Associate Professor Katherine Kemp, UNSW Law & Justice has published the first in-depth analysis of privacy terms relevant to connected cars in Australia with highly concerning findings. These are set out in the report and include that manufacturers, importers and dealers in many cases:
- fail to appreciate the seriousness of privacy and security threats presented by connected cars, based on the form and substance of the privacy terms presented to consumers;
- fail to recognise the full scope of personal information protected by the Privacy Act, likely giving rise to non-compliance and increased privacy and security harms;
- claim that certain information “does not, on its own, personally identify” the consumer and that they can use this for “any purpose”, when in fact this may be personal information about a reasonably identifiable individual having regard to other available data and resources, including artificial intelligence (AI) systems;
- create massive obstacles to consumers attempting to discover, understand and compare the relevant privacy terms, including redirections to multiple documents, missing terms, unhelpful interfaces, and substantial errors in published policies;
- inappropriately or even unlawfully collect additional personal information about the consumer from data brokers and similar businesses and disclose personal information collected from connected cars to data brokers, digital platforms, ad tech suppliers or AI developers;
- grant themselves open-ended permissions to use personal information collected via connected cars for “marketing”, “product development” and “research” purposes;
- make vague references to providing personal information to insurance companies, without specifying limits on these disclosures to ensure that insurance companies do not repurpose this information against consumers’ interests; and
- regard themselves as entitled to assist various government and law enforcement agencies by disclosing customers’ personal information in the absence of any legal obligation, with one brand even indicating in the fine print that data would be used for surveillance of “suspected improper activities”.
Associate Professor Kemp calls for the immediate attention and guidance from the privacy regulator and highlighting the urgent need for privacy law reform in Australia. Access the full report here