back to article Second-hand connected car data drama could be a GDPR minefield

What are the implications under GDPR of a previous owner retaining access to data and control of a connected car after it is sold on? Although El Reg's initial story on the topic focused on the experience of two Jaguar Land Rover owners and the car maker's response, it has become clear this is an industry-wide issue and cars …

  1. frank ly Silver badge

    Duh!

    "Multiple manufacturers and their respective telematic technology providers appear to be at fault one way or another."

    Why the heck didn't they think of this in their early planning stages? In the various meetings, I wonder how many engineers said, "Excuse me but ....." and were then shouted down or ignored.

    1. 42

      Re: Duh!

      The BOFH got to them. It would be a very good lart.

    2. LucreLout Silver badge

      Re: Duh!

      I wonder how many engineers said, "Excuse me but ....." and were then shouted down or ignored.

      They won't have been shouted down and they won't have been ignored: They will have been "resisitant to change", which is all too often management speak for "This employee is smarter than me and has exposed the utter idiocy of my bonus bagging idea".

      Quite why "society" values those whose main skill is watching others work at a value premium to those doing the work, is beyond me. I mean, sure, if the management add value, but as often as not, that isn't the case.

    3. This post has been deleted by its author

    4. Anonymous Coward
      Anonymous Coward

      'Why the heck didn't they think of this in their early planning stages?'

      You mean why didn't the car-mafia that rigged emissions tests for years - do the right thing? A. There were no GDPR lawyers around! B. There is still a reality distortion field mindset that tech can do no wrong. Yet every other day El Reg shows the harm.

      I've held off buying a car because of this and the emissions scandal. I'm also not buying SmartTV-slurp, Win10-Slurp, Android-Slurp or any IoT-Slurp. Vote with your wallet. Look around but don't buy. But do tell the salesmen why you're not buying!

  2. Anonymous Coward
    Anonymous Coward

    Wonder where rental cars sit in this field.

    I've hired various cars over the years that have been connected up, as well as connected up to previous renter's phones and still hosting a full copy of their contacts, call history, etc.......

    1. Spanners Silver badge
      Big Brother

      Rental Cars

      I have rented vehicles a couple of times where there was a lot of information about previous users. Before I connected my phone to anything, I cleared the lot. I also cleared it before I returned the vehicle.

      I also mentioned it on the customers comments each time and got appologies from the people there.

      Presumably, nowadays, this would be relevant to the GDPR? It's certainly relevant to common sense...

      1. MachDiamond Silver badge

        Re: Rental Cars

        "I have rented vehicles a couple of times where there was a lot of information about previous users. Before I connected my phone to anything, I cleared the lot. I also cleared it before I returned the vehicle."

        Why would you sync your phone to a hired car!? With your own car you can look up in the manual how to dump the data or visit a dealer if needs must, but with a rental, you probably don't have a manual, can't take it to a dealer and you would need to be something of an expert in the car you hired including the various software revisions.

        Keep your phone disconnected from cars you don't own. If might become a sideline for some lot monkey to clone data at a hire company as many people are not going to know how to clear it or will be in too much of a hurry to remember.

        1. Roundtuit

          Re: Rental Cars

          I wonder how many buses, trains, planes, taxis and Uber cars have shlurped down passenger info?

    2. Halfmad Silver badge

      also ex-rentals

      My car is an ex-rental, it came with the previous rental agreement still in it with the guys contact details and a photocopy of his passport.

      It's not just the electronic data that's being mishandled. The automotive industry from manufacturers to garages is a **** storm waiting to happen.

    3. JoeTheAnnoying

      Rental cars sit... poorly...

      Modern designers make the assumption that everyone WANTS their data to be shared "for their own convenience", and so slurps it up without so much as a "by your leave".

      I was chaperoning a group of 15-17-year old girls on a drive down to Los Angeles. One of them wanted to play music for the rest, so she connected her iPhone to the car's audio system. BOOM! It downloaded all of her contact information into the in-car system, without so much as a "by your leave". (I found out because when I tried to use the hands-free system it had contacts such as "Mom" and "Jenna" and I asked the girls, "OK, whose mom's # is xxx?")

      Yes, of course I deleted all of her information. But the idea that, "If you connect your phone to this rental vehicle, it will automatically and WITHOUT YOUR EXPRESS PERMISSION extract all of your contacts into its own system" is appalling, to say the least...

      1. Anonymous Coward
        Anonymous Coward

        Re: Rental cars sit... poorly...

