Volkswagen

Attention : *Confidentialité non incluse avec ce produit

Volkswagen

Volkswagen Group
Wi-Fi Bluetooth

Passé en revue le : 15 août 2023

|
Mozilla a effectué 24 heures de recherches
|

L’avis de Mozilla :

|
Vote du public : Super flippant

Famous for the happy little VW Beetle and the iconic VW Bus, Volkswagen is a German car manufacturer with a worldwide reach. Current models include the Jetta, Passat, Golf, Rabbit, Tiguan, Taos, and electric vehicles like the ID.4 and the ID Buzz. Volkswagen's myVW app lets users of VWs built since 2020 (VW says they are working on adding functionality for vehicles 2019 and older) connect to their suite of connected car services either called Car-Net or We Connect (depending on where you live). Through the myVW app you can do things like remote start, lock, and unlock the car, honk your horn from afar to scare the pants off your friends, find your car in the parking lot when you can't remember where you parked it, and even keep tabs (read; spy) on your car when someone else is driving it. Handy! And maybe a little creepy. So, how does VW fair at privacy? Well, let's just say their privacy practices aren't nearly as cute as those little VW Beetle's were.

Que pourrait-il se passer en cas de problème ?

Here's the deal: Privacy at Volkswagen doesn't look very good to us. VW earns all three of our privacy dings for how they use data, for how people can control their data, and for their track record at protecting the data they collect and we could not confirm them meet our Minimum Security Standards. Not good. Our privacy worries are even more concerning when you consider the vast ecosystem of things VW uses to collect your personal information -- from your car, to the Car-Net or We Connect connected services, to the myVW app users can use to interact with the car, to the personal information your VW dealer can collect on you, even during a test drive, to the additional information they can gather or buy on you from outside sources like data brokers, to the inferences they can draw about your when they combine all this data.

And then VW says they can share that personal information in lots of places, including throughout their large Volkswagen Group of companies. And VW freely admits in their privacy policies they share this information for lots of targeted advertising and marketing purposes -- both that VW does and that they share with other third parties for their own advertising purposes as well. And, don't forget, nearly all privacy policies mention how personal information can be shared with governments, law enforcement, and with any company that buys them in a merger or sale. So, yeah, when you drive a VW (or honestly, just about any car we review), lots and lots of your personal information is collected, stored, shared, used for targeted advertising, and open to being leaked or abused. Keep on reading if you'd like to look a deeper the privacy concerns we have about VW.

In their privacy policy, VW says they can collect a ton of personal information about you (seriously, they have a handy chart at the end that lays it all out neatly). VW collects personal information like name, email, physical address, and phone number, demographic information like age and gender, vehicle information like your Vehicle Identification Number (VIN), vehicle usage information like fuel level, when you lock and unlock your car, whether or not you use your seatbelt, how fast your drive, where you drive (location data), your voice commands, "Audio, electronic, visual, or similar information," and on and on and on. They collect all that information, which is pretty much everything about you except for maybe what you had for lunch that day (well, they probably know that too since it's likely they know your drove to your favorite restaurant for the third time this week) and then say they can "drawn from any of the information we collect to create a profile about you reflecting your preferences, characteristics, demographics and vehicle usage patterns." Yup, VW knows a whole lot about you and probably even the people in your car.

About those people in your car. It's probably good for you to know they put the responsibility on you to tell anyone in your car all about this huge amount of data collection. Yup, they say, "If you are the vehicle owner, you must notify any additional drivers about the privacy practices described in this Statement and if you are the Primary Driver for this vehicle’s Car-Net Services, you must notify any additional drivers of the vehicle about the Car-Net specific privacy practices described herein." Nice...because that's what we all do when we pick our friends up for a road trip, start with a privacy notice sermon to get the good times rolling! Uhg...lawyers.

What does VW say they can do with this vast treasure trove of personal information, car data, and inferences they collect on you? Well, they use it to make more money, of course. Because selling cars isn't a big enough business these days, now, your personal information is another gold mine for all car companies to tap into. And tap into it they do. VW says they can use it for their own personalized and targeted advertising purposes or those or their affiliates, business partners, or other third parties. They can share it with third parties who can use it for the commercial purpose of marketing their products and services to you. They also say they can use or disclose your de-identified data for "any purpose." Which is OK, as long as they do a good job actually de-identifying it. Remember, it's been found to be relatively easy to re-identify de-identified personal information.

