Do connected cars pose a privacy threat?

A data strategist has claimed that connected car apps can pose a threat to privacy, with previous owners able to access data on the existing user.

The privacy implications of Internet of Things (IoT) devices are well known. But according to Matt Watts, data strategist and director of technology at NetApp, apps for connected cars could be used by previous owners to call up all kinds of information about the current owner.

It seems that the only solution is for the previous owner to voluntarily disconnect from the app. Mr Watts discovered this the hard way, after buying a car and writing to the manufacturer when he found out that the previous owner was still connected to the app tracking the car.

The car manufacturer wrote to Mr Watts saying:
“We are not in a position to remove owner without their permission, previous owners would normally disconnect before they sell the car or if we took it in ‘part-ex’ we would have their written authority to remove from the system.

“I would suggest you contact the previous owner and ask them to disconnect their car from the system (this can be done by them on their App) when this is carried out we would be happy to connect you with proof of ownership.”

In a blog post, Mr Watts said with incredulity: “Contact the previous owner!!! The process to get the manufacturer to update the online details for the vehicle is for me to try and find the previous owner and get them to do it for me.”

He continued: “Many of the cars that are sold today have these features, they are collecting vast quantities of data about the vehicle during its lifetime and therefore your behaviour, location, destinations, and the vast majority of these cars go through the Independent dealer market.”

And “User data and information should be the very first consideration in developing new systems and capabilities, not an afterthought.”

To put it another way, it seems such apps need some ‘Privacy by Design and Default’, a key part of GDPR.


Photo: Creative Commons

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.