        I was chaperoning a group of 15-17-year old girls on a drive down to Los Angeles. One of them wanted to play music for the rest, so she connected her iPhone to the car's audio system. BOOM! It downloaded all of her contact information...

        Well they could have plugged in the audio output into the car's audio with the iPhone headphone jack. Oh wait a minute...

  3. Wiltshire

    Wonder how any buyer of a secondhand car is supposed to know if the car has been connected?

    1. smudge Silver badge

      If it has that functionality, then you assume that it has been.

    2. macjules Silver badge

      Correct. You should not have to worry.

      Even if there is a clear definition for the use of data in the JLR sales terms and conditions, especially in regards to GDPR then there should also be a requirement for JLR to automatically enforce the seller's RTBF.

      Mind you for most RangeRovers the history would be, "owner drove to kids school and blocked up the roads around the school" x2 every school day.

      1. Anonymous Coward
        Anonymous Coward

        Spot on sir.

        The nearest to "off-road" they ever get is going up the bloody kerb.

        1. Doctor Syntax Silver badge

          Re: Spot on sir.

          The nearest to "off-road" they ever get is going up the bloody kerb.

          Don't assume the only reason you need 4-wheel drive is to go off-road. In winter the road-clearing is so abysmal you need it if you live on a hill. And round here there are a lot of hills.

          (There's also an argument that general road maintenance is so abysmal there isn't actually that much difference between on-road and off-road.)

          1. Anonymous Coward
            Anonymous Coward

            Re: Spot on sir.

            Don't assume the only reason you need 4-wheel drive is to go off-road.

            Don't forget there are also many of us that live in the country where during the winter a 4-wheel drive is essential if you want to go out - townies object to real tractors parking on their roads.

          2. HamsterNet

            Re: Spot on sir.

            BAH,

            Drove my rear wheel drive through the hills in the snow and only had to dig myself out once. Most modern SUV gets stuck on dam grass anyways.

            1. Michael Wojcik Silver badge

              Re: Spot on sir.

              Drove my rear wheel drive through the hills in the snow and only had to dig myself out once.

              My parents lived on top of a mountain in rural Vermont for nine years, with a FWD Toyota Tercel and a RWD Toyota Van (the Toyota R20 or R30, sold in the US in the 1980s). There were a couple of miles of gravel roads, which were occasionally graded but nothing more, before you reached pavement; and while Vermont is pretty good about clearing snow, there are a lot of road miles relative to population, so when it snows (as it does most days of the winter) it may take a while.

              They drove pretty much daily and rarely got stuck with either vehicle. And that was generally with all-season (M+S) radial tires, not snow tires.

              It's mostly a matter of knowing what you're doing.

              When I taught my stepdaughter to drive, in my Honda Civic coupe (manual transmission, naturally), we had a nice snowy day so I drove around to the alley in back, ran it into a snow drift, then let her get it back out and back to the street. Took a while, but since then she's had no problems with 2WD vehicles in the snow.

              When I was in high school, living on the New England coast, almost no one I knew had 4WD or AWD. We kids mostly drove dreadful old American RWD cars with open differentials, primitive suspensions, vague steering, and ridiculous moments of inertia. And we flung 'em around the roads regardless of the weather, generally pretty successfully.

              These days everyone in the family has AWD vehicles because they're so common, why not? And it does make things easier. But necessary? I don't think so.

        2. Intractable Potsherd Silver badge

          Re: Spot on sir.@cornz 1

          "The nearest to "off-road" they ever get is going up the bloody kerb."

          And that only to park in the most inconvenient place. My experience of posh 4WD drivers on the move is that they will always be at least 2 feet from the edge of the road - annoying when on a road that is two cars plus 18 inches wide...

          1. Steve Renouf

            Re: Spot on sir.@cornz 1

            Lot's of those here!

      2. 2+2=5 Silver badge

        > Mind you for most RangeRovers the history would be, "owner drove to kids school and blocked up the roads around the school" x2 every school day.

        And bonus points for showing they parked in the 'keep clear' / 'no waiting' zone.

      3. MachDiamond Silver badge

        "Mind you for most RangeRovers the history would be, "owner drove to kids school and blocked up the roads around the school" x2 every school day."

        The other data would be "went from Home to Tesco" and the car weighed 1kg more on the return 4x/week.

