17 October 2024

'Worst offenders' respond to claims their cars are spying on you

| James Coleman
Join the conversation
1
BYD Atto 3

Inside the BYD Atto 3 SUV, for a long time the Chinese brand’s best seller. Photo: James Coleman.

One of Australia’s most popular EV manufacturers has responded to claims it is sending data on its customers back to China.

BYD sold 12,500 vehicles across Australia last year and more than 15,000 between January and September this year.

But the Chinese manufacturer, distributed here by EV Direct, came under fire on all fronts last month for how it handled delicate information about its customers.

Many modern cars offer internet connectivity to run features such as voice command, GPS navigation and SOS systems that automatically phone emergency services in the event of a crash.

These collect information such as the car’s location and driver inputs – acceleration, braking and cornering – and in some cases, share this with third-party providers.

Last month, the US Government announced plans to ban Chinese-made software from cars on its roads over concerns for “national security”.

Australia has said it is “closely monitoring” the situation for now, but Shadow Home Affairs Minister James Paterson has questioned “how it is in our national interest for companies headquartered in an authoritarian state to … retain access to enormous amounts of data”.

READ ALSO This Fyshwick workshop is making waves across the world for what it’s doing to Isuzu trucks

A News.com.au article last month featured a BYD owner who claimed his car’s internal SIM “could be dialled by an external party, allowing audio from inside the vehicle to be transmitted to the caller without the driver’s knowledge”.

“In the video, the owner dials the car’s SIM number, and while audio from inside the vehicle is transmitted to their phone, there’s no visible indication on the car’s touchscreen or digital display that a call is taking place,” the article read.

“Even more concerning is that there appears to be no way to terminate the call from the vehicle.”

BYD Seal

BYD has confirmed no driver data is relayed to China. Photo: James Coleman.

Upon hearing the reports, EVDirect worked with Telstra, the SIM provider, to resolve the issue within 48 hours.

In response to questions, EVDirect CEO David Smitherman told Region: “BYD treats the protection of customers’ personal information with the utmost importance”.

“BYD stores that personal information in Australia, on secure Australian servers in compliance with Australian privacy regulations,” he said.

“Data is not collected from Australian BYD owners on how they drive or use their vehicle.”

Mr Smitherman confirmed BYD “does not transfer any customer data” to its Chinese headquarters, but as “standard in the automotive industry, some diagnostic data is shared with the manufacturer for warranty and the improvement of future technology”.

touchscreen inside the BYD Seal

The mega touchscreen inside the BYD Seal. Photo: James Coleman.

“This diagnostic data sharing complies with relevant legislation and regulations regarding the methods of transfer and anonymisation. These measures are in place to ensure the highest standards of data protection.”

He also addressed concerns over the BYD app.

Like many car makers from Toyota to Tesla, BYD offers a smartphone app that can be used to remotely lock or unlock the car and adjust the air-conditioning, but this is “optional”.

“We want to be really clear about this: BYD does not have the ability to take control of any vehicles sold in Australia, remotely.”

READ ALSO Sitrep: the Hyundai i30 N still offers the best bang for buck

It’s not just BYD, or the Chinese, embroiled in the software debate either.

Not-for-profit consumer advocacy organisation CHOICE wrote to 10 of the most popular car brands in Australia and “asked detailed questions about the data they collect, what they do with it and whether they allow consumers to opt in or out of their connected features”.

“We discovered Kia, Hyundai and Tesla were the worst offenders when it came to protecting the privacy of their customers,” CHOICE senior campaigns and policy adviser Rafi Alam said.

“Our investigation found Toyota, Ford, MG and Mazda also collect – and sometimes share – customer data.

“Toyota, Australia’s biggest car brand, collects both vehicle location data and information on a driver’s acceleration, braking and cornering behaviour.”

Tesla interior

Since the CHOICE report, Tesla has clarified it doesn’t collect audio voice recordings, only the transcription. Photo: James Coleman.

All of the surveyed car companies provided “opt-out” functions either through the display screen or on the app. But CHOICE argued this wasn’t clear enough and many “drivers are opted-in automatically when they buy a car or download the app and may not even know it’s happening”.

“The results of our investigation are a timely reminder that Australia’s privacy laws are woefully out of date, and certainly not fit for purpose in a market where cars are collecting and sharing personal information en masse,” Mr Alam said.

In Hyundai Australia’s response, seen by Region, the brand said it shared voice recognition data on an “aggregate and non-identifying basis” with Cerence, a third-party provider of automotive voice and AI products.

Hyundai said it may disclose personal information to third parties for reasons including “connectivity services” (such as Live Traffic), troubleshooting or “to conduct research and develop new and improved products, services, and business and marketing strategies”.

Hyundai Kona

Hyundai shares voice recognition data with AI tech company Cerence. Photo: James Coleman.

“At Hyundai, we take customer data protection very seriously, and implement robust measures to ensure safety and privacy,” the brand stated.

However, Dr Vanessa Teague from the Australian National University’s College of Engineering, Computing and Cybernetics told CHOICE that assurances biometric information could be shared in a de-identified manner was “complete baloney”.

“The idea that you can de-identify an image, or a voice is de-identified, it’s nonsense,” she said.

“What these car companies are doing is totally unacceptable. It should be illegal. These practices are good evidence that we need the Privacy Act updated or the Privacy Act enforced, because none of this should be acceptable in our country.”

Join the conversation

1
All Comments
  • All Comments
  • Website Comments
LatestOldest

This data collection should be seen in context. The phones and their apps in a vehicle are also busy collecting data and transmitting it multiple organisations. Phone users who are very good with privacy protection can limit this but evenand then some apps are likely to sending data about user behaviour etc.

So what vehicles may or may not be doing is just part of a bigger issue.

Daily Digest

Want the best Canberra news delivered daily? Every day we package the most popular Riotact stories and send them straight to your inbox. Sign-up now for trusted local news that will never be behind a paywall.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.