Tracking has recently become a big bogeyman. The sheer amount of data that an app or an operating system (OS) can use to identify you and collect your data is enormous, depending on the method of tracking it uses. While it’s clear why manufacturers and sellers desire more data – to tailor their products, enhance efficiency, appeal to consumers, boost sales, and fuel innovation – this often incurs a hidden cost – our privacy.
Some argue that tracking is a necessary trade-off for certain services to remain free of charge. Just recently, Meta launched a paid option for Facebook and Instagram in the European Union, which is designed to avoid unnecessary data tracking in favor of a paid subscription that limits data collection.
But why have such concerns? Well, the amount of personal data that gets mined by companies can be huge, with many marketing firms literally trading this data with other parties and vendors.
Related: Privacy of fitness tracking apps in the spotlight after soldiers exercise routes shared online
Turning our focus back to cars, we recognize their vital role in our lives, enabling us to travel long distances swiftly and opening up new jobs and social opportunities, with electric cars offering the added advantage of environmental sustainability. Traditionally, the agreement with car vendors was straightforward: The purchase price encompassed all the car’s equipment; however, car manufacturers have decided to do something quite different. Some are now offering subscriptions, similar to smartphone or PC apps, except in this case, we are paying for a service that was typically included in the car’s price, such as preinstalled equipment.
For example, when BMW chose to provide heated seats as a subscription option – a feature already installed but disabled until activated by payment – there was significant pushback from consumers. That led the company to drop this plan.
All the while, your car is also doing something else: tracking your behavior. And it should be clear to you why. It’s all about that sweet data and usage metrics.
How your car tracks you
Modern cars can be very capable. Some have screens all around the interior with different functions and quirks, LED lights, and a lot of connectivity features.
Their infotainment screens are powered by chips similar to those inside your computers or smartphones, except built to be more sturdy than powerful due to how cars are used – they suffer more wear and tear, heat and cold, etc. These chips can and do have the same capabilities as smartphones (further empowered by features such as Android Auto or Apple CarPlay), meaning that apart from letting you open your glovebox (literally), they also provide you with GPS navigation, internet access, music and movie streaming, calls, or even gaming on the go (try not to play during your daily commute, please).
(Credit: Jenny Ueberberg on Unsplash)
Similarly to how your phone monitors your app usage and your apps track which songs you play, how long you use them, and what captures your attention longer, your car’s operating system does the same. Including the times and whereabouts of every journey you make. Depending on the vendor’s privacy policy, this information could potentially be accessed by companies and individuals whom you likely never permitted to track your movements. Without explicit consent, this continuous monitoring puts your privacy at risk.
Most car owners would probably have no idea about just how much data a car can get out of them. According to a study by The Washington Post, the make of car it tested generated up to 25 gigabytes of data per hour, including phone records, driving style, and more, and sent all that data back to the manufacturer. Compare that to Spotify, which, on average, might use 144 megabytes per hour. The difference is quite stark.
The Washington Post even bought a secondhand navigation system of the same make and discovered that it was able to reconstruct the previous owner’s usage by checking the logged data on the system, learning their home and workplace addresses, frequented gas pumps, and more. This is eerily similar to a discovery made by ESET Research on purchased secondhand routers, which still housed confidential data.
Do the ends justify the means?
Connected cars do many things well. They improve safety by making you aware of traffic accidents and providing various alerts, like reminding you to get an oil change, and they also help you locate them in case they get stolen, thanks to the location information they might share. Car cameras and sensors also help you manage difficult driving conditions, which is very useful.
Smart car data can also get sent to other parties, with many using it for fraud prevention, accident analysis, better insurance rates, or even route and road planning by city planners.
But it all comes with the caveat of significant privacy intrusion. Even if the collected data is anonymous, as evidenced by the Washington Post study, it can still be used to re-create a driver’s profile, similar to browser fingerprinting, which employs a variety of general data to enhance website experiences. Car data tracking operates on a similar principle, but it too comes at a cost – the price of personal privacy.
All that personal car data is ripe for the taking
Apart from the obvious privacy angle to data tracking, there is also a cybersecurity concern. Since the data that is collected also gets stored on the car’s storage medium, plus shared with the manufacturer and others, this opens up the owner of the car to a potential data breach or a data leak.
How? Well, it is no secret that many manufacturers can be victims of hacking, leaking troves of data. Personal data, such as names, emails, destinations, and more, can be part of these leaks, giving further ammo to hackers to either market this information to other crooks or to try to hack a person’s other accounts with the leaked information.
(Credit: Tero Vesalainen/Shutterstock.com)
Cars themselves can also be hacked; hence, hackers can reveal their location, unlock their doors, learn more about their owners, steal stored financial information, or access other Internet of Things devices, leading to all sorts of incidents. There is a famous example of two hackers remotely controlling an SUV after exploiting it, which shows that with the right vulnerabilities, cars and their passengers can be in lots of danger.
Any potentially useful data is ripe for the taking, and this leads the conversation back to privacy, since, per the General Data Protection Regulation (GDPR), the probability of data breaches would be reduced by encrypting personal data. However, the data collected by and stored in connected cars is often not encrypted at all, and in the U.S. specifically, there are no laws requiring data anonymization or encryption, with some companies being strictly in the business of selling said data to governments, for example.
What can you do about car data tracking?
It is becoming harder to purchase a car that is not connected in some way, which would be the best option.
While vehicle manufacturers are legally responsible for protecting your personal data, incidents can still happen. If a car system employed some form of encryption or a VPN, maybe a security chip, that would do much more to ensure the security of the collected data, but not all brands utilize such a practice.
From an owner’s perspective, factory resetting the in-car system before selling it is one obvious way to clear private data. Additionally, one could ask a car service shop to wipe all data from the car, since sometimes a factory reset is not enough. Furthermore, after renting a car, disconnect your phone and delete all data related to usage before giving it back.
Going a step beyond, one could also not connect their phone to their car, but then what would be the point of having all those modern features?
To close, without proper awareness and accountability by the manufacturers, your personal data will be at risk, and as far as privacy is concerned, the fight for further protection has to be ensured. Without that, no one will be free from some form of tracking. Your data is you, so try to fight for its safety the same way you would fight for your most personal belongings.
Before you go: Connected cars: How to improve their connection to cybersecurity