VW also says they can share your personal information lots and lots of places. They can share your personal information within their Volkswagen Group family of companies which includes "Volkswagen Group parents, corporate affiliates, subsidiaries, business units, and other companies that share common ownership". That's a lot of sharing right there. But the list goes on (and on and on). They also say they can share personal information with VW Dealers, to third parties for their own marketing purposes, to third parties that provide online advertising, with integrated content providers for their Car-Net/We Connect services, and other vaguely describe entities such as "optional third parties" and "to other companies in connection with a VW corporate transaction" (meaning if some other company buys or merges with VW, they get your personal information as part of that business transaction).

Here's something else to worry about (sorry for being such a downer). VW is probably not the only company collecting lots of information on you when you're in your VW car, especially if you're using their Car-Net or We Connect services. In fact, their privacy policy for these mobile online services lists oodles of online service companies that can collect personal information if you use them in your car. Everyone from Amazon if you use Alexa to the mobile hotspot service provider you use to connect to the internet through your car to Google if you use their Google Earth to help you find places in your area, to Parkopedia if you're looking for a parking spot to those streaming radio providers if you listen to music in your car. Your connected car is potentially sharing data with companies all around the world about all the little things you do in your car. Yikes!

So, VW collects a TON of data, uses this data for lots of things including combining it with even more data they can collect on your from data brokers, social media sites, and more to build a big old profile of you, so they can then target you with ads and share your information so others can target you with ads. That's pretty bad for your privacy. But that's not all. VW also has a bit of a spotty track record at respecting and protecting all that personal information they collect on their users. From reports of security concerns from a respected consumer watchdog to firing employees for serious cyber security concerns, to a big old data breach that saw the personal information of 3.3 million users compromised and then offered up for sale by hackers resulting in a $3.5 million class action settlement, to major fines for privacy violations during test drives, VW's track record for privacy is not great. If fact, it's pretty bad. (And dare we even mention VW's black eye for lying about their vehicle emissions a few years back? Yes, it's not privacy related, however, it is still kinda relevant to the company's ethics).

So, what's the worst that could happen to your privacy with your VW car, myVW app, and VW's Car-Net or We Connect mobile services? Well, dang, let's see. It would really suck if VW leaked that personal and location data they collect on you and hackers on the dark web could buy it and know all the places you like to visit and when you visit them and use that to stalk you. That wouldn't be great. But heck, there's a risk data brokers might be able to collect and sell some of that same information from VW and legally sell it to others who want to target you with all sorts of ads. That's not great either. And shoot, it seems like law enforcement and governments might also be able to get their hands of some of this data too. To be fair, this is a problem with nearly all car brands, not just VW. The fact remains, VW might have a history of making cute cars, but their privacy practices in 2023 are anything but cute. It's probably good to assume your VW comes with *privacy not included.

Conseils pour vous protéger

  • Do not give consent to tailored advertisement.
  • Opt out from selling of your personal information, as well as from Cross-context Behavioral Advertising.
  • Always do a factory reset on your car before selling or trading it away to wipe your data clean and disconnect the app.
  • Before reselling your car, make sure to notify the company
  • When buying a used car, always make the previous owner removed their connected account and performed a factory reset.
  • Always use strong passwords and set up two-factor authentication for apps and services that connect to your car
  • Only give access to your data to trusted third-parties
  • When connecting a mobile app to the car, make sure to minimize the amount of data collected through this app. You can use iOS or Android settings to limit the data collected through your phone.
  • Opt out from your mobile device's location sharing.
  • Do not use Amazon Alexa in your car if you are concerned about Amazon collecting that voice request information, IP address, and geolocation information and using it to target you with advertising.
  • mobile

Ce produit peut-il m’espionner ? informations

Caméra

Appareil : Oui

Application : Oui

Microphone

Appareil : Oui

Application : Non

Piste la géolocalisation

Appareil : Oui

Application : Oui

Que peut-on utiliser pour s’inscrire ?

Quelles données l’entreprise collecte-t-elle ?

Comment l’entreprise utilise-t-elle les données ?

We ding this product as it collects data from third parties -- including data brokers and social media platforms -- and combines your personal data with data from third parties, and for sharing personal information for targeted advertising purposes.

