The Detroit News highlights a new report from the Government Accountability Office concerning drivers’ location data and privacy. The report, “In-car Location-based Services: Companies Are Taking Steps to Protect Privacy, but Some Risks May Not Be Clear to Consumers” (GAO pdf; archive pdf), raises questions about automakers’ collection of drivers’ location information. The Detroit News reports:
WashingtonÂ â€” A government report finds that major automakers are keeping information about where drivers have been â€” collected from onboard navigation systems â€” for varying lengths of time. Owners of those cars canâ€™t demand that the information be destroyed. And, says the U.S. senator requesting the investigation, that raises questions about driver privacy.
The Government Accountability Office in a report released Monday found major automakers have differing policies about how much data they collect and how long they keep it. […]
The agency said privacy advocates worry location data could be used to market to individuals and to â€œtrack where consumers are, which can in turn be used to steal their identity, stalk them or monitor them without their knowledge. In addition, location data can be used to infer other sensitive information about individuals such as their religious affiliation or political activities.â€
Sen. Al Franken, D-Minn., who chairs a judiciary committee on privacy and requested the report, said Monday that more work needs to be done to ensure privacy protections for in-car navigation systems and mapping apps. He plans to reintroduce his location privacy legislation sometime this year. […]
In addition to navigation systems, there are other ways vehicles can collect information: Event data recorders, known as â€œblack boxes,â€ store data in the event of crashes. Transponders like EZ-PASS transmit location and are used in some instances by law enforcement and for research. Some owners also agree to monitoring of driving habits to qualify for lower insurance rates or to keep tabs on teen drivers.
The report said â€œcompanies should safeguard location data, in part, by de-identifying them; that companies should not keep location data longer than needed; and that such data should be deleted after a specific amount of time.â€ It found companies use different de-identification methods that may lead to varying levels of protection. It also found wide variation in how long they keep information. […]
The GAO also found one developer of mobile apps did not encrypt transmitted information, and the agency was able to view locations and other information such as passwords.