Concerns about data privacy have gained traction in recent years, particularly in the healthcare sector. Clinicians and administrators are careful to protect patient privacy and meet legal obligations around data collection and consent. But outside the hospital or clinic, can you really trust your devices?
A recent investigation by an Australian consumer advocacy group, CHOICE, made some troubling conclusions regarding some popular car brands and how they collect and share ‘driver data’.
One or two of the brands even collect voice recognition data from the car’s interior, and sell it on to an artificial intelligence software training company. Choice found that Ford, Toyota, Mazda, and MG collect, and sometimes share, their customers’ data. Toyota is Australia’s leading car brand and it routinely collects vehicle location data and details such as acceleration, braking, and cornering information, according to Choice.
As usual, the devil is in the detail and Choice examined the privacy policies of many of the top brands, including whether they collect data from drivers, what they do with that information, and whether customers have the ability to opt in or out of data collection.
However, it seemed some of the brands were more extensive in their collection of driver information than others. Rafi Alam, Senior Campaigns and Policy Advisor at Choice, explained: “We discovered that Kia, Hyundai, and Tesla were the worst offenders when it came to protecting the privacy of their customers. Kia and Hyundai both collect and share voice recognition data with third parties, along with other information.”
If you drive a Tesla, best look away now. “Tesla takes it one step further, collecting ‘short video clips and images’ captured from the camera inside the vehicle, and shares some data with third parties,” Alam added. “The only three brands that don’t collect or share driver data in Australia are Mitsubishi, Subaru, and Isuzu Ute. The fact that these three are outnumbered by the seven other brands we looked at is highly concerning.”
That research was conducted in Australia. Closer to home, in January it was revealed that a major data breach occurred in Germany, which leaked personal data of some 800,000 drivers of electric Cupra, Skoda, Audi, and Volkswagen cars. Some of this data related to senior politicians and their locations and movements, so obviously security fears were ignited.
However, modern data concerns extend beyond the confines of the car and into the supposed privacy of your living room. For this, we must familiarise ourselves with the process of automatic content recognition (ACR). In short, this means that the system gathers information from an Internet-enabled TV. Not to bamboozle you with acronyms, but the Association for Computing Machinery (ACM) reported at the ACM Measurement Conference 2024 that the way ACR is currently used raises privacy concerns.
“The results showed that ACR not only takes screenshots of what the viewer is watching on live TV many times per second, but does the same when content is being played through an external device, such as a laptop, potentially allowing ACR to figure out what is shown on the external device,” University College London (UCL) reported. “Given that the refresh rate of many modern HD televisions is only 60 hertz (meaning that ACR could record the content being watched many times over), it is uncertain what else is being captured to necessitate such a high sample rate.”
Of course, TVs and Internet-connected cars are not the only culprits. The publication Which? reported that smart-speaker voice assistants, ‘smart’ security cameras, and even smart washing machines can also harvest your information.
Is there a chance that efforts to make patient data secure might be hampered by everyday devices that don’t adhere to the same standards of security as non-medical devices? Time will tell, and it should be noted that how your data is collected varies between different jurisdictions.
Connected devices are part-and-parcel of modern life. But it might not be a bad idea to read the small print under the ‘Privacy’ section, if only for your peace of mind.
But there’s a catch: UCL reported that “to fully consume all policies and T&Cs for the 23 brands we researched would mean ploughing through 199,905 words. At an average reading rate of around 250 words per minute, that would take 13 hours and 30 minutes to complete.” If you use Google Nest, you will need to read 20,000 words to get a handle on what’s being done with your data.
Time-saving devices, indeed!
Leave a Reply
You must be logged in to post a comment.