With all the technology talk about AI over the past year, some of the weirdness in auto technology (and privacy) seems to have fallen by the wayside.

Mercedes

First, this Mercedes ad essentially brags about how much a father can learn about his daughter only from her car.

While these features are marketed as “helpful” and “convenient”, just considering how the car would have this knowledge (answer: it’s tracking you and your behavior) pushes it over the line to creepy for me.

Allstate Sued for Tracking Users with Gasbuddy, other Apps

According to a lawsuit against the insurer Allstate:

Allstate and Arity, a “mobility data and analytics” firm founded by Allstate in 2016, collected “trillions of miles worth of location data” from more than 45 million people, then used that data to adjust rates, according to Texas’ lawsuit.

The data collected by the apps (including Gasbuddy, Life360, Fuel Rewards, Routely, and others, was extensive:

[D]ata collected included “a phone’s geolocation data, accelerometer data, magnetometer data, and gyroscopic data, which monitors details such as the phone’s altitude, longitude, latitude, bearing, GPS time, speed, and accuracy.”

And:

[Additional data collected included] when, how far, and for how long someone was driving, along with “hard braking events” and “whether a consumer picked up or opened their phone while traveling at certain speeds

Allstate also gathered data directly from car makers. Toyota, Lexus, Mazda, Chrysler, Dodge, Fiat, Jeep, Maserati, and Ram manufacturers are included in the lawsuit. In addition to collecting the data, Allstate/Arity also allegedly sold the data to other insurance companies.

This lawsuit also shows just how free apps make their money (emphasis mine):

Defendants paid app developers millions of dollars to integrate Defendants’ software into their apps. Defendants further incentivized developer participation by creating generous bonus incentives for increasing the size of their dataset.

Volkswagen

Following on the heels from my blog post earlier this week about a data breach at an ad company that disclosed precise location data for millions, a VW data breach impacted 800,000 vehicles and their owners, mainly in Europe.

From Techzine:

Only drivers who connected their cars to the internet and signed up for online services were exposed to the leak. he varying levels of access meant that of the 800,000 EVs, 460,000 cars had their precise geolocation read out with an accuracy of 10 centimeters…Even when a car was off, its geolocation could be seen. 

Thankfully, once the technical team was informed of this access, they closed the loophole quite quickly. But if the company didn’t track and store this information, this data breach never would have happened.

Not a New Problem

The collection of excess data by automakers is not a new issue.

Back in 2023, Mozilla published a report about data privacy and automakers. The car makers were rated on: Data Use, Data Control, Track Record, Security, and AI.

Of the 25 car makers rated, zero received a passing grade. Some of the “highlights”:

[E]very car brand we looked at collects more personal data than necessary and uses that information for a reason other than to operate your vehicle and manage their relationship with you…They can collect personal information from how you interact with your car, the connected services you use in your car, the car’s app (which provides a gateway to information on your phone), and can gather even more information about you from third party sources like Sirius XM or Google Maps.

[M]ost (84%) of the car brands we researched say they can share your personal data — with service providers, data brokers, and other businesses we know little or nothing about. Worse, nineteen (76%) say they can sell your personal data.

A surprising number (56%) also say they can share your information with the government or law enforcement in response to a “request.”

Yikes.