Rental Car Companies Make Just as Much Money Selling the Uploaded Phone Data of Rental Car Users

Confusion over what should happen to data uploaded from phones connected to infotainment systems in rental cars -- and who is responsible for deleting it -- could exist putting the privacy of customers at chance.

A new report suggests it is not clear who is responsible for protecting the information that tin be uploaded from smartphones when they connect to in-car systems. This data can include the location and contents of the smartphone likewise equally the user's dwelling accost, and it is often stored in the connected infotainment system and is not deleted.

Privacy International rented a series of internet-connected cars from vehicle hire and auto sharing firms and found that non only was information about previous drivers collected and retained in the infotainment organization, the system too contained past locations the vehicle had travelled to and could place previously connected smartphones.

"In nearly of them there were between five and x different telephone identifiers. When you lot connect to the Bluetooth, it will store your identifier," Millie Graham Woods, solicitor and legal officer at Privacy International, told ZDNet.

"We besides looked at the navigation systems: a lot of locations were stored. Places people had driven to y'all could possibly link up with their name and drive there," she added.

Cars were rented from hire companies including Sixt, Enterprise, National, Zipcar, and Thrifty, while models tested included the Audi A3 and the Nissan Qashqai. Privacy International warns that not enough is beingness done to ensure that user data is protected, with rental firms suggesting it falls on the user to delete the data.

"The unanimous responses were, not only is it the individual's responsibleness to delete their information when they render the rental automobile, the individual is further responsible for informing other passengers who connect their devices to the motorcar that their data is beingness stored on the machine, and not necessarily deleted," said the What Happens To Data On Rental Cars? written report.

According to Privacy International, there's no agreement over if the manufacturer or the hire firm is the data controller.

Connecting your phone to a rental car could put your data in the hands of other people.

Image: iStock

"That's a business: if you don't know who can access it or know who the data controller is, how can you assert your data protection rights when you want that data removed?" said Graham Woods.

One rental company, Thrifty, said it was creating an internal policy on deleting commuter information every bit role of GDPR, while Sixt too said information technology is working on a policy to cover users and is committed to all matters GDPR.

Come across also: What is GDPR? Everything you need to know near the new general information protection regulations

Enterprise told Privacy International it's the responsibility of the users to ensure the data is deleted from the infotainment system.

"Information technology is the vehicle user's choice and responsibleness to use and remove data via the infotainment options available in each vehicle," the visitor said in a statement.

"Nosotros cannot guarantee the privacy or confidentiality of such information, and yous must wipe it before yous return the Vehicle to us. If you practice not exercise this, the next users of the Vehicle will be able to access this information," Enterprise added.

A spokesperson for Enterprise Holdings -- which incorporates Enterprise, Alamo and National -- told ZDNet: "Enterprise welcomes all attempts to highlight the challenges associated with the employ of infotainment systems in rental vehicles and hopes that the Privacy International written report will assist in moving that fence forrad."

Most of the companies involved say the rules on deleting user information are in the terms and weather condition for the car rent, but according to Privacy International, these aren't made clear to users -- and their passengers.

"They lacked any form of detail, whatsoever form of clarity, and the text was then pocket-size. People don't realise that if you're driving with friends and one connects their Bluetooth to the car, you're actually responsible for drawing their attention to the terms of weather condition -- and no one would do that," said Graham Wood.

Privacy International notes that while some cars announced to requite the drivers the power to perform a 'factory reset' of the machine, in some instances the choice is difficult to locate and is also non clear on what data will be deleted.

When approached to offer comment on the situation, Nissan said information technology was up to the auto hire company or the client to clear information, and that as manufacturer, Nissan doesn't have access to the internal systems of a motorcar which isn't fully internet-connected.

"As this is a rental company fleet vehicle, Nissan does not have access to or control of a vehicle to deport out such reset after each rental customer and would await the client or rental company to carry out whatever necessary resets," the company said in a statement.

"What needs to happen immediately is that car rental and motorcar sharing schemes demand to completely review how they arroyo this data and to provide very clear instructions to drivers. But they besides need to do information technology themselves: the onus shouldn't be left on the customers - in the same way a auto is cleaned, the data should be wiped," said Privacy International's Graham Wood.

"A lot of thinking needs to proceed past both rental firms and auto manufacturers about how they manage data and the duty of care they accept to their customers."

In response to the research, a Zipcar spokesperson told ZDNet: "At Zipcar we care for the security of our members' personal information seriously and are putting the necessary safety measures in identify that will ensure we are ready for the GDPR regulations coming into force in May 2018."

In an e-mail to ZDNet, a Sixt spokesperson said: "The rental of Sixt complies with the current legal regulations regarding data protection. With regard to the new regulations in the coming year, Sixt volition of course ensure that they are fully complied with.

"Furthermore, Sixt would similar to point out that a customer tin can decide at any time which data he/she wants to release in the vehicle and tin delete it at any fourth dimension."

Enterprise Holdings said they're trying to help customers keep their data safety and secure. "To effort and address this issue, nosotros are proactively looking at different options to develop engineering and procedures that could assistance with wiping this infotainment data. In improver, we are also currently working on a campaign to brainwash consumers well-nigh syncing phones to the rental vehicle," a spokesperson said.

The Information Commissioner's Office told ZDNet that it is enlightened of the written report and "will be considering whether the issues raised demand to be looked at further."

ZDNet has attempted to contact every rental firm and car manufacturer mentioned in the report.

Recent and related coverage

From A to B with Amazon and Apple: Will car buying accept backseat?

As driverless technologies improve, cars will likely become more of a membership perk than objects of ownership.

Intel and Ericsson 5G continued cars trial attains 1Gbps speeds

Intel, Ericsson, Toyota, Denso, and NTT DoCoMo accept announced attaining speeds of 1Gbps down and 600Mbps up while streaming 4K video from a connected vehicle across a 5G trial network in Japan.

Waymo to test self-driving cars in Michigan'due south winter weather

To accomplish full, Level 5 autonomy, vehicles need to be able to handle all of the environmental weather condition a homo tin can.

READ MORE ON CYBERSECURITY

• Ransomware's side by side target: Your car and your home
• Smart gadgets need security. Startups, that's your cue [CNET]
• How secure is your car? Unpatchable flaw lets attackers disable safety features
• Why laws regulating democratic vehicles are needed at present [TechRepublic]
• Cocky-driving cars vs hackers: Can these eight rules cease security breaches?

sorrellthip1991.blogspot.com

Source: https://www.zdnet.com/article/connected-cars-what-happens-to-your-data-after-you-leave-your-rental-car/

Share this post