Advertencia: *Privacidad no incluida con este producto
Chevrolet -- Chevy for short -- is an American car brand owned by parent company General Motors. Founded in Detroit, Michigan back in 1911, Chevrolet has a long history of building cars like the iconic Corvette and the legendary half-car, half-truck El Camino. Today, Chevrolet models include the Blazer, Suburban, Silverado, Malibu, and their EV Bolt. The myChevrolet app let's users do remote car things like start and stop, lock and unlock your car, honk the horn, and check and see how much gas you have left in the tank. General Motors and Chevrolet also offer OnStar connected services (OnStar is the OG connected car service, first offered way back in 1996) for things like automatic crash response and stole vehicle assistance. So, how is Chevrolet, the OnStar connected services, and General Motors at privacy? Welp, they aren't great, unfortunately.
¿Qué podría pasar si algo falla?
If your idea of a good time is to search out and read many, many, many various privacy statements, well, Chevrolet's parent company General Motors' privacy landscape is for you! (At least for folks in the US, you Europeans have it a bit easier). At least six separate privacy statements for folks in the US was our count. That includes their General Privacy Statement, their OnStar Privacy Statement, their US Connected Services Privacy Statement, their Privacy Statement for Application Services, the OnStar Guardian Privacy Statement, and their California Privacy Statement (which, pro tip for folks who don't read privacy policies for a living: if you only have time to read one privacy statement, read the California one as California's strong privacy law known as CCPA, requires companies to disclose more of what they are collecting on you, who they are sharing it with, and for what purposes than anywhere else). Yeesh GM! Maybe take a little of that money you have and build folks a nice, easy to navigate privacy hub. Just a suggestion. (Also, we linked to all these privacy documents below so you don't have to search for them)
Anyway, after reading though all those lovely privacy statements, what did we learn about GM's privacy? Well, we learned it's not great.
Here's the thing. GM really, really wants you to connect to their cars with your phone and use their connected services. It makes them money, so of course they want that. In fact, earlier in 2023 they started adding $1,500 onto the sticker price of some GM cars for three years of their OnStar and Connected Services Premium Plan. They call this an "option" on the sticker, but turns out, it's really not much of an option. Car buyers don't have a choice but to pay that $1,500 for the OnStar connected services "option" and even if they choose not connect and use the OnStar connected service, they still have to pay that $1,500. One article we read called this a "forced option" and well, that doesn't sound like much of an option to us. On top of that, OnStar's privacy policy says they collect a whole lot of personal information and car data on you and use it for things like marketing and more. Even worse, it seems GM and OnStar have a fairly close relationship with law enforcement and government, including the US's ICE (Immigration Customs Enforcement) agency. It has been reported they turn over location data to law enforcement often.
And GM does say they can collect a whole lot of data on your through your car, the myChevrolet app, and those OnStar connected services. Their privacy policies say they can collect everything from your name, address, geolocation data, characteristics such as age, race, color religion, medical conditions, physical or mental disabilities, sex, gender identify, pregnancy, medical conditions, sexual orientation, genetic, physiological, behavioral, and biological characteristics such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data, audio, electronic, visual, thermal, olfactory, or similar information. Sooo much information. And that's just the information they say they might collect about you. Then there's the information they say they can collect on your car and driving habits, including license plate number, vehicle identification number (VIN), geolocation, route history, driving schedule, speed, vehicle direction (heading), audio or video information such as information collected from camera images and sensor data, voice command information, and infotainment (including radio and rear-seat infotainment) system and WiFi data usage. Like we said, sooo much information.
But wait! There's more (there's always more). They add (as nearly all car companies do) that they can take the personal information they collect on you and us it to draw inferences about you "reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes" for things like marketing purposes. Yikes! Do we really need GM drawing inferences about our intelligence and abilities to determine how to market things to us? Sounds like a bad idea.
