Attention : *Confidentialité non incluse avec ce produit
Dacia is a Romanian car company founded in 1966. In 1999, the company was sold to France-based Renault Group. Dacia sells most of its cars in Europe and Northern Africa. Models include the Sandero, Jogger, and Duster. Their Dacia Media Control app let's owners of Dacia connect their phone to their car and do things like navigate with Waze, find where you parked your car, and receive an alert if you forget your phone in your car. How is Dacia at privacy? Well, being a European-based car company covered by Europe's stronger privacy laws sure seems to help. As far as we can tell, they aren't so bad. Our biggest worry is that we couldn't confirm if they encrypt all the personal data stored on their cars.
Que pourrait-il se passer en cas de problème ?
What? A car company that doesn't seem completely terrible at privacy? Could it be? Could it be because it's a French-based car company that is governed by stricter European GDPR privacy laws and doesn't sell cars in North America where privacy laws are much more lax? We're guessing that is probably it.
Our biggest concern with Renault Group-owned Dacia is that we couldn't confirm if all the data the car collects is encrypted as it sits on the car. It could well be, we just couldn't confirm that and multiple emails to the privacy contact at Renault Group went unanswered, so we just don't know.
They do, like the rest of the car brands, collect a lot of personal information about you like your name, address, and your vehicle’s VIN number. They also collect data about your driving and what you do in your car: When you accelerate, pump the brakes, or use multimedia. They also record all your interactions and conversations with them. Again, for car companies, this level of data collection seems pretty standard.
They're a bit more vague than some of the other car makers about the actual data points they collect. In their UK Privacy Notice, they list the categories of personal data they can collect with a few examples usually followed by “etc.” We don't love that tiny word because it lets us know that we're only getting a sample and not a complete list. And, as privacy researchers, we're nosy as heck -- it’s our job! So for example, Renault Group collects “Data related to your personal and/or professional situation (family situation, socio-professional category, etc.)” Pretty vague! But also, c’est la vie (with most privacy policies)!
They do say that they will ask for your consent when your geolocation is collected. Great! But that’s something Renault Group must do to comply with Europe’s General Data Protection Regulation (GDPR). It’s the law. And that’s the thing about reviewing a European car brand. Like we mentioned, because the GDPR offers pretty strong privacy protections, any car company focused on Europe is going to have better privacy practices by default than brands serving countries, like the United States, with no federal data protection. On that note, you do have the right to get access to and delete your data. Woohoo! Thanks again, GDPR!
We feel that all that data Renault Group can collect about you when you communicate with them, sign up for their services, and purchase or drive their vehicles is more than enough. So we don't like that they can collect even more information about you “through other companies in our group or partners” even if they say they'll get your consent when they have to. That doesn't feel super in line with your commitment to data minimization, Renault Group. More on those commitments, Renault Group sometimes shares your personal information in ways that don't seem totally necessary, or in their words, for "explicit, legitimate and determined purposes." For example, they say then can share it with “[a]ny associated or connected motor manufacturer from whom we purchase or hire goods (and their group companies)” and "partners." It’s also not clear to us whether they will only share your personal data with law enforcement when they are legally obligated to, according to the language they use in their UK Privacy Notice.
We learned that some of the information Renault Group asks for is mandatory and some isn’t. The second kind is collected in the interest of “getting to know you better especially in order to send you personalized marketing information.” So if you're not interested in letting Renault Group get to know you like that, only fill in form fields marked “mandatory.”
In another tip of the hat to the protections of GDPR, Renault Group won't sell your personal data, like so many other car makers do. But that doesn't mean they're not in the data business. We can tell they're investing in big data and digital transformation through their partnerships with Google and IT consultancy, Atos. It does mean that they probably trade in aggregated and anonymised data which is not covered by the GDPR. We also like to point out that it can be relatively easy to de-anonymize those kinds of data sets.
Renault Group says that “Protecting your personal data is central to Renault’s values.” Aww, we love to hear it! Except we're not seeing too much to back that up besides obeying the law. It’s not looking amazing for one of the “good ones,” we know. Yet we still have one last beef (or should we say beouf?) with Renault Group. They're part of a strategic alliance with privacy-monster Nissan, one of the worst car companies we reviewed a privacy. What does that mean exactly for the fate of your personal data? Well, probably not much thanks to the strong legal protections in place. Still, given these companies’ cozy relationship, we’ll take it as a cautionary tale for what Renault Group might do if they could. Bravo, privacy laws! Finally, even though we're getting déja-vue writing this, it’s our duty to tell you that Renault Group, like all of the other car brands we looked at, comes with *privacy not included.
