Privacy Insider Newsletter | Data Privacy News Delivered Weekly

The FTC Calls Out Automakers’ Privacy Practices

Written by Arlo Gilbert | May 23, 2024 2:00:00 PM

Hello all, and happy Thursday! 

In what is becoming a popular punching bag for privacy advocates, automakers are once again under fire. 

One of our stories this week focuses on a recent Federal Trade Commission (FTC) blog post, where the regulator warned automakers that it stands ready to act over the “surreptitious disclosure of sensitive information.” 

The warning isn’t without precedent—automakers have been criticized for their privacy practices for some time now. In a previous issue of The Privacy Insider, we talked about the Mozilla Foundation’s *Privacy Not Included buyer’s guide, which has featured numerous articles on the dearth of connected cars’ privacy protections. 

In essence, most connected cars track your data (including your geolocation!), sell your data, and make it very difficult to understand what they’re doing with your data or what your rights are.  

At Osano, we’re a big proponent of privacy for privacy’s sake; even if your behavior would be of little interest, you still shouldn’t have to put up with being spied upon. But when it comes to the usage of connected cars, you almost certainly don’t want your information tracked! Connected cars have been accused of selling/sharing data that could impact your insurance rates and tracking your movements to sensitive locations, such as medical providers. 

As more and more jurisdictions put data privacy regulations in place, one hopes that automakers will begin implementing stronger privacy-by-design practices than they have in the past. The FTC put it best: 

“The easiest way that companies can avoid harming consumers from the collection, use, and sharing of sensitive information is by simply not collecting it in the first place. When they are motivated to, all businesses—including auto manufacturers—are capable of building products with safeguards that protect consumers.” 

Best, 

Arlo  


Top Privacy Stories of the Week

Colorado Becomes First U.S. State to Enact Broadly Applicable AI Law 

Colorado Governor Jared Polis recently signed the Colorado Artificial Intelligence (AI) Act (CAIA), the first broadly scoped U.S. AI law. Similar to the EU AI Act, the CAIA takes a risk-based approach and focuses on high-risk AI systems. The Colorado Attorney General has exclusive authority to enforce and adopt rules implementing the CAIA, which takes effect on February 1, 2026. 

Read more 

Dell Hack: Personal Info of 49 Million Customers Allegedly Breached 

Dell is confirming a data breach that reportedly covers 49 million customer records. While Dell is confirming that a breach occurred, the scope of the breach hasn’t been confirmed. Dell reported that customer names, physical addresses, and hardware and order information were exposed in the breach, but not any financial information, email addresses, or telephone numbers. 

Read more 

Snapchat's AI Chatbot May Pose Privacy Risk to Children, Says UK Watchdog 

According to the Information Commissioner’s Office (ICO), Snapchat may have failed to properly assess privacy risks to children from its artificial intelligence chatbot. If Snapchat fails to adequately address the regulator's concerns, "My AI", launched in April, could be banned in the UK.  

Read more 

UK ICO Issues Guidance on Use of Biometrics 

Earlier this month the UK privacy office put a stop to several entities' use of facial recognition technologies and fingerprint monitors for their employees. The UK ICO, like many of its European counterparts, has issued guidance on the use of biometric recognition, which was released on the same day as the decision. In its guidance, the ICO outlines when and how companies can collect biometric information in compliance with UK privacy laws (and when they should not). 

Read more 

FTC Fires 'Shot Across the Bow' At Automakers Over Connected-Car Data Privacy 

The Federal Trade Commission (FTC) recently warned auto manufacturers that it is closely watching their data collection and sales activities, citing several recent enforcement actions that it suggested could apply to the industry’s practice of sharing sensitive car data with advertisers. The agency’s announcement emphasized that geolocation data sales in particular are subject to “enhanced protections” under the FTC Act. 

Read more 

UK Watchdog Looking Into Microsoft AI Taking Screenshots 

The UK ICO says it is "making enquiries with Microsoft" over a new feature that can take screenshots of your laptop every few seconds. Microsoft says Recall, which will store encrypted snapshots locally on your computer, is exclusive to its forthcoming Copilot+ PCs. But the ICO says it is contacting Microsoft for more information on the safety of the product, which privacy campaigners have called a potential "privacy nightmare". 

Read more 

Osano Blog: Vendor Assessments: The What, Why, and How 

Need to wrap your head around the ins and outs of vendor data privacy assessments? Check out our blog to learn what vendor assessments are, why you should conduct them, and how to do so efficiently and effectively. 

Read more 

If you’re interested in working at Osano, check out our Careers page