  4. Chris G Silver badge

    Just Wondering

    As slight aside; how long it will be before the cops want access to your vehicle's data logs when they stop you so that they can go phishing. Of course they will try to find reasons to keep everything indefinitely, along with you biometrics, fingerprints, toenail clippings and anything else they may be able to use to stitch you up at a later date.

    Expect at some point in the future to be required by law to provide access to cops, insurance companies, uncle Tom Cobley and all.

    1. MachDiamond Silver badge

      Re: Just Wondering

      It won't be that the cops will ask for access to your data, they will be able to slurp it during that long interval they are sitting behind you when they pull you over if not before. The car will rat you out by providing the SatNav data and where you have exceeded the speed limit on a road for the entire day.

  5. Anonymous Coward
    Anonymous Coward

    Almost as good as The Dartford Crossing....

    They have gone the complete other direction....

    If someone has (ever) registered the cars number plate for the Dartford crossing and not removed it from their account after sale, they(Sanef) refuse point blank to do anything about it without sending original documentation to an address they specify only when you call them up.....and they will take an unspecified amount of time to sort it out.

    All the while of course, registration plate is being recorded and charged illegaly to the wrong person.

    1. BenDwire
      Facepalm

      Re: Almost as good as The Dartford Crossing....

      Eh? If you've sold the car and not bothered to remove it from the system, then that's your problem, shirley? It only takes a couple of clicks to deregister once you realise you've been funding the new driver...

      1. Roland6 Silver badge

        Re: Almost as good as The Dartford Crossing....

        >It only takes a couple of clicks to deregister once you realise you've been funding the new driver...

        Are you sure? I mean you are assuming the Dartford Crossing system only contains unique registration details. I would not be surprised if a car can be registered against several accounts concurrently and all get billed everytime the vehicle completes a crossing...

        1. Hopalong

          Re: Almost as good as The Dartford Crossing....

          Yes, it is very easy to remove a vehicle from your account.

          Also, they will automatically remove a vehicle (after few months) if its car tax group changes to 'Disabled'.

          1. Roland6 Silver badge

            Re: Almost as good as The Dartford Crossing....

            >Also, they will automatically remove a vehicle (after few months) if its car tax group changes to 'Disabled'.

            Thanks, useful to know, they obviously take a feed from DVLC for vehicles taxed as disabled. Which seems to mean that you are driving an exempt vehicle you don't need an account and won't get a letter demanding payment.

        2. ChrisC

          Re: Almost as good as The Dartford Crossing....

          I had this exact problem when I bought my last car, went to add it to my Dart Charge account only to have it rejected due to being assigned to another account - absolutely no way (just as it should be) to have the same registration assigned to multiple accounts. Contacted Dart who said it'd be no trouble to remove it from that account just as soon as I could send them a copy of the V5 in my name...

          As I was planning to use the crossing a couple of days later, waiting for the DVLA to get their ducks in a row and send me out the new V5 wasn't exactly an option, so I was considering simply driving t'other way around the M25 to get into Kent, when I then started having a look through the various bits of old service history paperwork that'd been left in the car. A-HA! Garage receipt from a few months prior to the car having been sold, complete with mobile phone number of the previous owner. One quick text later and the car had been removed from their Dart account and I could add it to mine without any further hassle.

  6. smudge Silver badge

    Not a new problem...

    ... but getting more serious, of course.

    I guess it started with built-in sat navs. Logs where you have been. May have recorded what speed you were travelling at - hence the old advice to clear it fast if you are stopped by the cops. And how many people have entered their actual home address as "home"?

    Then Bluetooth phone connectivity came along. And so on...

    My BMW has a function to delete all user data. Says it can take 15 or 30 minutes - can't remember which. You've got to trust it, of course, and I don't know if it deletes everything that you would want deleted. But if it does what it says then it sounds good. As long as you remember to use it.

    1. Red Bren
      Big Brother

      Re: Not a new problem...

      "BMW has a function to delete all user data. Says it can take 15 or 30 minutes"

      That's how long it takes to upload the data to base before the actual deletion, which only takes a second or two...

      1. smudge Silver badge
        Joke

        Re: Not a new problem...

        Don't be silly - they gather the data as it is created.

        Do you wait until you resign before downloading your company's client database, sales forecasts, product plans and designs, etc?

    2. tiggity Silver badge

      Re: Not a new problem...

      The classic satnav "home" was to pick location of nearest police station

      That no longer works as most of them are now closed down, so no such thing as a local plod station for most people

  7. adam payne Silver badge

    Customer confidentiality and the security and privacy of customer data is paramount to Jaguar Land Rover. We continually review our processes to identify further improvements to meet the security and privacy needs of our customers.

