Multiple popular car brands are collecting and sharing drivers’ data.
The revelation came following a CHOICE study of Australia’s 10 most popular car brands.
Findings showed seven of the 10 were collecting and sharing some level of driving data with third parties.
The CHOICE study came after an Australian man purchased a brand new $68,000 Toyota, only to find out the Hilux came with tracking features he couldn’t entirely remove.
According to CHOICE, the man had struggled to get his $2,000 deposit returned after he researched the sharing of data and decided he did not want the vehicle.
The Hilux came with what is termed “connected services”—a suite of technology supposed to focus on safety and security.
But removing the program voids the car’s warranty and can put insurance at risk.
Toyota Australia uses “connected service” to collect data on fuel levels, odometer readings, vehicle locations, as well as driving data, phone numbers, and email addresses.
If drivers don’t opt out of the service, the company will collect, hold, use, and disclose vehicle data for research, product development, and data analysis.
Toyota can share the technology with finance and insurance companies, promotions and marketing organisations, debt collection agencies, and IT service providers.
Of Australia’s top 10 car brands, the three that did not collect data through connected services were Subaru, Mitsubishi, and Isuzu Ute.
Toyota, Ford, MG, and Mazda collect a moderate level of data including while Kia, Hyundai, and Tesla collected the most.
Voice, Video Data
Toyota, Ford, and Mazda said they did share data, but Mazda did not clarify its use of “voice consumption data.”Toyota and Ford said they did not share “biometric data,” which includes voice and video recognition.
Kia and Hyundai share voice recognition and other data with third parties, while Tesla says it collects voice and video and shares some data with third parties.
The use of biometric data is considered sensitive data under privacy law and should have a stricter level of consumer protection.
In the case of Kia and Hyundai, the Korean brands admit to sharing voice data with U.S. company Cerence, a third party who provides the company with automotive voice and artificial intelligence (AI) “innovation products.”
However, claims that biometric data can be used in a way that protects anonymity are “complete baloney,” according to Vanessa Teague from the Australian National University’s College of Engineering, Computing, and Cybernetics.
“The idea that you can de-identify an image, or a voice is de-identified, it’s nonsense,” she said.
“What these car companies are doing is totally unacceptable. It should be illegal. These practices are good evidence that we need the Privacy Act updated or the Privacy Act enforced, because none of this should be acceptable in our country,” Teague added.