feature article
Subscribe Now

Your Car: 25 GB/Hour of Personal Data

Otonomo Makes it Their Business to Track, Sell Your Whereabouts

What defines creepy? Is it a dark abandoned house with creaking floors and a history of mayhem? A doll with eyes that seem to follow you? A backwoods loner with a chainsaw? 

Or is it your car? Your car takes you to work, to your friends’ houses, to your favorite vacation spots, and back home again. It goes everywhere with you — or you with it. It’s your closest companion, along for every ride, every adventure, and every misadventure. So what would happen if this close companion blabbed to a stranger about absolutely everywhere you’ve been together? 

Too late: it already has. 

Unbeknownst to most of us, many new cars now stream gigabytes of real-time data up to the cloud, where it’s collected, collated, aggregated… and sold. Up to 25 GB/hour of automotive data gets collected and shipped off from new cars by BMW, Mitsubishi, Chevrolet, Mercedes-Benz, Nissan, Cadillac, Renault, Dodge, and others. More than 40 million new cars are already sharing their owner’s travel activities, with tens of millions more joining the club every year. 

What kind of data? It’s a long list, including GPS coordinates, vehicle type, speed, odometer reading, entertainment media choices, outside temperature, accelerator and brake pedal pressure, turn signal status, steering wheel position, oil level, fuel level, tire pressure, seat belt status, lateral g forces, and much more. In all, 50–80 separate items are measured, recorded, and sent to someone else. 

Surprised? Creeped out? Or unconcerned? 

Let’s look at an example. Without spending a dime, you can obtain thousands of data points recorded from cars operating in your choice of region (city, state, or country). The data is anonymized, in the sense that it doesn’t include drivers’ names, but that hardly makes it anonymous. As this Motherboard article points out, location data alone is enough to pinpoint someone’s home (i.e., where is the car parked every night?) and their workplace (where is it parked during business hours?), as well as their friends, favorite restaurants, doctor visits, recent movies, and much more. Given all of that, filling in the owner’s name is trivial. 

Some automakers collect this data themselves, but most of the big names farm out their data collection to an independent Israeli company called Otonomo. The company says it has OEM agreements with 16 large automakers (including those named above), amounting to more than 40 million cars globally. The amount of data collected varies by car, ranging from 50+ parameters for cars made by Stellantis (that is, Dodge, Chrysler, Jeep, Ram, Fiat, Peugeot, Alfa Romeo, Maserati, and others), to over 80 data points for Mercedes-Benz vehicles. In all, the company says it collects a whopping 4.3 billion data points per day

Why would Otonomo collect all this data? To sell it, obviously. Customers include insurance companies, advertisers, automakers, law enforcement, municipalities, financial institutions, and even the military. Said customers pay Otonomo $15–$25 per car per year, or $30–$100 per million data points per year, according to this corporate investor presentation

The company’s mission statement proclaims, “We harness the immense potential of automotive data by allowing thousands of organizations across a broad range of end markets to seamlessly access, explore, analyze, and unlock the full data potential” and to “provide new monetization avenues for OEMs…” 

“Thousands of organizations?” Yikes. Otonomo estimates the revenue potential from “car data monetization” will reach at least $450 billion, and maybe $750 billion, by 2030. 

Until recently, Otonomo even offered a free trial to anyone with an email address. (Now the company says it requires a phone call and “additional vetting.”) As one reporter figured out, it was easy to sign up for multiple free trials and aggregate the data to provide an even clearer picture of the unsuspecting participants in his experiment. 

Otonomo says that its data is all scrubbed and anonymized, and that users (meaning drivers) must consent to the data sharing beforehand. But such “consent” often amounts to a click-through agreement on the car’s GPS screen. No consent, no navigation or radio. Sometimes having a cell phone in the car amounts to consent (check your carrier’s service agreement). 

There are admittedly some fairly benign uses for such data; ones that might actually benefit drivers instead of monetizing them. A low oil reading, for example, might trigger an email warning. Oh wait… cars already have dashboard “idiot lights” for that. Same goes for high coolant temperatures, low fuel level, low tire pressure, high engine RPM, excess speed, and other potentially damaging conditions. In short, drivers over the last hundred years have had all the information they need to drive and maintain their own cars. 

Otonomo’s terms of service includes a stern finger-wagging admonishing their clients not to ”…derive, or attempt to derive, either directly or indirectly, the identity of an individual…”. Yeah, that ought to keep the stalkers away. The company’s website also includes an opt-out link for consumers, but ironically enough, it requires you to create an account and identify your vehicle. All of which assumes that car owners even know to look for the Otonomo website. 

Drivers and car owners don’t usually, if ever, sign an agreement directly with Otonomo. Any consent is typically buried in amongst the paperwork with the car dealer, automaker, rental company, or leasing agent. They, in turn, might have an agreement with Otonomo, which is motivated to sell the data to anyone they like. Nobody in that chain has an incentive to clarify the situation, while Otonomo has every incentive to offer the data to “thousands of organizations.” 

We’ve already seen how cameras can legally record every car’s whereabouts and derive sensitive personal information from that. Now we can skip the camera; the car itself will rat you out if you’re dodging work. The world’s privacy ends not with a bang but a whimper.

2 thoughts on “Your Car: 25 GB/Hour of Personal Data”

Leave a Reply

featured blogs
Mar 27, 2023
Spectre EMIR, the simulation engine inside Voltus-XFi, provides the IR drop and EM current analyses. In reviews of the reported customer problems, it turns out that many Spectre EMIR problems can be avoided by proper preparation and setup. The most common problem Spectre EMIR...
Mar 23, 2023
Explore AI chip architecture and learn how AI's requirements and applications shape AI optimized hardware design across processors, memory chips, and more. The post Why AI Requires a New Chip Architecture appeared first on New Horizons for Chip Design....
Mar 10, 2023
A proven guide to enable project managers to successfully take over ongoing projects and get the work done!...

featured video

First CXL 2.0 IP Interoperability Demo with Compliance Tests

Sponsored by Synopsys

In this video, Sr. R&D Engineer Rehan Iqbal, will guide you through Synopsys CXL IP passing compliance tests and demonstrating our seamless interoperability with Teladyne LeCroy Z516 Exerciser. This first-of-its-kind interoperability demo is a testament to Synopsys' commitment to delivering reliable IP solutions.

Learn more about Synopsys CXL here

featured chalk talk

Enable Sustainable Enterprises of the Future
Did you know that buildings are responsible for 40% of global energy consumption and 33% of greenhouse gas emissions? One way we can help both modernize and increase sustainability in our buildings is by adding 10BASE-T1L to our building controllers. In this episode of Chalk Talk, Amelia Dalton chats with Salem Gharbi from Analog Devices about how we can enable sustainable enterprises with ethernet connected building controllers. They examine the10BASE-T1L flexible design solutions that Analog Devices offers, how exiting?building infrastructure can take advantage of 10BASE-T1L and how you can get started on your next sustainable enterprise journey.
Dec 20, 2022
13,078 views