A few days ago, the Mozilla Foundation released the results of its research about data privacy in modern cars that they’ve conducted for their “Privacy Not Included” guide. The results are not surprising — with all the tech inside the vehicles being built in the last decades, like microphones, cameras, sensors, and all the connectivity capabilities, our data is far from safe.
Mozilla’s “Privacy Not Included” Guide
The Mozilla Foundation is a global non-profit organization that aims to keep the internet open and accessible to everyone. They support and lead the open-source Mozilla project, which develops software like the Firefox browser and Thunderbird email client. The foundation advocates for a better internet by providing funding, mentorship, and amplification to innovators of all types, from technologists and scientists to activists and artists.
Mozilla’s “Privacy Not Included” is a buyer’s guide that helps consumers shop smart and safe for connected products. This effort is vital because virtually no one has time to read the dense terms of service we’re used to blindly accepting. The guide addresses the difficulty consumers face in getting clear information from companies about the security and privacy of their products.
The results of Mozilla’s research are pretty concerning. All 25 car brands reviewed earned a “Privacy Not Included” warning label, making cars the worst category for privacy. Car brands collect too much personal data, share or sell data, give little control over data, and have unclear security standards.
With new cars collecting so much driver data, it’s alarming that companies aren’t transparent about how they use and protect it. We deserve to know.
The lack of choice in the market is also worrying, as all car brands scored poorly for privacy. Worst of all, there’s no way for drivers to control the data collection.
The Risks of Relying on Third-Party Technologies
The privacy and security issues with modern cars highlighted in Mozilla’s research point to a more significant trend. Many companies struggle to manage risks when using outside technologies and services.
Automakers have little control over data collection by third-party apps on their vehicles. Similarly, businesses in other industries face challenges when bringing in external technologies.
For example, imagine you’re a cafe owner who uses Square for payments. If Square has a significant outage, like they did a few days ago, you can’t process credit card sales. Your business could grind to a standstill.
Or what if you’re a biotech firm relying on lab equipment from another provider? If that equipment has security flaws, competitors may steal and use your proprietary research data. In fact, this happened to China’s BGI Group when suspected hackers stole genomic data.
Even cloud services can lead to a loss of control over data and intellectual property. For instance, Ring, Amazon’s home security company, used customer videos to train A.I. algorithms without asking permission first.
Modern connectivity brings convenience but also risks. With more vigilance, companies can prevent unintended consequences from third-party technologies.
Why We Should be Concerned About Data Privacy
You may think I’m paranoid, but I try to give away as little of my personal information as possible as a consumer. That’s probably a professional thing — I deal with technology and cybersecurity a lot. I know how bad the situation is with data privacy and protection in general. I know everyone is selling our data one way or another. I’m not wearing a tin foil hat yet, but I do if I can avoid “convenient” signups that want access to all my info.
For example, if an app wants me to use Google Signup and also get access to all my emails and files, I’ll avoid it. If a messenger asks for all my contacts, I won’t share them. And I’ll use a desktop app over a Chrome extension that can see everything I do online. I am cautious.
There’s good reason for caution — the scale of recent significant data breaches is frightening:
In 2023 alone, Twitter had a massive breach exposing 220 million records. Latitude Financial lost over 14 million records in March. T-Mobile faced multiple data breaches, impacting 37 million customers in January and 800 more in May. And Shields Health Care group had intruders access systems and steal data.
Those are just the ones covered in the media. There are many more that go unreported.
Should You Outsource Data Storage and Processing?
Technology has made it easier than ever for businesses to share data with third parties. But, outsourcing data comes with risks. So what’s a business to do?
Imagine you run a retail store. Do you outsource your warehouse storage or keep it in-house? For many companies, especially startups, outsourcing makes sense. Storage isn’t a core part of the business. Why invest in warehouse infrastructure when you can tap into a vendor’s?
But as you grow, needs change. You want more control, flexibility, and integration with logistics. Reputation becomes as important as liability protection. Soon, you’re thinking about building your own warehouse.
We should treat data the same way. Using third-party services to store and process data is usually acceptable. However, when selecting a vendor, mindfulness, proper processes, and due diligence are critical.
Make sure to periodically ask yourself: Have our data needs changed? Are we comfortable with how vendors are using our data? Do we need to start managing data in-house and have more control?
The right solution depends on each company’s unique situation and growth. With some forethought, businesses can minimize data risks while maximizing value.
Originally published on Medium.com