People are starting to come to terms with the risks that the wireless connectivity in modern cars poses for privacy.
Last week, U.S. Transportation Secretary Anthony Foxx spoke out for the first time, expressing concern that consumer privacy is at risk. But he added that the government is not close to taking action, and that seems wise. This is a complex issue and a still-developing field, and additional disclosures on what's currently happening are bound to emerge.
It's time to think through the implications of a headlong technology rush into the combination of GPS navigation, wireless communication links and devices that tell drivers about nearby locations and services.
It will be hard to balance conflicting interests: the services and convenience consumers clearly want, companies' desire to combine and analyze the data collected, and consumers' determination to control their own data.
Ford Motor Co. CEO Alan Mulally wants privacy boundaries to be set by law. He's right of course.
And in-vehicle privacy is on Congress' radar. There may even be broad agreement on how to approach the topic. But this is the most dysfunctional Congress in memory, and privacy violations are easily politicized. Thus far, there's not much more than a hint of any proposed legislation in Washington.
A comprehensive approach may have to wait, but the automotive industry can't just sit still until then. Cars have always been associated with personal freedom. Any suspicion that owners' personal vehicles can spy on them or reveal their location to others is harmful to the auto industry.
Meanwhile, the Government Accountability Office has identified some trouble spots. In a study of 10 auto and services companies released this month, Congress' investigative arm found inconsistencies in how data are collected and shared that may threaten privacy.
The GAO didn't make recommendations, but the report is a good starting point for companies.
What should the industry do?
• First, make customer information absolutely safe.
• Next, examine the entire connectivity process, internally and through subcontractors, to assess vulnerability to hacking or misuse of data.
• Harmonize policies on how data are shared and how long information is used and retained.
• Tell customers what you do with their data. Don't collect or use data that customers haven't specifically authorized.
• And tell customers who is accountable in case of a breach and what the consequences will be.
All this may exceed whatever legislation eventually appears. But it's better to exceed customers' expectations than to fall short of what they'll accept.