As the auto-industry hurtles ever faster towards a future in which every car incorporates a computer that tracks its users every move, US automakers have sent a letter to the FCC, volunteering a set of principles in which they promise to ‘implement reasonable measures’ to protect customers’ ‘sensitive information, like geolocation data and driver behavior information.’
However, despite claims that these promises ‘demonstrate [our] commitment to our customers’ and ‘reflect a major step in protecting consumer information,’ they are so vaguely worded as be practically meaningless,
‘Data Minimization, De-Identification & Retention: Participating Members commit to collecting Covered Information only as needed for legitimate business purposes. Participating Members commit to retaining Covered Information no longer than they determine necessary for legitimate business purposes.’
Um… so what does ‘legitimate purposes’ actually mean? In a similar vein,
‘Participating Members commit to implementing reasonable measures to protect Covered Information against unauthorized access or use.’
Again, what does ‘reasonable measure’ really mean? These are vaguely worded assurances that say absolutely nothing. About the only concrete promise made in the letter is,
‘Participating Members commit to providing Owners and Registered. Users with ready access to clear, meaningful notices about the Participating. Member’s collection, use, and sharing of Covered Information.’
…Which, as TechDirt observes, amounts to little more than saying ‘hey, here’s some fine print saying we’re selling your location data now.’
Very worryingly, most smart car technology is DRM protected, and car users will have not have much say in what happens to their data, and, as even president of the Alliance of Automobile Manufacturers, Mitch Bainwol notes, this information is not trivial,
‘There is going to be a huge amount of metadata that companies would like to mine to send advertisements to you in your vehicle.’
Marc Rotenberg, executive director of the Electronic Privacy Information Center, argues that the only prevent car manufactures invading users’ privacy is through legislation,
‘You just don’t want your car spying on you. That’s the practical consequence of a lot of the new technologies that are being built into cars.’
Unsurprisingly, auto manufacturers are dead set against any such move, saying they would be too ‘prescriptive’.
Without legislation, however, we will just have to rely on the good will and meaningless promises made by an industry (and its high-tech partners) that have done little so far to inspire trust when it comes to protecting customers’ privacy.