Many new cars models are linked to the Internet. But according to a new study, drivers are often not aware of where their personal data ends up.
Consumer group Federation Internationale de l’Automobile (FIA) exposed about a dozen kinds of data that are collected from new types of connected cars and shared with auto manufacturers.
Connected cars have been in the spotlight this year, after a number of manufacturers announced deals with telecommunications companies to supply cars with services that require internet connectivity.
The number of cars in Europe that use services connected to the internet will spring up within the next few years. In April, the European Parliament approved the eCall regulation, which starting in March 2018 will require all new cars sold in the EU to be outfitted with a connected emergency system that automatically calls for help once sensors detect that a car has been in a serious accident.
But consumer groups and privacy advocates have warned that more personal data will flow back to manufacturers if a car uses services that connect to the Internet.
FIA and its partner, German car club ADAC, are calling on manufacturers to be transparent about what data they collect following the groups’ tests on car models BMW320d and the BMW i3. FIA said it plans to analyse cars from other manufacturers.
According to FIA’s test results, those models send data back to BMW that can expose a person’s driving style, number of trips made, destinations programmed into the GPS and information synced from mobile phones.
Electric model BMW i3 records data about the drive battery, the car’s 16 most recent charging locations, and about 100 of its last parking spots.
When the ignition of the electric car is turned off, its geographical coordinates, transmission time and other data are automatically sent to the manufacturer.
FIA warns that some data that’s collected can give manufacturers a profile of driving behaviour. The BMW320d measures when a driver’s seatbelt tightens from sudden braking.
Most of the data collected by those two car models are stored for repairs or to track usage and can’t be accessed by the driver, according to the study.
A spokesperson for the European Automobile Manufacturers’ Association (ACEA) said in a statement sent to EURACTIV that the car industry intends to comply with the upcoming EU data protection directive, currently making the final rounds in negotiations expected to end this year. The spokesperson added that legislation beyond that is unnecessary.
“Manufacturers do not believe it would be appropriate for the EU to lay down additional rules for how data protection should be ensured specifically in relation to connected vehicles and services. No other sector or product, not even smartphones or computers that process a lot of personal data, are subject to specific legislation,” he said.
>>Read: Autonomous driving takes back seat as connected car rules prepared
FIA argued that consumers should be able to choose providers of the digital services built into new connected car models instead of being locked into deals that a manufacturer made with one specific telecommunications operator.
According to FIA, the European Commission’s reactions to that demand haven’t been promising.
In July, FIA sent EU Digital Commissioner Günther Oettinger a letter warning against “business-to-business contracts [..] entirely bypassing consumers and denying them the ability to freely choose service plans and providers”.
Since then, car manufacturers have gotten closer to telecommunictions companies.
Oettinger brokered an agreement at the Frankfurt Road Show in September between the European Automobile Manufacturers’ Association and large telecommunications companies.
Over the summer BMW, Audi and Daimler bought Nokia’s maps business Here. Manufacturers are eager to obtain digital mapping software for their driverless or autonomous cars, which are not yet commercially available in Europe.
“Connected cars are already on the market, tracking and able to communicate private information about consumers. Now is the time for policymakers to take a strong stand and defend consumers,” said Thierry Willemarck, president of FIA’s operations in Europe.
FIA also conducted a public survey in 12 EU countries as part of its study. Ninety-five percent of people who responded said there should be legislation on car and driver data. Most wanted to own their driver data and be able to turn off internet connectivity in cars.
Other consumer groups echoed FIA’s calls for car manufacturers to be transparent about what data they collect from drivers.
“It is crucial consumers have control over their personal data such as location information transmitted by the car but also who can access the data and for what purpose,” said David Martin, senior legal officer at the European Consumer Organisation (BEUC).
The EU cybersecurity agency ENISA announced last month that it would bring together an industry group of car manufacturers to put together cybersecurity recommendations for connected cars.
>>Read: EU agency hones in on cybersecurity and connected cars