I own a Tesla, and I love having a bunch of data about my usage of the car. I can see how much I’ve charged it, what it costs to power, where I drive, aggregates of my monthly usage, and more. It’s especially cool when my wife is coming to pick me up, and I can see where the car is, so I know when to go outside if the weather isn’t great. I also like the ability to cool or heat the car in advance of going outside in extreme temperatures.
However, all that data also means there are potential issues with privacy and certainly security. I am well aware that location and other data are being captured by Tesla as I use the car. However, it’s not just Tesla. Lots of modern cars are collecting lots of data. Mozilla had a report on data privacy in cars, and all the manufacturers failed their data privacy test. There’s also a summary at Engadget of the results.
Reading through the report, it seems that many of the manufacturers of cars are covering themselves from liability. Cars are sold and used in many jurisdictions and often there can be a wide variety of regulations about data, even inside of a single country. It seems that the policies are often written just in case something happens and they collect data from your use of the car (or they record you using the car).
A point I hadn’t considered in the article dealt with the deletion of data when a car is sold. That could get tricky as not only is your usage data in the car, some data might potentially be in a manufacturer’s database. Or it might be stored in devices at a service center. Who knows what gets stored and copied in modern cars as they are serviced. Will we potentially have issues with mechanics or other workers stealing and selling data from entertainment or other information systems in cars? The possibilities make my head hurt in this modern world where everything can, and often does, collect data.
I don’t know what data is stored inside modern vehicles or other systems. In some sense, I think that companies ought to disclose what they collect, and include examples of what this data looks like. Even when I read policies, like this one from Microsoft, I’m not completely sure if I know what data they may be collecting.
The world of data privacy is complex, and as I’ve written before, I’m not even sure exactly how I would like my data handled. I think the GDPR is a good start, but I hope that we continue to evolve protections that ensure humans have more control over their data than the companies that collect it.
Steve Jones
Listen to the podcast at Libsyn, Spotify, or iTunes.
Voice of the DBA 
The value in user data ensures that the private sector will never respect it’s customers privacy without being forced to by government regulation and I say that as someone who doesn’t like more government regulation. As much of a free market capitalists as I am I know humans are humans and those with the power to do so who lack scruples will abuse others to profit themselves. We’ve had enough history with data collection to know how valued it is by the private sector as well as by teh government so if we can ever get government (Here in teh US) to do something along teh lines of the GDPR don’t expect the government to not slice out some kind of exclusion for itself to collect data without any regard for the people it’s getting the data from.
Personally I think all data collection should be illegal without explicit user consent, consent that can not be obtained thru coercive and or punitive measures.
LikeLike
Consent is hard. Often it’s “do you want this product/service, then we need data”, which isn’t really coercive. You can always refuse.
I do think that we don’t care enough about this in the US, though I don’t know where or how to draw a line here.
LikeLike