Consumer Watchdog today joined Privacy International and other public interest groups in an international call for car rental companies to protect the privacy of driver and passenger data their rented vehicles collect.
“Today’s cars are little more than rolling computers that amass huge amounts of information,” said John M. Simpson, Consumer Watchdog’s Privacy and Technology Project Director. “When you rent a car, you must have the right to control how that extremely revealing data is used.”
“Yet cars, still considered private places, are the next gold rush for data miners, with a variety of different companies hungry for your data. Thus, there are a wide variety of privacy-related implications of connected cars, from those that are super connected, to those with basic infotainment systems,” notes the report from Privacy International, , “Connected Cars: What Happens to Our Data on Rental Cars.”
“With cars increasingly asking if to download your phonebook, that have facilities for you to make and receive calls, and to message, browse the internet, and stream media, the trove of data on infotainment systems will only increase,” the report further noted.
Research showed that car rental and car sharing companies stated that it is the individual’s responsibility to delete their data when they return the rental car, the individual is further responsible for informing other passengers who connect their devices.
The car manufacturer may also own data, such as a rental car had the Nissan Connect2 infotainment system. The car rental company stated that they didn’t have access to the data but Nissan does. Nissan suggested that rental customers before returning their vehicles to perform a factory reset on the infotainment system. Something most people don’t release they need to do.
Privacy International, Consumer Watchdog and the other groups sent joint letters to rental car companies and auto manufacturers telling them that:
- Car rental companies and car-share services should delete driver and passenger information when drivers return cars.
- They should provide clear and simple instructions to customers about how they can delete their personal data, as well as any passenger’s data.
- Car rental companies and car-share services should minimize their data processing and only process personal data with driver/passenger unambiguous consent, or if strictly necessary for the delivery of the service.
- They should adopt privacy-by-design, including taking measures to protect personal data from unauthorized access.
- Car manufacturers should also make removal of all personal data clear and simple for drivers and passengers to do, with a data deletion button.
The groups’ letters came after an in-depth study, “Connected Cars: What Happens to Our Data on Rental Cars,” by the London-based Privacy International. The report was also given to the United Kingdom’s Information Commissioner.
In addition to Privacy International and Consumer Watchdog, groups signing the letters to the rental car companies and manufacturers included: ANEC – the European consumer voice in standardization, Campaign for a Commercial-Free Childhood, Consumer Action, Consumer Federation of America, Hermes Center for Transparency and Digital Human Rights.
Read Privacy International’s research report here.