Comment by isodev
11 hours ago
It was totally predictable, unfortunately.
At least in the EU it’s quite illegal and even if a car maker slips something in, GDPR is always there so one can request a copy and have it deleted. Wish the regulation was even stricter though.
At the same time, EU mandates that new cars must have a system able to call help if it detects a crash with the driver not responding... And I suspect most manufacturers will argue that telemetry data are not PIIs until taken to court, so since they have to put a cellular connection anyway, why not use it?
When Cariad had a data leak, they were really quick to point out that no payment information had been leaked. That really shows how little they understand about PII. Screw the payment information, I'll just cancelled that card and get any abused funds refunded by my bank, that's not neither my problem nor my concern.
For some strange reason most companies do not understand the inherent danger of having e.g. location data and behavioural patterns leaked. That's much much worse than you stupid debit card number.
There is a very clear definition of PII so I don’t see this being a problem
There is:
a) Zero trust in the car manufacturers to really respect GDPR
b) Zero repercussions for actually stealing my PII. Okay, maybe VW will pay a minuscule fine, but they won't
The GDPR is a joke. It does not prevent the real problem (data collection). Tech companies can in principle be fined for misusing your data, but most companies won't get caught or will simply pay the fine.
GDPR is useful because it defines what must be protected (or avoided). It’s straightforward to do the right thing as a company.
To make it stricter or pack a bigger punch, there needs to be stronger mandate for such legislation. And we live in interesting times… wars, previously democratic allies disintegrating, useless right wing or russia-aligned governments and MEPs, etc…
So yeah, could be better but all you and I can do is talk to our MEPs, help inform people outside tech, vote this way and hope enough people share the concerns
How does this work with Europeans who are not based in GDPR regions? As far as I know, they still count, are these systems collecting data about them illegally?