This is a great article. I've wondered about that myself:
Forgetting about the smartphone data, many cars have a Navigation system, which means the car itself knows where you are. Is it being communicated in real time, or does the car at least remember?
I actually asked someone who works in car automation this very question, and he said it's really manufacturer-dependent.
The car manufacturers are hoping no one digs into this. So let's dig.
I just started with GM's OnStar. Here's an ominous paragraph in [1]:
If you sell or otherwise transfer your vehicle, it is your responsibility to delete all information (such as contacts, address look-ups, saved map addresses, or preferences) from the vehicle and contact us to transfer or cancel your account. If you do not delete this information, it may remain in the vehicle and may be accessible to future users of the vehicle. For instructions on how to delete information from your vehicle, please refer to your vehicle owner’s manual.
So apparently, if you look a place up (say, the motel where you and your extramarital partner meet), it stays with the car and/or your OnStar account.
> say, the motel where you and your extramarital partner meet
I understand, it’s privacy and stuff, but how does _this_ make a compelling argument? Is covering up that someone cheats on their spouse, beats their kids, and launders money, now some service provider’s responsibility?
many cars have a Navigation system, which means the car itself knows where you are. Is it being communicated in real time, or does the car at least remember?
GPS itself is entirely passive. The last position is definitely stored in the receiver to make it faster to acquire a position fix the next time it's turned on, but the question is whether that is sent outside the car. A standalone GPS unit of the type that people add as an aftermarket accessory, instead of being integrated, will almost certainly not be transmitting its location elsewhere.
Car makers are typically on the conservative side, and they aren't really in a position where their own data would be particularly valuable compared to that of other players.
What mostly happens is that data sharing goes both ways: for instance if your embedded navigation system shows live traffic data, your car is probably sharing its location upstream, which gets aggregated and anonymized according the legal framework and the terms between both parties.
You can do stuff with a car that you wouldn't be able to do with a smartphone, for instance using sensors to scan curbside parking, whereas Google needs to extrapolate street parking availability based on driving patterns. But I'm not aware of anyone doing that yet... I've only seen proofs of concept.
This is what I've seen. It also makes sense from a legal point of view (at least here in Europe) and more importantly, from a practical one. If you're Here or TomTom you want to provide good data and you need OEMs to share theirs in return. However keeping (or worse, sharing) events associated to VINs or other PII is just a liability.
My 2016 BMW 118d has a navigation system and a built-in SIM card. It is used in multiple instances (the listed ones): locating/locking/unlocking your car remotely (all optional), start an emergency call, updating the firmware and talking to a messaging server
I think what we're seeing here with you & @hocuspocus is: no one knows for sure what happens. We can make educated guesses.
If you were sitting on PII location data and no one knew you had it, you'd probably want to keep it that way. Going public would certainly get the authorities after you.
Forgetting about the smartphone data, many cars have a Navigation system, which means the car itself knows where you are. Is it being communicated in real time, or does the car at least remember?
I actually asked someone who works in car automation this very question, and he said it's really manufacturer-dependent.
The car manufacturers are hoping no one digs into this. So let's dig.