    Multiple people have raised an issue and you don't seem to be doing anything about it apart from issue stock statements.

    In this case I don't see how confidentiality, security or privacy are paramount to you.

    1. tfewster Silver badge
      Facepalm

      Paramount: adj

      "more important than anything else". What, more important than sales, revenue, profit, design, reliability...?

      I don't think I'll be buying a JLR product.* Even if they haven't gone bust, apparently their product quality is of even less importance than their shoddy service.

      Or, more probably, their stock statement is just a lie.

      * I always wanted a SWB Land Rover Defender one day, but too late :-(

  8. Len Silver badge
    Thumb Up

    I love how the GDPR...

    I love how the GDPR has suddenly unearthed all these issues that few people ever thought about. It's not just a law, it's the greatest (global, thanks to the "Brussels Effect") privacy awareness campaign ever.

    1. Lee D Silver badge

      Re: I love how the GDPR...

      Indeed. And given that GDPR is really not much more than "Data Protection Act, plus long-established case law from data protection cases, plus application to non-IT-based data storage", it's quite shocking how much of an impact it's had now that people are actually pulling their finger out and complying.

      I've been telling people for years that they were risking being sued, even if they followed the wording of the DPA, the case law established very different rulings, but they never listened. GDPR has made them "finally" compliant.

      Interestingly, at my workplace, I've been praised several times for being "ahead of the curve", GDPR-wise, not because I spent thousands of hours like a headless chicken, but precisely because I've just always managed data under those rules anyway.

      1. Doctor Syntax Silver badge

        Re: I love how the GDPR...

        "Data Protection Act, ... plus application to non-IT-based data storage"

        Non-IT-based storage was always covered under the DPA v2.0 if not DPA 1.0.

  9. Red Bren
    Pirate

    Software not designed for a secondary market

    Isn't this a manifestation of the blurring line between hardware that is owned, and software that is licensed?

    If you buy a new car that requires you to create an account to access all the features, can all subsequent owners do the same for free? If the new owner of the car tries to break the link with the previous owner's online account, will they be greeted with an extortionate "In order to use the advanced features of this vehicle, please register at www.britishleyland.com" where they will be given an option to pay a fee (double dipping by the manufacturer) or be told "your vehicle is no longer supported"

    How do we ensure that exercising your GDPR rights doesn't force you to brick your car?

    1. Doctor Syntax Silver badge

      Re: Software not designed for a secondary market

      "How do we ensure that exercising your GDPR rights doesn't force you to brick your car?"

      I think if that happened it would take the fines into the top tier.

    2. MachDiamond Silver badge

      Re: Software not designed for a secondary market

      "In order to use the advanced features of this vehicle, please register at www.britishleyland.com" where they will be given an option to pay a fee (double dipping by the manufacturer) or be told "your vehicle is no longer supported"

      You've hit on another topic, no future support, that will be an issue in the years to come. What will you do when the car you bought with autonomous driving is 5 years old and the company no longer updates the software since it doesn't have the newest hardware to run it? With EV's, if the manufacturers don't install time bombs, they should last longer than an ICEV. Not many laser printers are supported on the latest OS's even though they are perfectly serviceable.

      1. SImon Hobson Silver badge

        Re: Software not designed for a secondary market

        Indeed, there's already a long line of case history to show the risks of that - ask Zune or Revolv hub owners !

  10. nrhw

    What about the manufacturers' rights to the data?

    Obviously a previous owner seeing the current owner's data is a potential GDPR breach, but I was wondering what the manufacturers' position is? Do they need to permission from the current owner of a vehicle to collect their data in the first place?

    If I buy a secondhand car, how does the manufacturer know the owner of the car has changed (and that they need to stop gathering data until they have permission from me) and how would I know that the car was connected and sending data to the manufacturer?

    1. Dazed and Confused

      Re: What about the manufacturers' rights to the data?

      If I buy a secondhand car, how does the manufacturer know the owner of the car has changed

      I think this is a key issue here. If the car is sold through the main dealer chain then they should know, sure. But if I sell a car privately do the manufactures have the right to know that I have sold it?

      It's sometimes hard enough to get the DVLA to recognise the change of ownership.

      I don't believe the DVLA pass on the information to the manufacturer so who is going to be responsible for informing them.

      What happens if there is a third party monitoring device?

