What data is my car collecting?

The idea of a connected car is both comforting and completely terrifying!

With huge advances in connectivity, the simple task of driving has become a lot more productive and convenient.

With satellite navigation, we no longer get lost or need to carry a Melways or Sydways (remember those) in the door pocket to find a new destination.

Bluetooth allows us to use mobile phones more safely as well as choose the music we want to listen to rather than endless commercials on the radio. Cameras are eliminating expensive – and preventable – shopping centre bingles. And high-tech safety systems can (almost) take control of the car in a traffic jam.

Many new cars also brag about over-the-air (OTA) updates that will ensure its suite of electronic functions remain at the cutting edge over its lifetime and have smartphone apps that keep the owner and vehicle connected even when they’re apart.

And the European Union has demanded that all new vehicles must be fitted with what they term as an ‘Event Data Recorder’, a device similar to an aircraft ‘black box’ that stores critical information in the event of an accident.

But be aware, these modern conveniences all come at a price to your privacy.

A recent study by the Mozilla Foundation – a not-for-profit internet research organisation (yep, the same ones that designed Firefox to bust the browser monopoly) – found that car-makers are among the worse purveyors in recording, reselling and profiting from personal data collection.

It reviewed 25 of the most popular car brands – from Toyota to Tesla, as well as the likes of BMW, Mercedes-Benz, Nissan, Hyundai, Kia, Honda, Subaru and Volkswagen – and claims that “every car brand we looked at collects more personal data than necessary and uses that information for a reason other than to operate your vehicle and manage their relationship with you”.

It says the 84 per cent of those brands can share (at least in the US), and 76 per cent can sell, your vehicle’s data to third parties and more than half can provide information to government or law enforcement agencies when requested. Not through a warrant. Just by asking for it.

So, let’s look at what your car knows about you, and how car-makers are using this data.

Modern cars – even the most basic – are controlled by a collection of computers that manage the engine, transmission and emissions systems.

These are predominantly used to ensure your vehicle operates properly across a wide variety of environmental conditions and, through a complex array of sensors, identifying potential issues before they become a major problem.

This information is used to provide useful real-time information when driving, such as the odometer reading, trip computer, fuel consumption, engine temperatures and gear selection, and will activate warning lights and/or servicing recommendations if a fault code is detected.

Only a limited portion of this data can be accessed by qualified technicians via specialised diagnostic tools to precisely determine any mechanical issues. This, in turn, ensures more accurate, efficient, affordable and (potentially) faster regular maintenance visits and/or repairs.

As for the car-makers, they can use this data to identify and rectify potential long-term reliability issues and monitor emissions reduction strategies, but also any opportunity to communicate with existing customers is a chance to ‘upsell’ a newer model or promote the latest accessories and/or merchandise.

However, the computer does record more information that can identify specific driving behaviours.

With the arrival of technologies such as electronic (fly-by-wire) throttles, electronic power steering and safety systems such as anti-lock brakes, electronic stability control and more, the computer system knows exactly how you use your car, and whether you’re a smooth or aggressive driver.

This, as a positive, can be used to adapt some of the vehicle’s functions to better suit your driving style, such as altering the throttle map to be fuel efficient or holding lower gears for longer for more enthusiastic drivers.

However, some insurance companies offer the ability to tap into the car’s computer system and monitor real-time driving behaviour to assess risk, which subsequently determines the price of individual premiums.

Fleet operators can also use this information – under the term ‘telematics’ – to monitor driver behaviour among company car users, helping them to lower costs through reduced fuel consumption bills and/or improving driving standards.

The latest advances in safety have all arisen from the inclusion of high-tech sensors and cameras that detect objects in and outside of the vehicle to prevent, or reduce the impact of, a potentially harmful accident.

Now, this is a good thing, and the data is predominantly being used to further improve road safety. It is also critical in the future development of autonomous driving.

But a report early last year highlighted how invasive this technology could become, as nine former Tesla employees admitted to sharing videos and photos via an internal messaging system that were recorded by Tesla customers from their cars.

One instance allegedly showed an owner approaching his vehicle while naked while another showed an incident where an owner travelling at high speed hit a child riding a bicycle.

While Tesla claimed its “camera recordings remain anonymous and are not linked to you or your vehicle”, seven of the nine former employees said the videos show location data on the video screen.

Satellite navigation uses the global positioning system (GPS) to accurately pinpoint the location of your vehicle so it can be overlayed onto the road network to guide you to a destination on the quickest, most convenient or most affordable route. What would we do without it?

And that means it precisely knows where you are at any point in time.

It can provide a record of where you’ve come from (most GPS systems now automatically determine a ‘home’ location from the time spent and frequency visited), how often you drive the same route and regular times and distances.

Embedded sat-nav is a handy tool, and now commonplace in all but the most budget-friendly economy cars. Even then, with smartphone mirroring functions like Apple CarPlay and Android Auto, almost every new car on-sale in Australia has access to sat-nav.

It has improved dramatically over time too, using collective data to provide real-time traffic information, alerts for dangerous conditions and faster response times for emergency services.

While location data is hugely beneficial, it is arguably the most invasive and has the potential to be the most profitable for car-makers.

