Attention : *Confidentialité non incluse avec ce produit
Famous for the happy little VW Beetle and the iconic VW Bus, Volkswagen is a German car manufacturer with a worldwide reach. Current models include the Jetta, Passat, Golf, Rabbit, Tiguan, Taos, and electric vehicles like the ID.4 and the ID Buzz. Volkswagen's myVW app lets users of VWs built since 2020 (VW says they are working on adding functionality for vehicles 2019 and older) connect to their suite of connected car services either called Car-Net or We Connect (depending on where you live). Through the myVW app you can do things like remote start, lock, and unlock the car, honk your horn from afar to scare the pants off your friends, find your car in the parking lot when you can't remember where you parked it, and even keep tabs (read; spy) on your car when someone else is driving it. Handy! And maybe a little creepy. So, how does VW fair at privacy? Well, let's just say their privacy practices aren't nearly as cute as those little VW Beetle's were.
Que pourrait-il se passer en cas de problème ?
Here's the deal: Privacy at Volkswagen doesn't look very good to us. VW earns all three of our privacy dings for how they use data, for how people can control their data, and for their track record at protecting the data they collect and we could not confirm them meet our Minimum Security Standards. Not good. Our privacy worries are even more concerning when you consider the vast ecosystem of things VW uses to collect your personal information -- from your car, to the Car-Net or We Connect connected services, to the myVW app users can use to interact with the car, to the personal information your VW dealer can collect on you, even during a test drive, to the additional information they can gather or buy on you from outside sources like data brokers, to the inferences they can draw about your when they combine all this data.
And then VW says they can share that personal information in lots of places, including throughout their large Volkswagen Group of companies. And VW freely admits in their privacy policies they share this information for lots of targeted advertising and marketing purposes -- both that VW does and that they share with other third parties for their own advertising purposes as well. And, don't forget, nearly all privacy policies mention how personal information can be shared with governments, law enforcement, and with any company that buys them in a merger or sale. So, yeah, when you drive a VW (or honestly, just about any car we review), lots and lots of your personal information is collected, stored, shared, used for targeted advertising, and open to being leaked or abused. Keep on reading if you'd like to look a deeper the privacy concerns we have about VW.
In their privacy policy, VW says they can collect a ton of personal information about you (seriously, they have a handy chart at the end that lays it all out neatly). VW collects personal information like name, email, physical address, and phone number, demographic information like age and gender, vehicle information like your Vehicle Identification Number (VIN), vehicle usage information like fuel level, when you lock and unlock your car, whether or not you use your seatbelt, how fast your drive, where you drive (location data), your voice commands, "Audio, electronic, visual, or similar information," and on and on and on. They collect all that information, which is pretty much everything about you except for maybe what you had for lunch that day (well, they probably know that too since it's likely they know your drove to your favorite restaurant for the third time this week) and then say they can "drawn from any of the information we collect to create a profile about you reflecting your preferences, characteristics, demographics and vehicle usage patterns." Yup, VW knows a whole lot about you and probably even the people in your car.
About those people in your car. It's probably good for you to know they put the responsibility on you to tell anyone in your car all about this huge amount of data collection. Yup, they say, "If you are the vehicle owner, you must notify any additional drivers about the privacy practices described in this Statement and if you are the Primary Driver for this vehicle’s Car-Net Services, you must notify any additional drivers of the vehicle about the Car-Net specific privacy practices described herein." Nice...because that's what we all do when we pick our friends up for a road trip, start with a privacy notice sermon to get the good times rolling! Uhg...lawyers.
What does VW say they can do with this vast treasure trove of personal information, car data, and inferences they collect on you? Well, they use it to make more money, of course. Because selling cars isn't a big enough business these days, now, your personal information is another gold mine for all car companies to tap into. And tap into it they do. VW says they can use it for their own personalized and targeted advertising purposes or those or their affiliates, business partners, or other third parties. They can share it with third parties who can use it for the commercial purpose of marketing their products and services to you. They also say they can use or disclose your de-identified data for "any purpose." Which is OK, as long as they do a good job actually de-identifying it. Remember, it's been found to be relatively easy to re-identify de-identified personal information.