Privacy Statement

"We collect and use your information for a number of business purposes, such as:
For marketing, such as marketing our products or services or those of our affiliates, business partners, or other third parties, including through interest-based advertising ... However, please note that we will not use or disclose precise GPS location data or your driver behavior data for our own marketing purposes or for the marketing purposes of unaffiliated third parties without your affirmative consent."

"We also provide your information to third parties who use it for the commercial purpose of marketing their products and services to you."

"As you interact with VW and its Digital Properties, vehicles, products and services, we may collect certain information from or about you or your vehicle from the following sources: <...> other third parties, such as companies that provide or sell lists of potential vehicle purchasers and current owners, data brokers, business partners, public sources, social media platforms and networks, or other parties that interact with us."

"We may combine information that we receive from the various sources described in this Privacy Statement, including third-party sources, and use or disclose it for the purposes identified below."

"We disclose information for targeted advertising purposes and in other situations that may constitute a "sale" or “sharing” as defined under applicable law."

Volkswagen may disclose your information:
- Within the Volkswagen Group family of companies. <...>
- To third-party service providers. <...>
- To VW Dealers.
- To third parties for their own marketing purposes.
- To third-party entities that provide online advertising and analytics functionality.
- To Integrated Content Providers.

Volkswagen will share some of the data with insurances if you sign up for DriveView: "If you are eligible for and opt-in to DriveView (a usage-based insurance program), VW will collect and use commercial and electronic network activity information collected through Car-Net Services about your driving behavior, such as speed, breaking and seat belt usage, and GPS location in order to assess your driving and routinely provide you a DriveView score <...>.  We will collect this data directly from you and your use of the Car-Net technologies. We also will use aggregated data to conduct driver behavior modeling (for example, comparing drivers across different states). If you opt-in and direct us to do so, we also will send your driver behavior and GPS location data to our insurance company partners for consideration."

Privacy Policy for the use of Volkswagen AG mobile online services

Volkswagen delivers targeted advertisement based on the app collected from the app.

"Volkswagen AG always endeavours to send you information that is personally tailored to you as much as possible and thus improve advertising for the marketing of your products and services. This requires the well-founded analysis of your usage of our products and services. If you have given your consent to do so, Volkswagen AG will therefore process data from the Volkswagen ID user account and from “VW Connect”. Details on processing this data (e.g. exactly what data is processed and how) is provided in the Volkswagen ID Privacy Policy at https://vwid.vwgroup.io/data-privacy.

Applies to customers in other VW Connect countries with the exception of Germany: Volkswagen AG always strives to send information to its customers that is personally tailored to them as much as possible and thus improve advertising for the marketing of its products and services. An in-depth analysis of products and services (analytics) is required to accomplish this goal. For this reason, Volkswagen AG processes data from the Volkswagen ID user account and from “VW Connect”, for example:

Identification data (e.g. name, email, telephone number, vehicle identification number, if applicable)
• User account data (e.g. preferred partners)
• Transaction data (e.g. completed agreements)
• Vehicle use data (e.g. logbook, fluid levels, mileage (km))
• Contract data (e.g. vehicle equipment, ongoing contracts with linked services)
• IT usage data (e.g. last login to services, use of functions)
• Location data (e.g. truncated GPS data)

In the event that vehicles are recorded, Volkswagen AG will also process the vehicle identification number and add additional equipment data of the vehicle to the information listed above and create segments."

Comment pouvez-vous contrôler vos données ?

We ding this product as we cannot confirm that all users regardless of location can get their data deleted.

"Depending on where you live, you may have certain rights, subject to legal limitations, regarding the collection, use, and disclosure of your personal information. You can submit a Data Subject Rights Request by visiting privacy.vwgoa.com and following the instructions in the portal, or by calling (833) 909-1767. Please note that certain rights may be limited where your personal information is subject to certain state or federal laws, such as the Fair Credit Reporting Act (“FCRA), the federal Gramm-Leach-Bliley Act (“GLBA”), or state law equivalents."

"Your information will be retained as long as necessary to fulfill the purposes we have outlined above unless we are required to do otherwise by applicable law. This includes retaining your information to provide you with the products or services you have requested and interact with you; maintain our business relationship with you; improve our business over time; ensure the ongoing legality, safety, and security of our services and relationships; or otherwise in accordance with our internal retention procedures. Once you have terminated your relationship with us, we may retain your information in our systems and records in order to ensure adequate fulfillment of surviving provisions in terminated contracts, or for other legitimate business purposes, such as to demonstrate our business practices and contractual obligations or provide you with information about our products and services in case of interest. "

Quel est l’historique de l’entreprise en matière de protection des données des utilisateurs et utilisatrices ?

