The Data Privacy Scare in Automobiles.

The Data Privacy Scare in Automobiles.

Article by Tsaaro

7 min read

The Data Privacy Scare in Automobiles.


When Karl Benz first applied for a patent for his “vehicle powered by a gas engine” in 1886, we are sure he wouldn’t have imagined what the future of cars that we see today would be like. Obviously, we need to keep aside the idea of flying cars that are still a thing of the future. The automobile sector, much like every other sector, has evolved, and the game has changed. 

As you would’ve guessed already, this game is data-driven. But how exactly are data privacy and automobiles connected? Recently, a case came up in the USA where the Police searched the Data collected from the card without a search warrant. This article will give you an understanding of what connected cars are and how privacy legislation affects the data connected by these cars.

Starting from the Basics

To understand what connected cars are, one needs to understand the basics, i.e. the Internet of Things (IoT). It is here did the concept of easing out our everyday work evolved, and for such ease, it was important for our everyday devices to be connected to the internet.

Hence, the electronics market has been through a revolution where almost every device can now be connected to an internet network and connected from the comfort of your phone screen, or even better, voice assistants like Alexa, Siri, Google Assistant, etc. 

What are Connected Cars?

Quite simply put, a car that can be connected to the internet is a connected car. These cars are connected to the internet with the help of  Wireless Local Area Network (WLAN). This enables the cars to share internet access and data with devices inside and outside the vehicle.

Connected cars have the potential to revolutionise convenience and road safety, but they’ll require data, your data.

How are connected cars revolutionising our world?

Take a minute to think of what features you want in your car, so your everyday life becomes easy. Now that you have thought of a few let me help add a few to your list. 

The different seat settings and temperature settings of other members of the same family who drive the car. If my car would essentially remember how different members of my family prefer their seat position to be at and what temperature do they like their A/C on, at what degrees do they keep their side view and rearview mirrors, with just a touch on the screen, it would make my life easier. 

But this is one such example of how connected cars can ease our lives out. With a whole set of technological advancements and adding new features by the manufacturers, this allows for an improvement in the overall experience of driving and ownership and several security features. 

Away from examples of a prospective feature of these connected cars, a few features are already in use. 

Connectivity between the App and the Car

Automobile manufacturers now offer a smartphone app that links to the vehicle via the wireless network. The software allows users to control automotive features like door locking/unlocking, sunroof opening, engine start/stop, climate control, headlight on/off, and horn honking from afar. The app will also assist in the vehicle’s location using the inbuilt GPS.


Geo-fencing is a critical security element included with connected automobiles. In simple terms, it draws a geographical boundary on the map and sends an alarm to the owner if the car crosses it. The geo-fencing may be configured via the smartphone app, and this function can come in handy if you’re concerned about theft of your car.

Vehicle to Vehicle Communication

Connected Cars can communicate with each other owing to vehicle-to-vehicle connectivity technology. The V-2-V allows information such as traffic flow, road conditions, speed limits, and more to be shared. Autonomous vehicles, regarded as the future of mobility, will rely heavily on V-2-V technology.


You can connect to various pre-loaded entertainment services/apps in a connected vehicle. You can listen to music, watch videos, or listen to the internet radio (when the car is parked). Aside from that, you can use apps to connect your smartphone to the car’s infotainment system and control the audio/video from afar.

Remote Parking

As the name suggests, some high-end connected cars even allow you to park the vehicle remotely. Yes, you may get out of your car and manoeuvre it into the chosen parking spot using either a button in the smart key or by some feature in the smartphone app. This feature will come in helpful while parking in tight places or when you are unsure about parking in a congested region.


Connected cars provide a number of essential security features, including real-time location sharing and tracking, emergency SOS calls in an accident, roadside help in the event of a vehicle failure, and much more. These intelligent safety features, in addition to the onboard safety equipment, come in handy during challenging conditions.

What does the data protection law have to do with connected cars?

To understand the data privacy concerns these cars raise, it is essential to keep track of their data. As per Intel’s research, a car can create several terabytes of data every hour. Such data generated is a compilation of several personal data, including driving patterns, destinations, speed and other information collected by car sensors.

As a result, most data will be considered personal data if it can be identified directly (like a name) or indirectly (like speed or distance travelled)—three main types of data are at stake in connected automobile technology.