VW also says they can share your personal information lots and lots of places. They can share your personal information within their Volkswagen Group family of companies which includes "Volkswagen Group parents, corporate affiliates, subsidiaries, business units, and other companies that share common ownership". That's a lot of sharing right there. But the list goes on (and on and on). They also say they can share personal information with VW Dealers, to third parties for their own marketing purposes, to third parties that provide online advertising, with integrated content providers for their Car-Net/We Connect services, and other vaguely describe entities such as "optional third parties" and "to other companies in connection with a VW corporate transaction" (meaning if some other company buys or merges with VW, they get your personal information as part of that business transaction).
Here's something else to worry about (sorry for being such a downer). VW is probably not the only company collecting lots of information on you when you're in your VW car, especially if you're using their Car-Net or We Connect services. In fact, their privacy policy for these mobile online services lists oodles of online service companies that can collect personal information if you use them in your car. Everyone from Amazon if you use Alexa to the mobile hotspot service provider you use to connect to the internet through your car to Google if you use their Google Earth to help you find places in your area, to Parkopedia if you're looking for a parking spot to those streaming radio providers if you listen to music in your car. Your connected car is potentially sharing data with companies all around the world about all the little things you do in your car. Yikes!
So, VW collects a TON of data, uses this data for lots of things including combining it with even more data they can collect on your from data brokers, social media sites, and more to build a big old profile of you, so they can then target you with ads and share your information so others can target you with ads. That's pretty bad for your privacy. But that's not all. VW also has a bit of a spotty track record at respecting and protecting all that personal information they collect on their users. From reports of security concerns from a respected consumer watchdog to firing employees for serious cyber security concerns, to a big old data breach that saw the personal information of 3.3 million users compromised and then offered up for sale by hackers resulting in a $3.5 million class action settlement, to major fines for privacy violations during test drives, VW's track record for privacy is not great. If fact, it's pretty bad. (And dare we even mention VW's black eye for lying about their vehicle emissions a few years back? Yes, it's not privacy related, however, it is still kinda relevant to the company's ethics).
So, what's the worst that could happen to your privacy with your VW car, myVW app, and VW's Car-Net or We Connect mobile services? Well, dang, let's see. It would really suck if VW leaked that personal and location data they collect on you and hackers on the dark web could buy it and know all the places you like to visit and when you visit them and use that to stalk you. That wouldn't be great. But heck, there's a risk data brokers might be able to collect and sell some of that same information from VW and legally sell it to others who want to target you with all sorts of ads. That's not great either. And shoot, it seems like law enforcement and governments might also be able to get their hands of some of this data too. To be fair, this is a problem with nearly all car brands, not just VW. The fact remains, VW might have a history of making cute cars, but their privacy practices in 2023 are anything but cute. It's probably good to assume your VW comes with *privacy not included.
Conseils pour vous protéger
- Do not give consent to tailored advertisement.
- Opt out from selling of your personal information, as well as from Cross-context Behavioral Advertising.
- Always do a factory reset on your car before selling or trading it away to wipe your data clean and disconnect the app.
- Before reselling your car, make sure to notify the company
- When buying a used car, always make the previous owner removed their connected account and performed a factory reset.
- Always use strong passwords and set up two-factor authentication for apps and services that connect to your car
- Only give access to your data to trusted third-parties
- When connecting a mobile app to the car, make sure to minimize the amount of data collected through this app. You can use iOS or Android settings to limit the data collected through your phone.
- Opt out from your mobile device's location sharing.
- Do not use Amazon Alexa in your car if you are concerned about Amazon collecting that voice request information, IP address, and geolocation information and using it to target you with advertising.
Ce produit peut-il m’espionner ?
Caméra
Appareil : Oui
Application : Oui
Microphone
Appareil : Oui
Application : Non
Piste la géolocalisation
Appareil : Oui
Application : Oui
Que peut-on utiliser pour s’inscrire ?
Adresse e-mail
Oui
Téléphone
Oui
Compte tiers
Ne s’applique pas
Quelles données l’entreprise collecte-t-elle ?
