A new report from the Government Accountability Office finds that several major automakers and GPS manufacturers collect information about your location from on-board navigation systems.
In some cases, they also retain the information for at least a little while and sometimes share it with third parties.
According to the report, the companies can 'track where consumers are, which can in turn be used to steal their identity, stalk them or monitor them without their knowledge. In addition, location data can be used to infer other sensitive information about individuals such as their religious affiliation or political activities.'
Sen. Al Franken (D-Minn.) requested the investigation and said the findings demonstrate that while companies providing in-car location services have taken concrete steps to protect their customers' privacy, more work needs to be done.
"Modern technology now allows drivers to get turn-by-turn directions in a matter of seconds, but our privacy laws haven't kept pace with these enormous advances," Franken said. "Companies providing in-car location services are taking their customers' privacy seriously — but this report shows that Minnesotans and people across the country need much more information about how the data are being collected, what they're being used for, and how they're being shared with third parties."
"Just common sense"
Franken said the report also underscores the need for him to reintroduce and pass a location privacy bill that made it through committee in 2012 but didn't achieve final Senate passage.
"It's just common sense that all companies should get their customers' clear permission before they collect or share their location information," Franken said in a prepared statement.
The report evaluated privacy protections provided by in-car navigations systems (e.g. OnStar), portable navigation devices (e.g. TomToms and Garmins), and mapping apps (e.g. Google Maps).
Ultimately, GAO found that while companies take various positive steps to protect the location information of drivers, they need to be more forthcoming to consumers about the data they collect, how they use them, and if and why they share them with third parties.
Franken, Chairman of the Judiciary Subcommittee on Privacy, Technology, and the Law, has made technology and privacy a key concern. He has pushed several companies on the privacy implications of new technologies.
In September, he raised privacy questions about Apple's new iPhone fingerprint technology and also pressed Facebook to reconsider the potential expansion of its facial recognition program. After Facebook proceeded with the expansion anyway, Franken successfully pressed the Department of Commerce to convene privacy advocates and industry stakeholders to examine the privacy implications of facial recognition technology.
According to the report, even if a motorist wants data about their travel destroyed, the entity collecting the data isn't required to destroy it.
AAA urges caution
AAA said the repoprt demonstrates the need for companies to protect consumer rights through the principles of transparency, access, control, choice and security.
“Connected cars can dramatically improve the driving experience, but companies must be responsible in their use of consumer information,” said Bob Darbelnet, President and CEO of AAA. “The data that today can be routinely collected by cars includes some of the most sensitive data that can be collected about a person, including information about their precise location and driving habits.”
“Companies have an obligation to protect consumer rights when offering connected car services,” said Darbelnet. “It is a positive sign that automakers have taken initial steps to address the privacy and security of location data, but more must be done to reduce potential risks faced by consumers.”