— A study conducted by the U.S. Government Accountability Office (GAO) found that automakers and the government need to do a better job at protecting private data from electronically connected vehicles.
The GAO decided to conduct the study because of the growing prevalence of electronically connected cars that use wireless systems to transmit and receive data. The GAO study sought to learn how federal agencies collect, use and share privacy data from connected vehicles from 16 automakers.
Researchers found that 13 of 16 automakers collect and share data such as the car's location, tire pressure readings and many other functions of a connected vehicle.
The companies allegedly use the collected data for research and development and to provide various services to consumers, but all 13 companies deny they share or sell privacy data to third parties. The GAO says this could easily change as the number of connected driverless cars start crowding the roads.
While automakers deny they sell private data to third parties, researchers discovered multiple problems with the privacy notices supplied by the automakers. For example, the 13 automakers have privacy notices that can be accessed easily for their cars, but none of the notices are written clearly.
In addition, although the notices are supposed to define how private data is used, the GAO found that none of the notices actually describe the practices of how data is used and shared.
A big problem researchers discovered involves opting out of allowing a manufacturer to collect privacy data. The GAO determined that while a consumer can block a company from collecting data, choosing that option also means opting out of all connected car services.
The researchers further found that NHTSA has not clearly defined its roles and responsibilities as they relate to the privacy of vehicle data and only included privacy expectations in voluntary guidance. This leaves every automaker the choice to address consumer privacy as it sees fit, without any mandated rules from NHTSA.
In response to the study, some automakers say they don't understand NHTSA's role in data privacy and wonder if NHTSA even has the authority to address privacy issues.
Although all the news wasn't bad, the GAO recommends that NHTSA define, document, and clearly communicate its roles and responsibilities related to the privacy of data generated by and collected from vehicles.