Personnelles
"Contact information, date of birth, demographic information, geolocation data, inferences reflecting your preferences, characteristics, demographics and vehicle usage patterns, internet and electronic data, vehicle usage information, such as vehicle data transmitted from your vehicle or collected or inferred from your use of the vehicle or services, including general vehicle status data (such as warning lights, upcoming service schedule, fuel level, battery level, and tire pressure); service history and fault or trouble codes; ambient data (such as outside temperature and brightness); vehicle performance data and other data about your vehicle, including its identification, condition, equipment status, or collision information; vehicle/technology usage data (such as usage of lock/unlock and remote start technology); driver behavior data (such as vehicle speed, seat belt use, and information about breaking habits); information that you provide when using Car-Net Services, including information you send and information you request; and information about your interactions with us, our affiliates, our service providers, Integrated Content Providers, and Optional Third Parties related to your vehicle usage."
Corporelles
Audio, electronic, visual, or similar information including voice command data
Sociales
Transcripts of conversations you engage in with VW via webchat, messaging apps, or social media.
Comment l’entreprise utilise-t-elle les données ?
Comment pouvez-vous contrôler vos données ?
Quel est l’historique de l’entreprise en matière de protection des données des utilisateurs et utilisatrices ?
In June 2021, Volkswagen and its daughter company Audi suffered a data breach affecting 3.3 million users. A few days later, hackers put the data stolen from the car maker on sale on a notorious hacking forum. In January 2023, Volkswagen "agreed to a $3.5 million class action lawsuit settlement to resolve claims their customers’ information was stolen in a data breach spanning several years."
In July 2022 Volkswagen was fined 1.1 million euros for GDPR data privacy violations during test drives.
In January 2022 it was reported that VW fired a senior employee after they reported cybersecurity concerns.
In April 2020, consumer watchdog Which reported that Volkswagen cars could have serious security flaws that could allow them to be hacked.
Informations liées à la vie privée des enfants
Ce produit peut-il être utilisé hors connexion ?
Informations relatives à la vie privée accessibles et compréhensibles ?
VW has various privacy policies, notices, and statements that are difficult to find, sort through, and understand.
Liens vers les informations concernant la vie privée
Ce produit respecte-t-il nos critères élémentaires de sécurité ?
Chiffrement
We cannot determine if all data sitting on the car, including telematic data the car collects as well as data shared when you connect your phone sits encrypted, and if all collected data is encrypted in transit. We reached out to the company to attempt to determine this multiple times and received no response.
Mot de passe robuste
Mises à jour de sécurité
Gestion des vulnérabilités
Politique de confidentialité
Travel Assist adapts to your driving style and can drive further on the left or right in the lane instead of in the centre. In conjunction with a navigation system, Travel Assist is enhanced with predictive cruise control and a cornering assist function. These features are enabled by numerous cameras, sensors and radars on the car.
Volkswagen starts to test self-driving technology in 2023 with plans for a commercial launch in 2026.
Cette IA est-elle non digne de confiance ?
Quel genre de décisions l’IA prend-elle à votre sujet ou pour vous ?
L’entreprise est-elle transparente sur le fonctionnement de l’IA ?
Les fonctionnalités de l’IA peuvent-elles être contrôlées par l’utilisateur ou l’utilisatrice ?
Pour aller plus loin
-
Volkswagen Sued for Not Disclosing Alleged Private Climate Lobbying ActivitiesInsurance Journal
-
Volkswagen, Audi data breach $3.5M class action settlementTop Class Actions
-
Volkswagen says a vendor’s security lapse exposed 3.3 million drivers’ detailsTechCrunch
-
Hackers Are Selling Data Stolen From Audi and VolkswagenVice
-
VW says data breach at vendor impacted 3.3 million people in North AmericaReuters
-
VW fired senior employee after they raised cyber security concernsFinancial Times
-
Volkswagen manager fired after raising cyber security concernsCity A.M.
-
Popular connected cars from Ford and Volkswagen could put your security, privacy and safety at risk, Which? findsWhich?
-
Volkswagen Pledges To Follow China’s Data Privacy LawsPYMNTS
-
Volkswagen fined $1.1M under GDPR for unauthorized data collectionCompliance Week
-
Former VW owner discovered digital access to her car months after it was soldThe Verge
Commentaires
Vous avez un commentaire ? Dites-nous tout.