To begin with, geolocation data, like personal habits and interests, might reveal sensitive information. Frequent visits to places of worship, for example, can reveal sensitive personal information about religious affiliations.

In connected automobile technology, biometric data can be used to unlock a vehicle, authenticate the driver, or access a driver’s settings or preferences.

Finally, connected cars may give information on criminal activity. For example, the vehicle’s speed combined with geolocation data could disclose a speeding violation.

As a result, such data can only be processed under the supervision of official authority or where it is permitted by EU or state law.

What can Automakers incorporate to ensure compliance with privacy legislation?

In general, connected car data is personal information processed per legal and technical standards such as the GDPR or the CCPA. Some data protection rules, such as those in Nevada and California (CCPA), treat personal vehicle data expressly, although the majority do not.

Incorporating an end-to-end consent and opting-out system.

Ensuring that for any 3rd party service opted by the customer, the Original Equipment Manufacturer (OEM), i.e. the car manufacturer here, takes the responsibility to receive consent for availing services from them and at the same time allowing them to opt-out of the service from the 3rd party, through their applications. This system of consenting and opting-out is connected end-to-end between the OEM and the User, and the user doesn’t have to rely on a 3rd party service provider.

Provisioning options, even when not mandated by law

According to the IBM Institute of Business Value, 62 per cent of consumers would choose one car brand over another if it offered better protection and privacy. Hence, when an OEM asks for consent from its users to share a specific set of data, even though they aren’t mandated by law to do so, this creates a secure feeling for the user, increasing their trust in the OEM.

Ensure information delivery without complexities.

When we ask you to provide your users with options to allow you to access a specific set of data, we also want you to realise the user is not happy reading lines and lines of complex statements filled with legal jargon; hence OEM’s need to ensure that their request seeking permission to access the specific set of data, is simple and easy for the user to understand. A cherry on the top would be to ensure their application has engaging ways to help users understand the meaning behind such permission.

Incorporating the Approach of Privacy by Design

Connected cars can generate far more data than any single application or service requires. The ideal practice for each service is to acquire only the data necessary to meet its objectives.

Putting Data Anonymization to use

Anonymisation is a data-processing process that removes or modifies personally identifiable information, resulting in data that cannot be linked to a specific person. Using this process is essential for when car data has been lawfully de-identified, collected, and protected to protect drivers’ privacy.


In the case mentioned in the introduction, it has been held by the Supreme Court that the police is required to have a warrant to search through a phone. At the same time, such protection is not extended to the information collected and stored in the car’s system solely because of the exception given to automobiles in the 4th Amendment, established after in the 1925 Carroll v. United States Case, Supreme Court.

The manner in which the automobile industry has developed over time in the past few years to ensure that user comfort is a priority. This race for prioritising user experience has led to enormous advancements in technology and with such improvements come up the issue regarding privacy. The data collected from these connected cars is under threat because of underlying technological gaps and compliance issues. We introduce you to concepts that can be kept in mind while advancing further.

This article was written by Ayush Sahay.

1 thought on “The Data Privacy Scare in Automobiles.”

  1. Excellent insights! Your breakdown of the topic is clear and concise. For further exploration, I recommend visiting: READ MORE. Keen to hear everyone’s opinions!

Leave a Reply

Your email address will not be published. Required fields are marked *

Shubham Bansal

INTRODUCTION:  The enactment of the Digital Personal Data Protection Act, 2023, marks a significant milestone in the realm of data …

Shubham Bansal

Introduction  The introduction of the DPDPA, 2023 has brought in the opportunity for various sectors including the pharma companies to …

Shubham Bansal

INTRODUCTION:  The enactment of data protection legislation across various jurisdictions have necessitated strict mandates to protect people’s personal information. India …

Shubham Bansal

Introduction  In today’s digital age, data protection and privacy are crucial for businesses, especially those operating online. As companies increasingly …

Shubham Bansal

INTRODUCTION Last year, India achieved a significant mark when the long-awaited data protection legislation known as the Digital Personal Data …


Would you like to read regular updates from Tsaaro.
Subscribe to our newsletter

Our Latest Blogs

Read what the latest hapennings in the cyber world are and learn what the
experts have to say about them