Schumer seeks FTC probe of OnStar privacy policy

Computerworld - GM subsidiary OnStar's plan to collect and share GPS tracking and other data from vehicles even after their owners stop subscribing to its service has prompted an outcry from some lawmakers.

Senator Charles Schumer (D-NY) on Sunday called OnStar's policy change a "brazen, almost unheard-of" privacy invasion, and called on the U.S. Federal Trade Commission to investigate it.

In a letter to FTC chairman Jon Leibowitz, the senator expressed alarm at what he termed as the dramatic changes announced by OnStar. "These changes put consumers at risk for having sensitive personal data collected and shared without their knowledge," Schumer wrote.

Schumer is the third Senator to protest OnStar's policy change in the recent days.

Last Wednesday, Sens. Al Franken (D-Minn.) and Chris Coons (D-Del.) sent a similar letter to Linda Marshall, president of OnStar.

"OnStar's actions appear to violate basic principles of privacy and fairness for OnStar's approximately six million customers," the senators wrote. "We believe that OnStar's actions underscore the urgent need for prompt congressional action to enact privacy laws that protect private, sensitive information like location."

OnStar, which provides in-car communication services to millions of consumers, last Monday announced the update to its privacy policies. Under the new policy, OnStar said it will continue to collect GPS and other vehicle-related data from cars even if the owners no longer are subscribed to the service.

Unless the vehicle owner calls OnStar and specifically asks for the data connection to their vehicles to be deactivated, data about their vehicles will continue to be collected, the company said.

The vehicle-related data that OnStar collects includes diagnostic error codes and odometer readers, crash information, airbag deployment data, seat belt usage data and information on any mobile device that may have been paired with the vehicle.

The updated privacy policy allows OnStar to share the collected data, in what the company claims will be anonymity, with third parties and business partners.

"We may share or sell anonymized data (including location, speed, and safety belt usage) with third parties for any purpose, which may prove useful for such things as research relating to public safety or traffic services," the updated privacy policy notes.

"It is important that you convey this to other drivers, occupants, or subsequent owners of your vehicle," OnStar said.

In their letter, Franken and Coons urged OnStar to reconsider its decision and expressed skepticism over OnStar's promise to anonymize data before sharing it with others.

"OnStar's assurances that it will protect its customers by "anonymizing" precise GPS records of their location are undermined by a broad body of research showing that it is extraordinarily difficult to successfully anonymize highly personal data like location," the senators noted.

Franken, chairman of the Senate Judiciary Subcommittee on Privacy, Technology and the Law has proposed legislation that would make it tougher for companies to collect GPS location data. The Location Privacy Protection Act would require that companies obtain permission from customer before collecting their location data.

OnStar could not be reached for comment.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Read more about Privacy in Computerworld's Privacy Topic Center.