The Expert Podcast

So, how much information can be extracted from a vehicle to get evidence about a driver or user of the vehicle? This comes up a lot with questions about vehicle telematics, and if you have a car that's being used by somebody else or a vehicle that actually has some evidence in it, people a lot of times want to know what your vehicle is doing to spy on you. Well, we're going to take a look at one example, which happens to be from Nissan. Now, we're not picking on Nissan; we're not saying they're doing anything different than anybody else. These privacy notice terms and conditions are very similar to those of many other vehicle manufacturers, and they say that they collect this information for certain reasons. We collect personal data and non-personal data about your vehicle and you from our platforms and services, as described below. We're going to take a look at those. What can they collect? You're going to be very surprised at what a vehicle knows about you and what it can find out about you.

First, it starts with data. What information does it collect? Contact information (name, email, phone number), geolocation from your connected vehicle (so that is where you're located; that's on GPS), even if your vehicle isn't a connected vehicle, your device is connected to the vehicle through Bluetooth, and it could be inferred from your IP address and your postal code. So, even if your vehicle is not an advanced vehicle that has a lot of telematics in it, if you connect your vehicle to the infotainment system, it can figure out where you are from your IP address and from your phone. Social security number, service or warranty information, employment information, and the like. So, how else do they get information to connect with everything else? When you purchase a vehicle, they have your name and address, but if you post on social media, they're going to take that and connect it to the other data they have, so it builds a profile of you. If you sign up to receive emails, if you go to websites that use cookies, not just their website but even other websites, they will connect that to you. And it says that right here, "Nissan may also combine information it collects with data from other sources. We may combine information collected offline from the vehicle and combine it with third-party information." So, again, we're not picking on Nissan; many other manufacturers have the same parameters.

Here's where it gets good. Here's the kind of information they can collect: your vehicle's operation (including, without limitation, the VIN number, geolocation and navigation information, speed and distance information, driving habit and style, battery use for electric vehicles, diagnostic trouble codes, your use of vehicles and corresponding services, websites, and smartphone applications), vehicle status information like door locks, open doors, engine status, data about accidents the vehicle was in, airbags deployed, and many other parameters of that vehicle are tracked.

Now, what else can it put together? Well, first of all, Nissan may not respond to "do not track" beacons or tags; that means that if you put something on your computer or your phone to not be tracked, they might not respond to them; they might just say too bad; we're tracking you, allegedly. So, now let's take a look at the categories of information they collect and disclose. That's a key. Who do they disclose this to? Here are the categories, and let's look at the columns: the type of data, and then the last column is third parties to whom they're disclosed.

First is financial information (bank account, credit card, or debit card). Commercial information, including records of personal property, products that have been serviced, and tracking technologies. They can also track your internet or network activity, browsing history, search history, and information on a website, and they can provide that to service providers and marketing partners. They can make inferences drawn from any personal data to create a profile about a customer reflecting preferences, characteristics, psychological trends, predispositions, behavior, intelligence, attitudes, and abilities. They can make inferences by collecting and compiling this. What can they use it for? Service providers, marketing, and third parties for operational purposes. Here's the key word: "inferences." They can make their own inference; inference means basically an opinion. They can make an opinion about psychological trends, behavior, intelligence, abilities, and attitudes. Maybe even here's the big one: they can also collect and create sensitive personal information, including driver's license number, citizenship status, immigration status, race, sexual orientation, sexual activity, health diagnosis data, and genetic information. I'm pausing here for a minute to take that in. This is stuff they can collect and put together. Now, where do they get it from? Who knows? For service providers or affiliates, this is where they can send it, including for direct marketing purposes.

So, look, we're not picking on Nissan specifically; most manufacturers have these kinds of things. How long can they keep it? As long as necessary, disclosure of information may disclose this as follows: tells you where they can expose it; categories of personal data we sell or disclose for advertising identifiers; commercial information; products or services; geolocation data; they can sell your geolocation data; they can sell it if they want to. Inferences drawn, they can sell this; remember, we talked about those inferences for trends, behavior, and attitudes; they can sell that data disclosed for advertising; inferences drawn, so when you think that you're safe, secure, and private in your car, you're probably not. We do this a lot with investigations, gathering some of this information from a vehicle. Just be aware that your vehicle may not be as private, and also be aware that if you have information you need about a third party that may be gleaned from a vehicle and that the data may be available, that's something that may be part of an investigation. So, not only drive safely, but be careful inside your car because who knows what they're allegedly collecting from you?