      The second hand car we bought for our kid to learn on isn't connected as a standard feature but VW provide a module that plugs into the industry standard diagnostic port to collect data and then uses a app on the phone to upload things. So this shouldn't leak, but I can imagine a business providing many of the features of connected cars as an after market add on, if they included their own comms unit instead of relying on a phone and app, they'd face the same issue. Tracking devices already do this kind of thing.

      This looks like being a much wider issue that just the car manufactures.

    2. IsJustabloke
      Meh

      Re: What about the manufacturers' rights to the data?

      "If I buy a secondhand car, how does the manufacturer know the owner of the car has changed"

      I've driven a lot of FIAT group cars over the years, only two of which were bought from main dealers, yet somehow, the FIAT security register has always been aware of my ownership so somebody somewhere is connecting the dots as far as car ownership changing is concerned. I've never told them directly.

  11. yoganmahew

    Uxbridge English Dictionary

    Paramount = where you hang your parachutist after you've shot tthem

    Or "couldn't give a stuff while there's money to be made doing lowest cost development where they'll just do what the spec said, and the spec said nothing about security"

    The ICO or Advertising Standards should start looking at the product specifications for anything like this and see if security is mentioned at all and levy fines accordingly.

  12. andymcp

    Having been through the process of unlinking a car during a private sale (not JLR), even if the app has an ‘end ownership’ option, it also likely comes with an in-car registration that’s entirely separate. Hence you still get phone calls when the new owner sets the alarm off. Or reinstall the app after getting an alarm notification call to find it’s been happily collecting data attributed to you for months. Or have a few buttons that offer you the chance to remote unlock, remote start, remotely activate the alarm, send destinations....

    And revised ‘features’ get added at such a rate, or in-car systems updated so often, that nobody in the dealer, UK manufacturer customer service or outsourced service provider know how to identify the fault, far less fix it (because obviously you don’t have the car any more to check the manual).

    Still, if anyone here has a silver ****, registration **14 ***, and forgets their keys just give me a shout and I’ll let you in and start it up for ya. No charge.

  13. vtcodger Silver badge

    Just a Random Thought

    Just a random thought not specific to this story. More general. What are the chances that "We" -- society, software and hardware makers, purveyors of automobiles, etc -- are on our way to building complex systems that nobody can understand or fix?

    Imagine that your 2036 Belchfire 2000 is blinking all its lights -- internal and external and running poorly. First you try the internet and find that you aren't alone. Most posters are baffled except one guy who claims that rubbing SPF 50 sunscreen on the battery cables will clear the problem right up. It doesn't. Then you try the local mechanic. Sorry, he only does struts, belts, tires and mechanical stuff. So you take it to the dealer who replaces $2000 worth of electronic components over six visits before confessing that he has no idea what's wrong. The problem is escalated to the manufacturer whose major contribution seems to be repeated assurances that your problem is very important to them.

    What now Kimosabe?

    1. Anonymous Coward
      Anonymous Coward

      Re: Just a Random Thought

      Having sold a Renault Zoe electric car this spring, I can confirm two things about the car:

      1) It has the same problem at private sale as the Jaguar Land Rover vehicles. If I didn't know enough to disconnect my on-line account, I could track the new owner and perform all sorts of "fun" things. That is if the functions worked as advertised, which brings me to point 2:

      2) I had the Zoe for a year in Norway, where electric cars now out-sell fossil vehicles in a number of areas (including my area.) The repair stations see a lot of these cars, yet, I had 4 problems with the charging system over a year. One problem where I couldn't charge it, nor could the dealer, so I had to leave it for service: I didn't have enough power to get home and back again for a service appointment the next day.

      The Zoe is already too complicated to fix. A friend has the same car but was lucky and didn't get a monday-morning model. His works. Mine didn't.

      I would expect the dealer to be able to plug the car into the diagnostics system (or already have it in their system when I arrive) and say, "Oh, there is the problem." They have NEVER been able to tell me what the problem was! "We don't know. We reset the car." Wow!

      There are at least 2 reset features that the user can go through.(I think there are 3, but I am trying to forget that nightmare of a car!) Each time, I tried the reset features, but they didn't work. Apparently there are some other "dealer only" super-reset features.

      Who wants to buy a car where the dealer service techs can't find the fault?

      An aside: an electric car is absolutely amazing, when it works. Quiet at any speed. Extreme power from a standstill. Great in the snow. In theory, fewer bits to repair. Driving a hybrid after a year of electric really is downright archaic.

