Dutch DPA: ‘Motorists unaware of all the data modern cars collect’
Motorists are unaware of the data a modern car collects and where this information may end up. That’s why it’s important to check the privacy settings of car apps before they go driving.
In December 2024, researchers of the Chaos Computer Club (CCC) discovered a publicly accessible memory dump from an internal application of Cariad, Volkswagen’s automotive software company.
The dump contained login credentials for the company’s Amazon cloud storage, exposing 9.5 terabytes of sensitive data from 800,000 motorists driving a car from Volkswagen, Seat, Audi or Skoda.
Research showed that the cloud storage not only contained personal information of motorists, but also date stamps and location data of when and where they parked their car. The data was collected via the Volkswagen app.
“The problem is that this data is collected at all and stored over such a long period of time. The fact that they were poorly protected only puts the crown on the whole thing,” Linus Neumann, spokesman for the CCC, said in a statement about the incident.
In an interview with news outlet NRC, the Dutch data protection authority (DPA) says that motorists don’t realize how much personal and sensitive information is being collected by modern vehicles.
In addition, data that modern cars collect can end up with all sorts of parties and provide a detailed picture of someone’s life.
“For example, location data can be used to deduce how often someone goes to the doctor, visits the gym or a snack bar, and what time someone gets home from work. But also whether someone drives to an addiction clinic, visits a family member in prison, or parks the car at a church, mosque or synagogue every week,” the DPA warns.
The privacy supervisor hasn’t received many complaints about the data collecting practices of car manufacturers. However, the DPA suspects this is because motorists are unaware of this.
“Given the choice, would you be okay with being tracked going to an addiction clinic, the red light district, or a hospital treating an illness? Or that you’re visiting gay meeting places?,” the DPA states.
The regulator recommends carefully checking the privacy settings of car apps as they tend to be set to the least privacy-friendly option by default.
In August 2024, the state of Texas filed a lawsuit against General Motors (GM) for its false, deceptive, and misleading business practices. GM collected and sold private information of 1.5 million Texans to insurance companies, without their knowledge or consent.
“Companies are using invasive technology to violate the rights of our citizens in unthinkable ways. Millions of American drivers wanted to buy a car, not a comprehensive surveillance system that unlawfully records information about every drive they take and sells their data to any company willing to pay for it,” Texas Attorney General Ken Paxton said in a statement.
Your email address will not be published. Required fields are marked