Mauvais

In June 2021, Volkswagen and its daughter company Audi suffered a data breach affecting 3.3 million users. A few days later, hackers put the data stolen from the car maker on sale on a notorious hacking forum. In January 2023, Volkswagen "agreed to a $3.5 million class action lawsuit settlement to resolve claims their customers’ information was stolen in a data breach spanning several years."

In July 2022 Volkswagen was fined 1.1 million euros for GDPR data privacy violations during test drives.

In January 2022 it was reported that VW fired a senior employee after they reported cybersecurity concerns.

In April 2020, consumer watchdog Which reported that Volkswagen cars could have serious security flaws that could allow them to be hacked.

Informations liées à la vie privée des enfants

VW does not knowingly collect, use, disclose, or sell the information of children under the age of 16. In the event that we learn that we have collected information from a child under age 16, we will delete that information. For questions or additional information, please contact us using the information in Section 13 below.

Ce produit peut-il être utilisé hors connexion ?

Oui

Informations relatives à la vie privée accessibles et compréhensibles ?

Non

VW has various privacy policies, notices, and statements that are difficult to find, sort through, and understand.

Liens vers les informations concernant la vie privée

Ce produit respecte-t-il nos critères élémentaires de sécurité ? informations

Inconnu

Chiffrement

Impossible à déterminer

We cannot determine if all data sitting on the car, including telematic data the car collects as well as data shared when you connect your phone sits encrypted, and if all collected data is encrypted in transit. We reached out to the company to attempt to determine this multiple times and received no response.

Mot de passe robuste

Ne s’applique pas

Mises à jour de sécurité

Oui

Gestion des vulnérabilités

Impossible à déterminer

Politique de confidentialité

Oui

Le produit utilise-t-il une IA ? informations

Oui

Travel Assist adapts to your driving style and can drive further on the left or right in the lane instead of in the centre. In conjunction with a navigation system, Travel Assist is enhanced with predictive cruise control and a cornering assist function. These features are enabled by numerous cameras, sensors and radars on the car.

Volkswagen starts to test self-driving technology in 2023 with plans for a commercial launch in 2026.

Cette IA est-elle non digne de confiance ?

Impossible à déterminer

Quel genre de décisions l’IA prend-elle à votre sujet ou pour vous ?

L’entreprise est-elle transparente sur le fonctionnement de l’IA ?

Impossible à déterminer

Les fonctionnalités de l’IA peuvent-elles être contrôlées par l’utilisateur ou l’utilisatrice ?

Impossible à déterminer

*Confidentialité non incluse

Pour aller plus loin

  • Volkswagen Sued for Not Disclosing Alleged Private Climate Lobbying Activities
    Insurance Journal Le lien s’ouvre dans un nouvel onglet
  • Volkswagen, Audi data breach $3.5M class action settlement
    Top Class Actions Le lien s’ouvre dans un nouvel onglet
  • Volkswagen says a vendor’s security lapse exposed 3.3 million drivers’ details
    TechCrunch Le lien s’ouvre dans un nouvel onglet
  • Hackers Are Selling Data Stolen From Audi and Volkswagen
    Vice Le lien s’ouvre dans un nouvel onglet
  • VW says data breach at vendor impacted 3.3 million people in North America
    Reuters Le lien s’ouvre dans un nouvel onglet
  • VW fired senior employee after they raised cyber security concerns
    Financial Times Le lien s’ouvre dans un nouvel onglet
  • Volkswagen manager fired after raising cyber security concerns
    City A.M. Le lien s’ouvre dans un nouvel onglet
  • Popular connected cars from Ford and Volkswagen could put your security, privacy and safety at risk, Which? finds
    Which? Le lien s’ouvre dans un nouvel onglet
  • Volkswagen Pledges To Follow China’s Data Privacy Laws
    PYMNTS Le lien s’ouvre dans un nouvel onglet
  • Volkswagen fined $1.1M under GDPR for unauthorized data collection
    Compliance Week Le lien s’ouvre dans un nouvel onglet
  • Former VW owner discovered digital access to her car months after it was sold
    The Verge Le lien s’ouvre dans un nouvel onglet

Commentaires

Vous avez un commentaire ? Dites-nous tout.