Carmakers Know Where You Go -- And You Can't Get Them To Delete The Data

January 8, 2014

Big data is a very big deal. To be sure, it has plenty of useful applications, like helping us navigate traffic jams and tracking down criminals, all thanks to the aid of GPS devices, traffic cameras, and other gadgets.

But there's an insidious side to big data, too. Businesses of every stripe, from Amazon to Zappos, can track our travels on the internet, the purchases we've made, our political leanings, our social networks, and much, much more. Add that to the snooping carried out by the NSA and other agencies, and it seems as if we're in danger of losing the few shreds of "privacy" we have left.

But wait, it gets worse. Remember when we told you about license plate cameras and the lack of standards for data capture and retention? According to Detroit News, there's a similar problem plaguing automakers and navigation companies -- and in some ways, it's far more disturbing.

Between February and December of 2013, the Government Accountability Office studied the data collection habits of six major automakers (Chrysler, Ford, General Motors, Honda, Nissan, and Toyota), two dashtop device-makers (Garmin and TomTom), and two navigation app-builders (Google and Telenav). In the process the agency discovered three disconcerting facts:

1. These companies gather a lot of data. Most of that data comes from navigation services, tracking where drivers have been. However, because some telematics systems interface with smartphones and web services, the GAO found at least one of the two app-builders (we could guess which one) had access to drivers' private passwords.

2. There are no standards for how long data is retained. Though the ten companies themselves wouldn't comment on the length of time that they held data, a contractor for one of the companies said that data was held for up to seven years. Another person familiar with a different company said that location data was held no more than 24 hours. And a third said that such data was never even collected.

3. There's no way to request that your personal data be destroyed. Every company surveyed said that it respected the privacy of their customers, but the GAO made it very clear that individuals have no legal right to ask those companies that their driving patterns, locations, or other data be destroyed.

Of course, all ten participating companies claimed to use collected data to improve services to drivers. However, as the GAO notes, the lack of regulations governing the exact use (and sale) of that data could be cause for concern. In other industries that make use of location stats and other info, there are systems of best practices, but such guidelines haven't been adopted by automakers. According to the GAO:

Industry-recommended practices state that companies should protect the privacy of location data by providing (1) disclosures to consumers about data collection, use, and sharing; (2) controls over location data; (3) data safeguards and explanations of retention practices; and (4) accountability for protecting consumers’ data.... We found that all 10 companies have taken steps that are consistent with some, but not all, of the recommended practices, and the extent to which consumers’ data could be at risk may not be clear to consumers.

Expect this to become a much bigger issue in the not-to-distant future.

If you're interested, you can find a PDF of the complete GAO report here.


Follow The Car Connection on FacebookTwitter and Google+.

The Car Connection
See the winners »
The Car Connection
Ratings and Reviews
Rate and review your car for The Car Connection
Review your car
The Car Connection Daily Headlines
I agree to receive emails from The Car Connection. I understand that I can unsubscribe at any time. Privacy Policy.
Thank you! Please check your email for confirmation.