Connected cars collect privacy-sensitive data about their owners and send it back to the manufacturer without notification. The transfer of information includes routes, destinations and personal smartphone data such as contacts and pictures. The International Federation for Automobiles has launched the My Car My Data campaign to demand data ownership for drivers.

Wireless technology enables connected cars to communicate with each other and road infrastructure making driving more safe and convenient. For instance: should a driver be forced to brake suddenly, the connected car can alert vehicles following it.

But, as it turns out, networked cars also apply their communication skills to gossip with their makers, sharing all kinds of information about the car owner and her behavior.

Type of data shared


To find out what type of information is uploaded to the car manufacturers' servers, the Federation Internationale de l'Automobiles (FIA) commissioned an investigation which was carried out by the German automobile club ADAC. ADAC examined two cars, a conventional fossil fuel car and an electric vehicle (make and model weren't named in the result reports).

ADAC grouped the data recorded and transmitted by either one or both vehicles in 5 categories:
Where you've been: the last 100 parking locations and the latest destinations submitted to the GPS.
Other transport: Where and when the driver connected to another mode of transport such as a train or a bus.
Car diagnostics: Mileage reading and detailed data about the battery.
Driver performance: Length of time in different driving modes and the number of times seat belts are tightened due to sudden breaking.
Personal information: Data of a smartphone when synced to the car.

The information extracted from smartphones is extensive, the report shows. The smartphone can be connected to the car over Bluetooth to make wireless phone calls or play music. But when doing so the contact list including name, address, phone number and email address is shared with the car. Moreover, when files from the phone such as pictures, emails or text messages are displayed on the car's central screen, it is automatically stored on the car's hard drive.

Consent


FIA points out much is unclear about gathering and recording data by car manufacturers. The only parties who really know what type of data is collected and what is done with it, are the car manufacturers themselves. The procedures for consumer consent granting access to vehicle data is opaque. People who buy a car with networking capabilities are asked to sign a blanket agreement for access to vehicle data. The more dubious features are bundled with useful services such as GPS guidance. Car owners can cancel their subscription to those bundled services but it is unclear whether this will stop the car from sending data, says FIA.

My car my data


To find out how people think about vehicle data collection, FIA surveyed 12,000 people from 12 European countries. The results show car owners want the detrimentally opposite of what is currently the case: 90% of respondents wants ownership of the data generated by their car. 76% say they want to decide when they share the data and for how long and 91% wants to be able to switch off connectivity. The respondents expressed concern about their location being tracked (70%), data being used for commercial purposes (86%), privacy-sensitive data being disclosed (88%) and being hacked (85%).

To address these concerns FIA has launched the campaign My Car My Data aiming to raise awareness about vehicle data and to call for privacy legislation to protect consumer rights. Legislation should cover 3 main issues: Drivers should be the sole owner of vehicle data and sharing thereof should be based on informed consent. Data owners should be free to choose which parties they want to share their data with. And, lastly, to enable parties other than the car manufacturers to build and offer services, data should be generated in an open and secure standard.