Low levels of data protection and consumer privacy in the automotive sector
18.9.2023
Question for written answer E-002684/2023
to the Commission
Rule 138
Kosma Złotowski (ECR)
Mozilla’s ‘Privacy not included’[1] report shows that modern cars pose a threat to users’ privacy. According to the foundation, none of the 25 popular brands analysed comply with data protection requirements. Instead, they all collect vast amounts of sensitive information about the driver’s ethnicity, health, weight or facial expression. The collected data are poorly protected, and long and vague privacy policies help manufacturers keep customers in the dark about possible abuses.
- 1.What is the state of play of work on the Commission’s announced legislation on access to data in the automotive sector[2], and does it also intend to regulate the scope of the information collected by car manufacturers so that it does not go beyond the minimum necessary?
- 2.Does the Commission have its own studies confirming the described scale of car manufacturers’ activities in violation of Directive (EU) 2016/679[3] in relation to data collection, storage and processing and, if so, what does the Commission intend to do to strengthen the level of privacy protection for users of connected and autonomous cars and to minimise cybersecurity risks?
- 3.No less than 22 of the car brands surveyed have signed up to the Automotive Consumer Privacy Protection Principles[4]. In the Commission’s view, can creating the impression of concern for consumer privacy, when it is absolutely not respected, be considered a misleading practice for consumers, and are awareness-raising measures planned to protect against the unfair collection and use of sensitive personal data by Internet of Things (IoT) products, including cars?
Submitted: 18.9.2023
- [1] https://foundation.mozilla.org/en/blog/privacy-nightmare-on-wheels-every-car-brand-reviewed-by-mozilla-including-ford-volkswagen-and-toyota-flunks-privacy-test/?fbclid=IwAR0IWFu3hYLjVreiHzw3ugEFGL69idIvpQXZi28mMAUi-ikalHVERFTFLLA
- [2] https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52020DC0789
- [3] https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679
- [4] https://www.autosinnovate.org/innovation/Automotive%20Privacy/Consumer_Privacy_Principlesfor_VehicleTechnologies_Services-03-21-19.pdf
Last updated: 26 September 2023