Smart Cars Collect a Lot of Data. FTC Wants to Know How It's Used.


While some types of information may make drivers safer, others are more geared toward selling ads.

As cars become more connected to the internet and collect more data on their drivers, consumer advocates are working to protect data privacy and cybersecurity on the road.

The Federal Trade Commission published a report Wednesday offering insight on what data cars may collect on their passengers and how that data may get used, as well as addressing concerns many have raised regarding smart cars’ susceptibility to hacking.

The report summarized a June workshop hosted by FTC and National Highway Traffic Safety Administration that discussed possible uses of the information many smart cars collect on people’s location, driving habits and app usage. While some data could drastically improve drivers’ safety on the road, other types of information collected may have more to do with marketing to consumers than preserving their well-being.

Different approaches may be needed based on whether the data is safety-critical, the report said. For instance, “it may not be appropriate” for consumers to opt out of sharing speed and directional information for their vehicle with other cars on the road. While this sharing helps prevent crashes, information transmitted from a driver’s smartphone to a car’s infotainment system does not, so consumers should have more control over their data.

Educating consumers on the options they have for data collection and usage “is critical to consumer acceptance and adoption of the emerging technologies behind connected cars,” the report stated. To serve this end, experts suggested FTC create a portal where people could compare different companies’ privacy policies.

FTC noted that before cars connected to the internet, hackers needed physical access to the vehicle’s functions, whereas now it’s possible for them to control multiple cars remotely. Creating best practices for how companies could design vehicles to make them less susceptible to cyberattacks is crucial to ensuring drivers’ safety, especially as the prospect of driverless vehicles becomes almost inevitable.

The report suggested automotive industry groups share more information to limit the extent that vulnerabilities get exploited and that companies separate safety-critical operations from other functions when designing vehicles’ networks. FTC staff said they will continue monitoring the auto industry to “protect consumers from unfair or deceptive practices” and “foster innovation while protecting the privacy and security of consumer information.”