Connected Cars’ Illegal Data Collection and Use Now on FTC's “Radar”
upstart writes:
The regulator is warning OEMs to respect data privacy or it will get mad:
The Federal Trade Commission's Office of Technology has issued a warning to automakers that sell connected cars. Companies that offer such products "do not have the free license to monetize people's information beyond purposes needed to provide their requested product or service," it wrote in a blog post on Tuesday. Just because executives and investors want recurring revenue streams, that does not "outweigh the need for meaningful privacy safeguards," the FTC wrote.
Based on your feedback, connected cars might be one of the least-popular modern inventions among the Ars readership. And who can blame them? Last January, a security researcher revealed that a vehicle identification number was sufficient to access remote services for multiple different makes, and yet more had APIs that were easily hackable.
Later, in 2023, the Mozilla Foundation published an extensive report examining the various automakers' policies regarding the use of data from connected cars; the report concluded that "cars are the worst product category we have ever reviewed for privacy."
Those were rather abstract cases, but earlier this year, we saw a very concrete misuse of connected car data. Writing for The New York Times, Kash Hill learned that owners of connected vehicles made by General Motors had been unwittingly enrolled in OnStar's Smart Driver program and that their driving data had been shared with their insurance company, resulting in soaring insurance premiums.
[...] The FTC says that automakers and other businesses must protect users' data against illegal collection, use, and disclosure. It points to recent enforcement actions against companies in other sectors that have illegally collected or used geolocation data, surreptitiously disclosed sensitive user data, and illegally used sensitive data for automated decisions.
The FTC says the easiest way to comply is to not collect the data in the first place.
Read more of this story at SoylentNews.