With this information, car-makers can, for starters, more accurately determine certain demographics for the brand and individual models in order to centralise marketing material and campaigns to certain regions, routes and locations, even as micro as shopping centres.

They can also use it to build a stronger network of dealers by focusing retail efforts, or model lines, to certain areas.

But they can also share (or sell) this information to third-party service providers.

That’s why you might see, for example, the logo for certain fuel stations or fast-food chains popping up on the map display and not others.

In the future, location data could also be used to pre-empt the requirements of users through in-vehicle advertising with owners paying a premium (like subscription providers such as Spotify) to have it turned off.

Similarly, your car is constantly monitoring what you’re listening to via the audio system, how often you’re on the phone and what type of devices are being connected to the vehicle.

This is used by car-makers to improve the experience by refining existing features and developing newer, more convenient connectivity solutions. They can also use it (as an anonymous data set) to create unique ‘personas’ for model lines and focus their marketing by tapping into trends.

But, like location data, this information can also be shared to service providers for targeting unique owner groups.

Many car-makers are offering what they term as connected services with a smartphone app that links users with their vehicle.

This brings numerous benefits, including being able to monitor the vehicle remotely (some even provide access to cameras), find its location and, particularly for electric vehicles, live updates on charging status.

But it also opens a Pandora’s Box by providing car-makers with even more personal data from your smartphone including your location even when you’re not driving and the ability to always communicate with owners through notifications.

Some brands are starting to use their connected services facility to ‘upsell’ owners by unlocking features that are already installed in their vehicle via subscriptions. BMW Australia has already implemented this system, offering numerous functions – such as remote parking assistance and even adaptive suspension on some models – for a monthly fee.

The next phase of data collection will be even more personal: your health.

Car-makers have begun to install biometric sensors that can monitor physical elements such as heart rate, fatigue and stress levels.

On face value, this is designed to ensure owners are fit and aware enough to be operating a potentially dangerous machine such as a car.

Fatigue monitoring has been around for a decade or so, and basic systems will record inputs through the steering wheel and use the lane keeping assistance measurements to determine if the driver is drowsy or distracted.

More modern systems now have cameras that monitor eye movements for more accurate assessments, and numerous car-makers have floated the idea of integrating heart rate monitors through the seats or steering wheel. This, they say, can immediately call emergency services, providing the precise location of the vehicle, in the event the driver suffers a heart attack.

However, biometric data offers a huge opportunity for car-makers – as it did with Apple with its Health App when linked to an iPhone or Apple watch – to tap into the global wellness economy, which was reported to be worth more than $6 trillion in 2022.

Mercedes-Benz has already started to introduce wellness functionality into its range-topping vehicles, with the latest-generation S-Class automatically altering the ambient lighting, choice of music, air-conditioning and massaging seat settings according to the stress level of its driver (if they are wearing a specific smart watch and subscribe to the Mercedes Me Energizing smartphone app).

Up until recently, most vehicle data could only be accessed by car-makers when the vehicle is ‘captured’ – either by being connected to diagnostic tools when servicing, or when linked through connected services via a smartphone.

But now car-makers are permanently linking vehicles (and owners) to the internet through the auspices of what’s called over-the-air (OTA) updates. This, again on face value, offers numerous benefits in that the vehicle’s software functions don’t become obsolete over time as they will be regularly updated to fix bugs or install new functions.

But it also means the vehicle is constantly connected to the car-maker, and while it may be downloading fancy new widgets, it is also uploading vehicle data.

As mentioned at the top of this article, the European Union announced in 2019 that all vehicles sold in Europe by 2022 must be equipped with an Event Data Recorder that constantly monitors parameters such as vehicle speed, driver inputs and more, including whether seat belts are fastened.

It is intended that the recorders will only store information for the last five seconds prior to an ‘event’. The EU claimed this data “will help to obtain more accurate and complete accidentology data to be used for accident research and analysis”.

All data is intended to be anonymised and, unlike aircraft black boxes, it won’t include voice recordings from within the cabin.

The amount of information currently being collected by cars, and the untapped potential for car-makers to become the world’s biggest data miners, has rung alarm bells among privacy advocates.

In an article published recently on ‘The Conversation’ by Dr Katherine Kemp, the Associate Professor, Faculty of Law and Justice, and Deputy Director, Allens Hub for Technology, Law and Innovation at the University of New South Wales, said: “Australia’s privacy laws aren’t up to the task of protecting the vast amount of information collected and shared by car companies.

“Australia’s privacy laws need urgent reform. We also need international co-operation on enforcing privacy regulation for car manufacturers.”

The Australian government last year announced it will review the Privacy Act to “bring it into the digital age” following the Australian Competition and Consumer Commission’s (ACCC) 2019 Digital Platforms Inquiry.

And while the proposed changes are wide-ranging, the Federal Chamber of Automotive Industries (FCAI) subsequently made a submission to the Governor General’s office arguing against many of the reforms and offered its own Voluntary Code of Conduct for Automotive Data and Privacy Protection.

Kemp said the FCAI’s proposed Code of Conduct is “weak” and “seems designed to comfort consumers without adding any privacy protection beyond existing legal obligations.”