CARS are full of connected tech and computer systems these days which control and even record a lot of their functions.
Whilst there are lots of advantages to these increasingly advanced onboard systems, the rise in connectivity has raised concerns about data protection and an individual’s right to privacy. Essentially, cars made today are closer to smartphones than ever before, with the new Tesla chip able to perform 72 trillion operations per second.
To dispel some myths and help to keep your data protected Vanarama conducted a study into the important question of privacy and information security within connected cars.
- What type of data is collected?
- Who can access the data?
- What is your data worth?
- How can you protect your data?
What type Of data is collected?
Information collected about you from your car or synced mobile devices includes:
- Phone Number
- Payment Information
- Driving License
If your connected car comes complete with its own application, then any information that you submit will be automatically connected to your car and will help to build a profile of you, especially when this is matched with data from the infotainment system within the car.
Personal information such as your name and address (findable from your saved location on your sat nav) will all be accessible, around with your phone number and email. Your payment information will also be stored with the car manufacturer you pay for any additional content like apps on your phone or infotainment unit.
Information about your vehicle
Information collected about your vehicle from your car includes:
- Telematics log data, including performance usage, infotainment system data, speed information, battery usage management, odometer readings.
- Remote analysis data, including contacts, browsing history and navigation history, current location of the vehicle.
- Safety analysis data, including accident data, hock-the-horn commands, start/stop history.
- Service history
This type of information focuses on your car’s location, fuel usage and battery status. It can reveal a lot about you, such as where you have been, your browsing history on your infotainment centre, navigational history, and current location of the vehicle.
However, one of the core elements of this data is safety analysis which is shared with the emergency services should you find yourself in an accident – something which will help paramedics and other emergency services know more about the situation before they arrive.
Information on fuel usage
Information collected about your fuel usage from your car includes:
- Charging information (if electric)
- Fuel information (if petrol)
There’s also specific information regarding the charging of you EV, or fuel information if you happen to own a petrol car. This will report data such as, using an electric car as an example, how often you charge your car, the most popular location to charge your car, how efficiently your car’s battery uses the power etc. Automotive brands say this data is used to ensure that the car is constantly operating at peak efficiency.
Who can access the data?
There are four parties that can access your data, both legally and illegally including:
Car Manufacturers: The most obvious party that can access your data is the manufacturer of your car. Due to the data being hosted on their servers, they have direct access.
Third Parties: There are two types of third parties that car companies will share your information with
Third parties that you decide to authorise. Make sure to check the permissions before accepting them.
Third parties that manufacturers are required to share data with by law, such as the police if you are involved in an accident.
The Next Owner: If your information is stored locally on the internal computer of the car and you forget to erase it before handing it back to the leasing company or selling it, the new owner or driver of the car my gain access to your private information.
Hackers: If you have a connected car, it’s likely your data will be stored in the cloud. Although it’s extremely unlikely, and this is a risk with any connected device, hackers may have the ability to access your information remotely if you’re not careful with security settings. Make sure those passwords are up to scratch!
What is my car-stored data worth?
It’s estimated that the user data generated by the average adult in the US was valued at $35 per month, or $420 per year.
Of course, your connected car has all the same abilities, in terms as tracking your browsing habits and installing cookies on your infotainment unit, as a smartphone – so the value of the data that you produce in your car will be a similar value, if not more.
Here’s what that would look like for UK connected car drivers:
This provides some insight into why companies try to collect as much of it from you as they can and why there are those that try more underhand methods to get hold of it. The key is to make sure, like you would on a phone or home computer, that you’re taking your security seriously on in-car systems.
How can I protect my data in a connected car?
Like all connected devices, modern cars store lots of personal information that you might prefer not to share, or if you’re happy to share – it’s always best to keep it as secure as possible.
Lauren Smith, a Senior Policy Counsel at the Future of Privacy Forum (FPF) and a leader FPF Connected Cars Working Group said on data privacy within cars:
“It’s time for people to treat their cars like a computer or a smartphone. They do not specify data sharing and use practices, and they offer limited individualized controls to consumers. In the end, consumers had trouble understanding how they can limit the data that is being shared.”
To make sure you get the most out of your car’s systems but are still on the safe side when it comes to data security, here are our tips for keeping your personal information safe:
1. When selling or returning your car, make sure you’ve removed your personal data: When it’s time to part ways with your car, ensure that your entire address or phone book is erased from the internal computer, along with any accounts that may be logged in. This will make sure that no one ends up having access to your private numbers or passwords.
2. Disconnect from the cloud: Disconnecting from the cloud will ensure that all your information is at least stored locally – all in one place on a physical device. This won’t be possible for services that require location connection i.e., safety features but you should thoroughly check to see what you do and don’t need to be always connected.
3. Update your software regularly: It’s important that you update the car’s software regularly to give you the best protection and to make sure you have access to the latest features and functionality.
4. Read the small print: If your car comes complete with its own mobile application, make sure to read and understand the permissions to see what’s essential and what isn’t before you decide to click ‘accept all’. This is also good practice with your car’s infotainment system.
5. Perform a factory reset: If you want to be sure that there is no personal data left on your car’s internal computer, the best way to do this is to perform a factory reset. However, with this option there is no going back. Once the reset is complete you won’t be able to recover any data you may have lost.
Infotainment systems for sale on the web
There is a vibrant market of replacement MCU’s on eBay, as sellers purchase older vehicles and remove their parts to be sold separately.
Although selling replacement MCU’s is perfectly legitimate, after personal information was found on official Tesla replacements last year it remains to be seen how secure the practice is – especially with data protection in the automotive sector still being a relatively new concept.
As with any connected device, please remember to always check permissions when using a car’s app or infotainment centre within the car, while also wiping any sensitive information you wouldn’t want share with anyone before you hand back your lease or sell your car.