Another thing that concerns us is the issue of consent. Just when do you consent for GM to collect all this data? Is it when you buy the car (because we're pretty sure no one is reading privacy policies then). Perhaps when you connect your phone to your car? Yeah, most people probably aren't reading privacy policies then either. We read an article where a GM executive states, "Nothing happens without customer consent." But what does that consent really look like? Remember, it took your intrepid privacy researchers a full day to try and sort through GM's many, many privacy policies. Are consumers really understanding what they sign up for when the buy a car with OnStar or download and connect the app? We'd sure like to see GM (and all car companies) make sure consumers actually understand all the personal information and car data they are collecting and give consumers more ways to. opt-out, control, and change what data is collected on them from these connected computers on wheels.
And what if you want to get all that data GM has on you deleted? Well, you're probably out of luck. Unless you live somewhere with strong privacy laws like California's CCPA or Europe's GDPR. If you don't live there, you probably won't have much success getting GM to delete your data. In fact, on the myChevrolet app Google Play Store Data Safety page, they admit, "Data can’t be deleted: The developer doesn't provide a way for you to request that your data be deleted." Not cool GM, not cool.
All this, and GM's track record of protecting and respecting all that personal information isn't exactly spotless (which you kinda want to see when a company collects so much personal information on you). In 2022, GM reported a significant data breach that exposed the personal information, including name, address, saved favorite location, and search and destination information, of some of their customers. So yeah, they collect a ton of data, might not let you delete that data they collect on your, hold onto that data for likely as long as they want, and then might not even do a great job of protecting that data. Nice!
What's the worst that could happen as you drive around in your Chevy with OnStar and the myChevrolet app? Well, based on reports of how OnStar location and other information is shared with law enforcement and government to track people, that gets kinda scary to think about if you live in a US state that bans abortion and wants to track people traveling to other states for their reproductive health care. That's bad. Or if you live in a country where the government could decide they want to track you down for any reason at all. That's also bad. Thinking about the potential for government tracking and controlling of any connected car -- not just GM's -- can get scary fast. Here's hoping regulators step up soon and work to put measures in place to protect people from all this data collection and potential tracking.
Consejos para protegerte
- Opt out of the 'Sale' of your personal information. To do it, visit consumerprivacy.gm.com
- Opt out of the “Sharing” of Your Personal Information for cross-contextual
behavior advertising. To do it, visit consumerprivacy.gm.com - Opt out of Automated Decision-Making Technology. To do it, visit consumerprivacy.gm.com
- Do not give consent to tailored advertisement.
- Opt out from selling of your personal information, as well as from Cross-context Behavioral Advertising.
- Always do a factory reset on your car before selling or trading it away to wipe your data clean and disconnect the app.
- Before reselling your car, make sure to notify the company
- When buying a used car, always make the previous owner removed their connected account and performed a factory reset.
- Always use strong passwords and set up two-factor authentication for apps and services that connect to your car
- Only give access to your data to trusted third-parties
- When connecting a mobile app to the car, make sure to minimize the amount of data collected through this app. You can use iOS or Android settings to limit the data collected through your phone.
- Opt out from your mobile device's location sharing.
- Do not use Amazon Alexa in your car if you are concerned about Amazon collecting that voice request information, IP address, and geolocation information and using it to target you with advertising.
¿Me puede espiar?
Cámara
Dispositivo: Sí
Aplicación: Sí
Micrófono
Dispositivo: Sí
Aplicación: Sí
Rastrea la ubicación
Dispositivo: Sí
Aplicación: Sí
¿Qué se puede usar para registrarse?
Correo electrónico
Sí
Teléfono
Sí
Cuenta de terceros
No aplica
¿Qué datos recopila la empresa?
Información personal
"Your name, postal address, telephone number, date of birth, e-mail address, screen name, account ID, customer number, login information, demographic data or protected classification information, gender, marital status, household composition, emergency contact information, information about the acquisition and financing of your vehicle, voice biometric information, audio or video information (such as information collected by sensors or cameras in the vehicle...) Vehicle- and driving-related Information: license plate number, vehicle identification number (VIN), mileage, vehicle status (such as oil/battery status, ignition, window, and door/trunk lock status), fuel or charging/discharging history, electrical system function, gear status, battery diagnostic and health, and diagnostic trouble codes, operational and safety related information: Information about the use of your vehicle, such as geolocation, route history, driving schedule, speed, air bag deployments, crash avoidance alerts, impact data, safety system status, breaking and swerving/cornering events, event data recorder (EDR) data, seat belt settings, vehicle direction (heading), audio or video information such as information collected from camera images and sensor data, voice command information, stability control or anti-lock events, security/theft alerts, and infotainment (including radio and rear-seat infotainment) system and WiFi data usage."