Conseils pour vous protéger
- Do not give consent to tailored advertisement.
- Opt out from selling of your personal information, as well as from Cross-context Behavioral Advertising.
- Always do a factory reset on your car before selling or trading it away to wipe your data clean and disconnect the app.
- Before reselling your car, make sure to notify the company
- When buying a used car, always make the previous owner removed their connected account and performed a factory reset.
- Always use strong passwords and set up two-factor authentication for apps and services that connect to your car
- Only give access to your data to trusted third-parties
- When connecting a mobile app to the car, make sure to minimize the amount of data collected through this app. You can use iOS or Android settings to limit the data collected through your phone.
- Opt out from your mobile device's location sharing.
- Do not use Amazon Alexa in your car if you are concerned about Amazon collecting that voice request information, IP address, and geolocation information and using it to target you with advertising.
Ce produit peut-il m’espionner ?
Caméra
Appareil : Oui
Application : Oui
Microphone
Appareil : Oui
Application : Oui
Piste la géolocalisation
Appareil : Oui
Application : Oui
Que peut-on utiliser pour s’inscrire ?
Adresse e-mail
Oui
Téléphone
Oui
Compte tiers
Ne s’applique pas
Quelles données l’entreprise collecte-t-elle ?
Personnelles
"Your identity and contact details (surname, first name, postal address, email address, telephone, etc.), data related to your personal and/or professional situation (family situation, socio-professional category, etc.), your payment and transaction data (payment type, discount granted, etc.), data relating to our commercial relationship, in particular our interactions and contracts (order history, after-sales operations, service agreements, games, interaction with our call centre, etc.), your vehicle identification data (brand, model, registration, VIN number, etc.), your geolocation data (your consent is obtained when required by regulations), data related to the use of the vehicle (mileage, journey, use of multimedia, etc.) and, where applicable, its battery (charge level, etc.), Vehicle- and driving-related data: data allowing control of the vehicle and, where applicable, its battery (locking/unlocking, pre-conditioning, battery charge programming, etc.), relating to driving mode (use of controls, acceleration, breaking, etc.) or to the provision of connected services or on-board applications; data needed to carry out loyalty, direct marketing, market research or survey actions (e.g. your vehicle preferences); data relating to your digital profiles (online accounts); data concerning the use of our websites and mobile apps, as well as our communications (number of visits, page visited, messages opened, etc.)."
Corporelles
Sociales
Comment l’entreprise utilise-t-elle les données ?
Comment pouvez-vous contrôler vos données ?
Quel est l’historique de l’entreprise en matière de protection des données des utilisateurs et utilisatrices ?
In 2017, Renault was hit by a ransomware attack.
Informations liées à la vie privée des enfants
Ce produit peut-il être utilisé hors connexion ?
Informations relatives à la vie privée accessibles et compréhensibles ?
Renault Group's privacy policies are lengthy and somewhat complicated.
Liens vers les informations concernant la vie privée
Ce produit respecte-t-il nos critères élémentaires de sécurité ?
Chiffrement
We cannot determine if all data sitting on the car, including telematic data the car collects as well as data shared when you connect your phone sits encrypted, and if all collected data is encrypted in transit. We reached out to the company to attempt to determine this multiple times and received no response.
Mot de passe robuste
Mises à jour de sécurité
Gestion des vulnérabilités
Renault has a public vulnerability disclosure policy.
Politique de confidentialité
The recent cars by Renault Group include advanced driver assistance systems on its vehicles.
Cette IA est-elle non digne de confiance ?
Quel genre de décisions l’IA prend-elle à votre sujet ou pour vous ?
L’entreprise est-elle transparente sur le fonctionnement de l’IA ?
Les fonctionnalités de l’IA peuvent-elles être contrôlées par l’utilisateur ou l’utilisatrice ?
Pour aller plus loin
-
Renault Group and Google Accelerate Partnership to Develop the Vehicle of Tomorrow and Strengthen Renault Group's Digital TransformationCision PR Newswire
Commentaires
Vous avez un commentaire ? Dites-nous tout.