In recent years, big data generated while driving have transformed road vehicles and facilitated the development of autonomous cars and personalized services. However, these developments have raised concerns about the privacy of user data. In this work, we conduct a semi-automatic data-centric analysis of the privacy policies of sixteen mobile apps from different carmakers to identify the personal data collected by automotive companies, how they manage and protect user privacy, and the privacy risks posed by new vehicle features. Firstly, from the privacy policies, we retrieve information on how car makers deal with data management and, secondly, starting from the European privacy regulation GDPR, we create a framework to categorize the collected data in automotive. Then, we analyze the findings to single out possible common patterns among carmakers in data collection. Our results reveal that carmakers collect a relevant amount of users and vehicle information, but some privacy policies do not provide sufficient information on data management. Hence, our work with its framework can serve also as a foundation for future research on driver privacy and emphasize the need for clear and comprehensive privacy policies.
Data Collection in Automotive: A Deep Analysis of Carmakers' Mobile App Privacy Policies
Chiara Bodei;Marco De Vincenzi;Anna Monreale
2023-01-01
Abstract
In recent years, big data generated while driving have transformed road vehicles and facilitated the development of autonomous cars and personalized services. However, these developments have raised concerns about the privacy of user data. In this work, we conduct a semi-automatic data-centric analysis of the privacy policies of sixteen mobile apps from different carmakers to identify the personal data collected by automotive companies, how they manage and protect user privacy, and the privacy risks posed by new vehicle features. Firstly, from the privacy policies, we retrieve information on how car makers deal with data management and, secondly, starting from the European privacy regulation GDPR, we create a framework to categorize the collected data in automotive. Then, we analyze the findings to single out possible common patterns among carmakers in data collection. Our results reveal that carmakers collect a relevant amount of users and vehicle information, but some privacy policies do not provide sufficient information on data management. Hence, our work with its framework can serve also as a foundation for future research on driver privacy and emphasize the need for clear and comprehensive privacy policies.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