Información biométrica
Voice biometric data, voiceprints, physiological or biological characteristics, such as medical information collected to provide OnStar emergency services that you have requested.
Información social
¿Cómo utiliza la empresa estos datos?
¿Cómo puedes controlar el uso de tus datos?
¿Qué historial tiene la compañía en cuanto a la protección de los datos de los usuarios?
In April 2022, GM suffered a data breach that exposed customers personal information.
"The personal information of affected customers included first and last names, personal email addresses, home addresses, usernames and phone numbers for registered family members tied to the account, last known and saved favorite location information, currently subscribed OnStar package (if applicable), family members' avatars and photos (if uploaded), profile pictures and search and destination information. Other information available to hackers included car mileage history, service history, emergency contacts and Wi-Fi hotspot settings (including passwords). Apart from resetting their passwords, GM advised affected individuals to request credit reports from their banks and place a security freeze if required."
Información sobre privacidad infantil
¿El producto se puede usar sin conexión?
¿La información de privacidad es fácil de entender?
General Motors has a long list of various privacy policies to sort through and decipher.
Enlaces a información de privacidad
- Privacy Statement for Application Services
- OnStar Privacy Statement
- Privacy Statement for OnStar Guardian
- California Privacy Statement
- Legal Notice, Site Terms and Conditions, Privacy and Cookie Policy (Europe)
- RECHTLICHE HINWEISE, NUTZUNGSBEDINGUNGEN DER WEBSITE, DATENSCHUTZ- UND COOKIE-RICHTLINIE
- General Motors Privacy Statement
- US Connected Services Privacy Statement
¿El producto cumple nuestros estándares mínimos de seguridad?
Cifrado
We cannot determine if all data sitting on the car, including telematic data the car collects as well as data shared when you connect your phone sits encrypted, and if all collected data is encrypted in transit. We reached out to the company to attempt to determine this multiple times and received no response.
Contraseña fuerte
Actualizaciones de seguridad
Gestiona las vulnerabilidades
GM runs a bug bounty on HackerOne.
Política de privacidad
¿Es poco confiable esta IA?
¿Qué tipo de decisiones toma la IA acerca de ti o por ti?
¿La empresa es transparente acerca del funcionamiento de la IA?
¿Tiene el usuario control sobre las características de la IA?
Profundiza más
-
GM calls $1,500 OnStar plan optional — but new car buyers are being forced into itDetroit Free Press
-
Car buyers balk at monthly fees for add-on featuresAxios
-
These Companies Track Millions Of Cars—Immigration And Border Police Have Been Grabbing Their DataForbes
-
GM confirms it’s dropping Apple CarPlay and Android Auto from 2024 EVsArs Technica
-
GM Confirms It's Making $1500 Option Mandatory on Some New ModelsCar and Driver
-
GM Vowed To Make Money Out of Connected Services and It Now Forces OnStar on Its CustomersAutoEvolution
-
This California agency wants to know what happens to all that connected car dataTechCrunch
-
Your car knows too much about you. That could be a privacy nightmare.Mashable
-
What does your car know about you? We hacked a Chevy to find out.The Washington Post
-
GM studying artificial intelligence assistant that could answer driver questionsDetroit Free Press
-
General Motors credential stuffing attack exposes car owners infoBleeping Computer
-
US Car Giant General Motors Hit by Cyber-Attack Exposing Car Owners' Personal InfoInfosecurity Magazine
-
Privacy Battles: OnStar Says GM May Record Car's Use, Even if You Cancel ServiceABC News
-
Hackers Accessed Car Owners’ Personal Information in General Motors Credential Stuffing AttackCPO Magazine
Comentarios
¿Tienes algún comentario? Queremos escucharte.