OnStar plans to collect data from customers that stop services an 'unheard of' privacy violation, U.S. Senator says
Computerworld - GM subsidiary OnStar's plan to collect and share GPS tracking and other data from vehicles even after their owners stop subscribing to its service has prompted an outcry from some lawmakers.
Senator Charles Schumer (D-NY) on Sunday called OnStar's policy change a "brazen, almost unheard-of" privacy invasion, and called on the U.S. Federal Trade Commission to investigate it.
In a letter to FTC chairman Jon Leibowitz, the senator expressed alarm at what he termed as the dramatic changes announced by OnStar. "These changes put consumers at risk for having sensitive personal data collected and shared without their knowledge," Schumer wrote.
Schumer is the third Senator to protest OnStar's policy change in the recent days.
Last Wednesday, Sens. Al Franken (D-Minn.) and Chris Coons (D-Del.) sent a similar letter to Linda Marshall, president of OnStar.
"OnStar's actions appear to violate basic principles of privacy and fairness for OnStar's approximately six million customers," the senators wrote. "We believe that OnStar's actions underscore the urgent need for prompt congressional action to enact privacy laws that protect private, sensitive information like location."
OnStar, which provides in-car communication services to millions of consumers, last Monday announced the update to its privacy policies. Under the new policy, OnStar said it will continue to collect GPS and other vehicle-related data from cars even if the owners no longer are subscribed to the service.
Unless the vehicle owner calls OnStar and specifically asks for the data connection to their vehicles to be deactivated, data about their vehicles will continue to be collected, the company said.
The vehicle-related data that OnStar collects includes diagnostic error codes and odometer readers, crash information, airbag deployment data, seat belt usage data and information on any mobile device that may have been paired with the vehicle.
"It is important that you convey this to other drivers, occupants, or subsequent owners of your vehicle," OnStar said.
In their letter, Franken and Coons urged OnStar to reconsider its decision and expressed skepticism over OnStar's promise to anonymize data before sharing it with others.
"OnStar's assurances that it will protect its customers by "anonymizing" precise GPS records of their location are undermined by a broad body of research showing that it is extraordinarily difficult to successfully anonymize highly personal data like location," the senators noted.
Franken, chairman of the Senate Judiciary Subcommittee on Privacy, Technology and the Law has proposed legislation that would make it tougher for companies to collect GPS location data. The Location Privacy Protection Act would require that companies obtain permission from customer before collecting their location data.
OnStar could not be reached for comment.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Privacy in Computerworld's Privacy Topic Center.
- Agility & Scalability for Oracle EBS R12 and RAC on VMware vSphere 5 This white paper outlines extensive performance and scalability testing of Oracle EBS applications on a Vblock™ Systems with vSphere 5.
- Oracle and VCE: The Next Step in Integrated Computing Platforms In this ESG Lab review you will learn how a VCE system driven by Oracle, delivers the perfect blend of high performance and...
- Migrate Oracle Apps from RISC/UNIX to Virtualized x86 Ready to move Oracle to a virtualized environment? This brief explains how true converged infrastructure can help you migrate from a RISC/UNIX environment...
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!