Receive free Technology updates
We’ll send you a myFT Daily Digest email rounding up the latest Technology news every morning.
Some drivers and employees may be startled to discover what lies buried deep within the 9,500-word privacy notice of Nissan North America listing all the personal data the car company might collect. The categories extend to “race, national origin, religious or philosophical beliefs, sexual orientation, sexual activity, precise geolocation, health diagnosis data, and genetic information”.
Nissan says it might also draw inferences about psychological trends, behaviours, attitudes and intelligence. And it might share anonymised data with unspecified third-party service providers as well as using it for its own marketing and operational purposes.
Car companies nowadays boast they are as much in the software as the hardware business, building “computers on wheels” stuffed with cameras, microphones and sensors. That software can run useful services, such as route mapping, cruise control and the ability to stream “Mustang Sally” while speeding along the highway. But a report released this week by the Mozilla Foundation on the privacy policies of 25 car brands found the industry also operated an extensive side hustle selling data. “Modern cars are a privacy nightmare,” the report concluded.
From privacy notices that are never read to data-sharing practices that are never explained to patchy regulations that are rarely enforced, our data economy is a wicked mess. We do not expect to read a water company’s terms and conditions before we turn on a tap. Why should it be different with data? We can, and must, clean up the digital economy. Some neat ideas are now emerging around how to do so.
The Mozilla report exposes many of the flaws of the data economy, extending way beyond the car industry. One core principle espoused by regulators and industry associations is that companies should only collect the minimum data needed to run their services. All 25 car brands failed on that count. Nineteen stipulated they might sell data to third parties. The majority said they would also share such data with government or law enforcement agencies in response to a “request”.
Worse, most car companies offer only an illusion of user consent. Tesla, to which Mozilla gave the most privacy warnings, tells owners they can contact the company to stop it collecting data. But helpfully adds: “This may result in your vehicle suffering from reduced functionality, serious damage, or inoperability.” The industry’s terrible record for cyber security adds to concerns.
One powerful argument explaining how to seize back “the means of computation” is made by Cory Doctorow in his latest book The Internet Con. His top-down solution for encouraging real consumer choice and greater competition is to mandate interoperability between tech platforms, as enshrined in the EU’s Digital Markets Act.
So, for example, Facebook users face painful switching costs if they move to another social network because they would lose all access to their community and content. But in a fully interoperable world, users could easily transport their “social graph” (their network of relationships) to another service they prefer.
That may dovetail with attempts to build a safer internet infrastructure from the bottom up. One intriguing attempt to do so is Project Liberty, a $100mn not-for-profit initiative backed by the philanthropist Frank McCourt, which has released an open-source protocol allowing developers to build privacy-preserving apps and services. “Being able to access and control your own data is the core of the problem and our solution,” says Martina Larkin, Project Liberty’s chief executive.
Attempting to redesign an industry dominated by some of the richest and most powerful companies in history is a near-insurmountable challenge. Few believe that much is likely to change unless there is a sea-change in the public’s mentality and more Big Tech companies jump on board to support a US federal privacy law.
But Larkin suggests we might reach a tipping point if we see the mass manipulation of the 65 elections due to be held next year. In total, about 4bn people are eligible to vote in polls, including in India, the US, Indonesia, Mexico and the UK, amid fears that generative artificial intelligence could weaponise disinformation campaigns drawing on personal voter data. “AI is accelerating everything including the need for solutions,” Larkin tells me.
In the meantime, we should all read those infernal terms and conditions, lambast the car companies (and others) for their dreadful privacy standards, support safer data initiatives and press our legislators to promote competition.