Vehicles now collect a vast trove of personal data—from navigation history to text messages—that companies are increasingly looking to monetize, raising concerns about data privacy.
Cars today are like smartphones that have numerous apps connected to the internet which collect and share large amounts of data. Most owners do not know the amount of personal data that their vehicle collects and transmits, who collects it, for what purpose, and how it is used.
According to Privacy4Cars, a tech firm that aims to resolve privacy issues in the automotive ecosystem, a single modern car can have 60 onboard computers that run about 100 million lines of code and collect 25 gigabits of data per hour.
The second source involves various devices that are connected to the car like USBs and smartphones. When connecting such devices to cars, a host of data including text messages, social media posts, and photos can be downloaded.
Among the many pieces of information that are routinely left in car memory are phone books, call logs, passwords, biometrics, text messages, navigation history, home address, third-party apps, vehicle credentials, garage door codes, medical information, and financial details.
A growing number of companies are seeking to gain access to car data. Car manufacturers collect data that are used for maintenance and road assistance. Navigation and in-vehicle infotainment companies have access to data related to driving, music, and third-party applications.
Telecom operators that offer connectivity solutions can collect telematics data from the vehicle. Insurance companies use car data to create insurance products and decide on metrics like premiums and discounts.
Monetizing Car Data
Companies are increasingly looking to monetize vehicle data. In 2021, Ford filed a patent for technology that will display ads inside people’s cars.An example would be a camera picking up data from roadside billboards while traveling and displaying it on the interior infotainment system of the vehicle, complete with phone numbers and website links, the New York Post reported.
Mr. Amico raised concerns about the “huge push” from the auto industry to turn vehicles into software platforms. “The industry refers to this as ‘the software-defined vehicle,’” he said.
Almost all vehicles coming out of factories have telematics, he said. Telematics refers to telecommunication and informatics systems within a vehicle that allows it to send and receive information, something similar to smartphones. Mr. Amico expects the trend to keep growing.
The objective of car manufacturers “is to dramatically expand the already large ecosystem of companies that offer services and subscriptions, and collect, share and sell data,” he said.
Mr. Amico believes “cars will increasingly become a platform to develop insights on consumers, not any differently than laptop and smartphones, but much more insidious and hard to avoid.”
Hacking Threat to Data
Hacking is another major privacy concern when it comes to car data. According to Privacy4Cars, data privacy and breaches have been the most common cybersecurity threat against automotive companies over the last decade, accounting for 30 percent of such threats.Car thefts and break-ins came in at the second spot, followed by gaining control of car systems and disrupting services.
Criminals can hack into a vehicle’s telematics data, allowing them to pinpoint the exact location of the owner traveling in the vehicle. They can also use exploit kits that utilize the onboard diagnostic ports of cars to replicate keys, as well as program new ones so as to steal the vehicle.
Mr. Amico pointed out that car owners will now have to face “attacks” from two sides. The first will be from “hackers who will be attracted by the increasing amount and value of data that companies in the broad auto ecosystem collect.”
The second will be “regular bad people who will leverage these technologies to stalk, harass, defraud, steal, and harm people.”