Carmakers already remotely collect data from their vehicles, unbeknownst to most drivers, according to Nate Cardozo, an attorney with the Electronic Frontier Foundation. "Consumers don't know with whom that data is being shared," Cardozo said. "Take Ford Sync, for example. In its terms of service, it says it's collecting location data and call data if you use Sync to dictate emails."
Location data about drivers is continually sent to manufacturers, which allows navigation systems to update users on traffic and weather conditions and offer other services such as remote payment for parking.
Location data has the potential to be used to advertise via either the infotainment system or any mobile device connected to it, sending pop-up messages about retail offers.
Dominique Bonte, a director at ABI Research, believes drivers should have to opt in before car companies can share data with any outside parties. Bonte pointed to GM as an example of why an opt-out model isn't good enough.
In 2011, GM's OnStar in-vehicle communications service began collecting data on users without permission. The strategy was designed to improve the OnStar service, but GM also shared that data with third-party suppliers.
"They failed to observe the most essential rule in privacy. They were forced to stop using the data," Bonte said.
Earlier this year, GM issued an OnStar privacy statement clarifying how it could use data collected from its in-vehicle service. The vehicle-related information it collects involves diagnostic data, odometer readings, estimates of remaining oil life, tire pressure calculations and information about collisions. It also includes driving information, such as vehicle location, speed, safety belt usage "and other similar information about how the vehicle is used."
As vehicle-to-vehicle and vehicle-to-infrastructure communications become more sophisticated, information will pass between vehicles and to government organizations.
"Not having knowledge that a third party is collecting that data on us and with whom they are sharing that data is extremely troubling," Cardozo said.
The National Highway Traffic Safety Administration is also working with automakers on regulations to oversee vehicle data transfers.
"As modern cars not only share the road but will in the not-too-distant future communicate with one another, vigilance over the privacy of our customers and the security of vehicle systems is an imperative," John Bozzella, president of Global Automakers, an industry trade association, said in a statement.
The automakers' principles leave open the possibility of deals with advertisers who want to target motorists based on their location and other personal data, but only if customers agree ahead of time that they want to receive such information, industry officials said in a briefing with reporters.
"Google may want to become an automaker, but we don't want to become Google," Mitch Bainwol, president of the AAM, said in a statement.
Sign up for Computerworld eNewsletters.