Risks of Automotive Data Collection

What are we discussing with our multinational transportation and automotive clients following the new French CNIL - Commission Nationale de l'Informatique et des Libertés guidance on deployment of smart cameras in vehicles. Key points: 🔹 Such cameras pose high risks of breaching the privacy of the persons concerned. 🔹 This applies employer (vehicles for professional drivers) but also to the manufacturer of the system, especially re: data minimization and a DPIA. Data minimization: 🔹 Data minimization requires assessing the data collected and limiting it to a minimum (e.g. only specific periods or risky events triggered); requires just in time disclosure for the employee; honoring employee rights; and conducting a data protection impact assessment For in cabin camera: 🔹 This can only be installed for positions where the risk of accident and the consequences are particularly high (full-time transport of dangerous goods for example). 🔹 To avoid permanent surveillance, you may, for example, decide to: (1) only collect personal data during specific driver evaluation periods; (2) only collect aggregated data corresponding to the number of risky situations encountered by a driver over a given period; (3) only trigger the reporting of information from a certain threshold of detected events; etc. Necessity, DPIA: 🔹 You must demonstrate in a documented manner how the data is necessary to ensure the safety of property and people in order to enable their recording. 🔹 You need to question the effectiveness of such devices and the accuracy of the data collected. 🔹 The carrying out of a DPIA is most of the time necessary and recommended, even when it is not mandatory. In the US: 🔹 The California authority is in the midst of finalizing automated decision making regulations (with a DPIA requirement) and a connected car sweep which should be concluding soon. (https://shorturl.at/vLHz2) 🔹 FTC recently fined Rite Aid for a faulty DPIA in the context of smart CCTV (https://shorturl.at/xMtjJ) Transparency: 🔹 Employees must be informed about the terms of the control and processing of their personal data. If these data may be used for disciplinary purposes, they must also be informed of this 🔹 In the US: CCPA requires a privacy notice to employees and a real time notice at collection; the FTC has stated it is getting involved in employee surveillance 🔹 Works counsel must be consulted 🔹 In the US: The need was stated in the new US Department of Labor on AI in the workplace (though that may be impacted by the policy of the new Trump administration regarding the AI Bill of Rights). (https://shorturl.at/sL54K) Individual rights: 🔹 Drivers must be able to exercise their rights over their personal data with the employer ( right of access , right of opposition , etc.). 🔹 In US: CCPA grants employees similar rights to those in GDPR #dataprivacy #dataprotection #privacyFOMO pic by ChatGPT https://shorturl.at/r6uDd

Cars are no longer just vehicles; they are #surveillance tools on wheels, tracking your every move. General Motors and its subsidiary OnStar recently came under fire from the Federal Trade Commission for secretly collecting and selling drivers’ precise location and behavior #data. Without clear #consent, GM monitored everything from where drivers went to how often they braked hard or drove late at night. This information was then sold to consumer reporting agencies, which used it to influence insurance rates and other financial decisions—often without drivers even realizing it. The FTC alleges that GM misled consumers through a confusing enrollment process for its OnStar Smart Driver program. Many drivers signed up under the impression they were simply accessing safety features or tools to improve driving habits, not consenting to have their every move tracked and subsequently monetized. GM’s practices exposed not just where people traveled but intimate details about their lives, inclduing visits to medical facilities. The FTC’s settlement proposed #today bans GM and OnStar from selling this data for five years and requires them to seek explicit, informed consent before collecting location and behavior data. Consumers must also be given the ability to access, delete, or limit the data collected from their vehicles. Companies view data collection as essential for innovation, but too often, it is used mainly to maximize profit at the expense of transparency and trust. Today the FTC affirms that when it comes to data collection, and really in all areas of life, if you want to be creepy, you have to ask first!

🕵️♂️Forget 007: Your Car is the New Spy, Using Your Driving Data Against You 📈 By 2030, over 95% of passenger cars sold are projected to feature embedded internet connectivity, with McKinsey estimating potential annual revenue of $250 billion to $400 billion from car-data monetization. Exciting prospects, right? But hold on, it's not all smooth driving ahead. 📰Recent reports reveal concerning practices in the automotive industry. General Motors (GM) has been sending driver data to insurance companies, which has been impacting customer rates. 📊For instance, a Seattle driver reported a 21% increase in insurance costs due to GM's OnStar Smart Driver, which collects data on braking, accelerating, and speeding. 🔒 Data Dilemma 📌According to CNBC, by 2030, car connectivity will enable manufacturers to offer safety features, predictive maintenance, and more. However, this also means increased data collection, raising privacy issues. 📌While some opt-out options exist, they're often buried in menus, leaving consumers unaware of their choices. 📌While car data might be useful for safety and functionality purposes, such as predictive maintenance to prevent part failures, some privacy experts say concerns persist as car companies share data with insurers and even venture into insurance themselves, potentially impacting rates based on driving habits. 🛑 Privacy Predicament Jen Caltrider of the Mozilla Foundation warns that excessive data collection by car companies leads to privacy breaches and the sale of sensitive information. A recent Mozilla report gave 25 major car brands failing marks for consumer privacy, signaling a dire situation. ⚖️ Legal Landscape 🔎In response to mounting concerns, the government is scrutinizing car privacy regulations. ⚖️General Motors, facing a consumer lawsuit, announced it ceased sharing driver data with data brokers collaborating with the insurance industry. GM emphasized its commitment to customer trust and is evaluating its privacy processes and policies. 🤔 What's Next? 📌With regulatory efforts underway to address data-sharing practices and privacy violations, the automotive industry is at a crossroads. As consumers, it's crucial to be informed and proactive. 📌Before using connected services, please consider your options for opting out and safeguarding your privacy. ⁉️Do you feel at ease knowing that your car data is being shared with insurance companies and potentially sold to third parties?😕 🛣️ #ConnectedCars #PrivacyMatters #DataEthics #emergingtech #technews #tech #linkedinnews #innovation #techeducation #technology #dataprivacy #trendingnews #breakingnews