If you've spent any time browsing car dealers' sites lately, chances are you've been invited to download an app that would supposedly make your car-shopping faster, easier, and so forth.
Some apps might really do that but you may pay an unexpected price for it in lost privacy.
That's what brought DealerApp Vantage LLC to the attention of the New Jersey Division of Consumer Affairs. The Piscataway, N.J., company develops apps for hundreds of car dealers, each of them customized to reflect the dealer's brand.
But the state agency says that besides providing information to consumers and the dealers who host the app on their websites, DealerApp Vantage also collects and disseminates app users' personal information without their knowledge or permission.
“Online consumers, like all other consumers, have the right to control who can view or transmit their sensitive and private personal information,” said Acting Attorney General John J. Hoffman. “This settlement will assure that the alleged violations of consumer privacy committed by DealerApp will no longer occur and will send a message to companies that violate their customers’ privacy that such conduct is unacceptable.”
The state charged that consumers were never informed that the apps transmitted personal information, not only to the dealership, but also to DealerApp. In addition, the dealerships that bought and utilized apps from DealerApp were also unaware that the company was transmitting the personal information of their customers to DealerApp.
The personal information collected by the apps and allegedly transmitted to DealerApp included the consumer’s name, email address, telephone number, and the Vehicle Identification Number (VIN) of the vehicle purchased, among other data. The state alleged that DealerApp failed to disclose to consumers that this data was being transmitted by DealerApp, in violation of the New Jersey Consumer Fraud Act. Some of the data was provided to third-party data analytics companies, again without disclosure, the state charged.
About 500 dealers world-wide, including 38 in New Jersey, are DealerApp clients.
“The number of threats to online privacy appear to be growing by the day,” said Steve Lee, Acting Director of the New Jersey Division of Consumer Affairs. “No one should be able to profit from the personal information of others that has been obtained through cyber fraud or violations of privacy.”
Among other things, under terms of the settlement, DealerApp must:
clearly and conspicuously disclose to its dealership customers the types of personal information it collects through its apps;
provide disclosures within its privacy policies that clearly and conspicuously disclose the types of personal information it collects from consumers through its apps;
provide disclosures within its privacy policies that clearly and conspicuously disclose its use of any third-party data analytics companies and what information such companies may collect from consumers’ use of its apps;
not sell, rent, or otherwise transfer personal information to persons or entities other than the dealership customer for which the mobile app in question was customized, without those consumers’ express consent or providing proper disclosure and offering a mechanism for opting-out such practice; and
- not engage in any unfair or deceptive acts or practices in the conduct of any business, and complying with all applicable laws and regulations in its future business dealings.