Car makers slammed over privacy issues

Investigation finds that data collection by many top brands is ‘highly concerning’ for drivers.

3 min read

October 9, 2024 - 12:01AM

Motoring

Sneaky way car companies are taking your cash

Motoring News

Don't miss out on the headlines from Motoring News. Followed categories will be added to My News.

Australia’s top car companies have been slammed for tracking owners’ locations, listening in to conversations and passing personal information to third parties.

But car makers have defended the presence of “Big Brother” tech in vehicles, and claimed privacy concessions are necessary for many services including the ability to automatically call an ambulance following a smash.

Hyundai’s Bluelink app has been criticised by CHOICE.

Rafi Alam, senior campaigns and policy adviser at CHOICE, said seven of the 10 best-selling automotive brands in Australia collected a “highly concerning” level of information about their customers.

“We discovered that Kia, Hyundai and Tesla were the worst offenders when it came to protecting the privacy of their customers,” he said.

“Kia and Hyundai both collect and share voice recognition data with third parties, along with other information.”

The new Kia Carnival has a secret weapon

The report comes as governments in the US and Australia consider security and privacy risks of cars made in China.

While security experts have examined the potential risks posed by Chinese brands such as MG and BYD, mainstream marques such as Toyota have already been busted taking liberties with consumer data.

The Mozilla Foundation investigated 25 automotive brands in September 2023 and reported that cars are “the worst category of products for privacy that we have ever reviewed”, presenting a “privacy nightmare” for people concerned by how data is collected and used.

Many of the privacy concerns stem from connected services being rolled out to new vehicles.

Data collection makes ‘SOS’ emergency services possible.

When Hyundai launched its “Bluelink” smartphone app and on-board connection in 2022, the brand pitched it as an intelligent vehicle that will call an ambulance following a crash, remind you to lock its doors, allow you to open windows or adjust climate control using voice commands, and track the car’s speed and whereabouts when you let people borrow it.

Similarly, the Kia Connect feature in models such as the latest Carnival people mover is billed as a way for owners to set boundaries for young drivers when they borrow the car.

It can send report’s to the owner’s phone showing how the car is driven, where it went and how fast it travelled.

A spokeswoman for Kia Australia said “the Kia Connect service is opt-in … a vehicle cannot be enrolled into Kia Connect without the process being started by the customer. Customers can opt out of Kia Connect by deactivating through the vehicle infotainment system”.

The Kia Connect app allows people to check in on cars remotely.

Similarly, a spokesman for Hyundai said its connected services were not mandatory, but that customers who opt not to use smart features miss out on safety elements such as the ability for the car to make an “SOS” call to send an ambulance to the scene of a crash.

“At Hyundai we take customer data protection very seriously, and implement robust measures to ensure safety and privacy,” he said.

“By leveraging advanced technologies and comprehensive security protocols, Hyundai safeguards customer data against unauthorised access and cyber threats.”

Data communicated to third parties includes vehicle speed and location services necessary to provide live traffic updates to road users.

Smartphone apps are relatively common in new cars.

The many uses for personal information, including permission to conduct marketing research is laid out in Hyundai’s privacy statement and user agreement.

Kia says its collection and storage of customer data “abides by the Privacy Act”.

Associate professor Katharine Kemp, an expert from the Faculty of Law and Justice at the University of New South Wales, said the Privacy Act “is outdated and not up to the task of ensuring fair data practices in connected cars”.

“For example, Australian ‘consent’ standards for data uses are well behind those in jurisdictions such as the EU, and companies rely on quite fictional “consents” by consumers,” she said.

“We also need an updated definition of ‘personal information’ to make sure companies aren’t trying to get out of their privacy obligations for new kinds of data that can single us out as individuals.”

Rafi Alam agreed.

“Australia’s privacy laws are woefully out of date, and certainly not fit for purpose in a market where cars are collecting and sharing personal information en masse,” he said.

“At a minimum, the federal government should implement a fair-and-reasonable-use test, which would legally require businesses to collect and use data in line with consumer expectations.”