider disabling features that calculate a "driving score." There is a significant risk that such scores could be shared with third parties, including insurers and law enforcement.

Innovation vs. privacy

It seems clear that smart cars aren't going anywhere. The level of convenience and entertainment these new technologies provide is just too attractive to consumers to ignore. Hopefully, we'll also see automakers begin to lessen the cost of those features when it comes to consumer privacy. Car owners shouldn't have to choose between a better driving experience and protecting their personal data.

For reprint and licensing requests for this article, click here.
Telematics Connected cars Data privacy Auto insurance
MORE FROM DIGITAL INSURANCE