I first met Andrea Amico when he was President of global logistics firm, Jack Cooper. Within this role, he used to run a very large used vehicle inspection company and noticed how heavy of a digital footprint people left in cars they no longer own. And not by choice.
Despite not having a background in IT, he noticed how easy it was to access the data that remained in customers’ cars, long after they were gone. Millions of second-hand vehicles that were being transported around the world still had all kinds of personal data onboard that anyone could access, posing a huge problem for the industry, especially as vehicles become more connected to consumers.
While many in the industry had noticed this issue, Amico and his team were the first to address this problem with a large-sample statistical study of what data people leave behind, how often, and what the underlying drivers of these issues.
“That was six years ago,” he tells me. “Since then our understanding of the problem has become far wider and deeper, including disclosing to the Automotive Information Sharing and Analysis Center (Auto-ISAC) some research we developed, including demonstrating how easy it is to extract nonpublic personal information from vehicles of 22 different makes.”
Things are changing, with different regions around the world raising the profile of data security. For example, the State of Michigan issued a warning in March on the risk of identity theft perpetrated by extracting data from vehicles and told its residents to delete their data when they get rid of their vehicle.
Although the automotive industry has prioritised safety, it has only been on the physical side of things. Think crash tests, recalls and general passenger protection. When you look at the development of mobility, with cars commonly being labeled as mobile phones on wheels, the industry and its consumers are at great risk.
We need to find a way to transfer this focus to the digital aspect of vehicle product, whilst raising the profile of cyber-security and data protection.
“Cars today are a network of computers, so this narrow definition of safety can no longer be sufficient,” says Amico. “Companies are putting a much bigger focus on cyber-security than just a few years ago, although many of these efforts are still focused on physical safety, such as preventing a hacker from taking over the braking or steering.”
“This is mainly because physical safety is heavily regulated, but that is changing too. I mean, if you worry about your own computer being hacked, do you worry that the keyboard will electrocute you or that your personal information will be used against you?” he questions.
For Amico, it is clearly the latter; as the amount of personal information that is generated and captured by vehicles grows exponentially, thanks to connected vehicles and mobility models, so is the risk and the liability of not protecting that information.
What makes matters worse, most major car rental companies already have class-action lawsuits against them for not deleting users’ personal data left in rental vehicles. This puts millions around the world at risk of identity theft. Something needs to be done.
Sharing Isn’t Caring
The reality today is if you sync your phone with a vehicle infotainment system at any level, you are leaving your data in it. And, ultimately, companies and their services will blame you.
In terms of mobility, most companies have legally handed the responsibility over to users, included in the fine print. However, thanks to new privacy laws, this may be a thing of the past.
“In Europe for example, the European Data Protection Board issued some very clear guidelines saying that GDPR and ePrivacy laws require the controller to delete the personal data of the customers after every hand-off,” adds Amico. “In other words, the fine print disclaimers are not a valid defense. In fact, companies are legally obligated to make sure the personal data of a customer cannot be exposed to another customer.”
It all comes down to trust and consumers are quickly becoming more worried about the personal data that can still be found in shared cars. This is where Privacy4Cars comes in, providing a Software Development Kit (SDK) which notifies users to delete their data on shared transport and helps them achieve it in a seamless manner.
Not only has it received an overwhelming response from consumers, but also businesses from insurance, telematics and mobility companies. This tool allows them to develop trust and legal issues into a positive experience of care for customers.
“I am personally very excited that we are building a business that focuses on protecting, not exploiting personal data,” continues Amico. “I also believe that, every day, more and more companies are understanding that protecting the privacy of their customers is good for their business. I hope to see more people, including your readers, taking an interest in what we do at Privacy4Cars, downloading our app for free to protect themselves. If they are in a position of power or influence that they will consider the legal and reputational benefits of using a tool like ours.”