What happens when your phone links up with the connected car you rent at an airport? London-based Privacy International, which describes itself as a global movement for the protection of privacy, puts it this way: “You switch on the Bluetooth and see a list of other people’s phones that were previously connected—Mike’s iPhone, Samsung Galaxy, Bikerboy_Troi, Dee Dee. You input your journey into the navigation, perhaps noticing stored locations of previous drivers.” And of course, subsequent renters can find similar information about you.
This access to information can have a salutary effect. Privacy International says a car owner in Baltimore was able to use device names stored in his Jeep’s Connect system to track down on Instagram teenagers who took his vehicle for a joy ride. In fact, the organization reports, “The UK Metropolitan Polices’ ‘Digital Control Strategy’ identifies infotainment systems in cars, which store this information, as a new forensic opportunity.”
The downside, Privacy International reports, is that car owners have little understanding of or control over the data their cars generate and to whom it might be sold. The situation is exacerbated when your data might be available from the many vehicles you might rent throughout the year. The organization notes, “While the rental companies Privacy International reached out to claimed they do not currently benefit from infotainment system data, a wide variety of companies are vying with manufacturers to capitalize on the exploitation of drivers’ data. BVRLA, the trade body for the vehicle rental and leasing sector, stated in a policy update that ‘the industry is experiencing an explosion in the amount of data that is generated and processed. It is heralding a new era of technological and business convergence involving OEM’s, mobile network operators, insurers, software companies, and fleet operators (i.e. car rental companies). Collecting, analyzing and delivering services based on this data will be a key revenue stream.’”
Commenting on the Privacy International report, London-based reporter Danny Palmer at ZDNet notes that rental car companies generally consider it an individual’s responsibility to delete their data before returning a rental car. If there is good news, in Europe anyway, it’s that at least two rental-car companies are working on policies to protect user data in anticipation of the upcoming EU General Data Protection Regulation (GDPR).
Palmer quotes Privacy International’s Graham Wood as saying, “What needs to happen immediately is that car rental and car sharing schemes need to completely review how they approach this data and to provide very clear instructions to drivers. But they also need to do it themselves: the onus shouldn’t be left on the customers—in the same way a car is cleaned, the data should be wiped.”
You can read the full Privacy International report here.