    2. Throatwarbler Mangrove Silver badge
      Holmes

      Re: Just a Random Thought

      I had a 1997 vehicle that developed an issue where the Check Engine light would not go off, resulting in me being unable to get the car to pass the smog inspection. I took it to the dealer, who spent multiple days and over 8 hours of actual mechanic time trying to find and fix the problem, to no avail. Ultimately, they gave me a list of four different recalibration steps for the onboard computer, each of which involved driving the car in various unnatural ways, including driving the car for at least 40 miles at exactly 45 MPH, IIRC. The steps worked and reset the Check Engine light, but it highlights the fact that the scenario you envision already existed 20 years ago!

    3. Doctor Syntax Silver badge

      Re: Just a Random Thought

      "on our way to building complex systems that nobody can understand or fix?"

      Aren't we there yet?

      1. MachDiamond Silver badge

        Re: Just a Random Thought

        " "on our way to building complex systems that nobody can understand or fix?"

        Aren't we there yet?"

        I think we have been for years. With products built so cheap that we just throw them away when the magic smoke comes out or replace entire subsystems (black boxes) to see if that fixes the problem, there are no "repair" manuals or procedures anymore. It also goes hand in hand with manufacturers refusing to provide servicing information due to paranoia about "the competition". The competition having already purchased one, stripped it down and done a full analysis on the mistakes that were made. It used to be that getting a service manual was expensive since it was a hefty printed volume. One would think that since that same manual is (or could be) a PDF with no printing or inventory cost, they should be readily available on a company's website forever. Why should Tesla be concerned that somebody is going to download all of the service information and build their own rather than buying one? The same goes for a TV or stereo set. There will be a few DIYr enthusiasts that will build their own of anything just to say they did, but they aren't an economic threat to anybody. As a matter of fact, those are usually the people that tend to add functionality and extend the design and publish what they did for free online with no patents. Presto, next year's model sorted.

    4. Anonymous Coward
      Anonymous Coward

      Re: Just a Random Thought

      Just a random thought not specific to this story. More general. What are the chances that "We" -- society, software and hardware makers, purveyors of automobiles, etc -- are on our way to building complex systems that nobody can understand or fix?

      Nonsense. If it is too complex, we'll build a complex AI systems that nobody can understand or fix in order to fix the complex systems that nobody can understand or fix.

  14. This post has been deleted by its author

    1. Version 1.0 Silver badge

      Re: Too Complicated to Ever Work

      Add in crap LED headlights too - this is why I'm still driving and paying good money for maintenance on my 12 year old SUV - no frickin' software in it other than the music player and the emission defeat system...

      1. Anonymous Coward
        Anonymous Coward

        Re: Too Complicated to Ever Work

        > Add in crap LED headlights too

        Aaargh! Don't get me started on those. You can buy a super-bright, 'tactical' LED torch and there is a big warning on the packet - do not shine directly into the eyes. Yet it's fine for a car manufacturer to put 5 such torches in a row on each side of the car, call them daylight running lights, and do nothing to block the direct glare. And this is bad enough in daylight - at night there is no (or apparently no) reduction in brightness.

        Have these car designers never been to a dentist? You know, those places where nice men and women manage to shine very bright lights into your mouth without blinding you in the process.

        1. Doctor Syntax Silver badge

          Re: Too Complicated to Ever Work

          "Have these car designers never been to a dentist?"

          Headlight design became a styling issue years ago. Optics? Never heard of them.

    2. SImon Hobson Silver badge

      Re: Too Complicated to Ever Work

      Have you noticed how bad the UI / UX is in cars?

      Oh yes, all the above and I'll add ... a UI designed i such a manner that you cannot do much at allwithout taking your eyes off the road, re-adjusting to the touchscreen off to one side of the driver, stab at the various on-screen controls till you get the right page and right control, and hope you didn't hit anything or anyone while you weren't looking where you were going.

      We used to have a couple of Citroen C4 pool cars at work - and they'd taken this to the extreme with (IIRC) not a single "real" control for the heating leading to some lengthy eyes off road sessions to setup the heating.

      And yes, the stupid DRLs that IMO are a road safety nighmare. OK, so pedestrians will be able to see you (but naff all else). But all road users will only be able to see the DRLs, unlit hazards like ... err pedestrians, animals, something that fell off a lorry, ... all become invisible while drivers are busy seeing the distracting DRLs.

  15. Roland6 Silver badge

    Paid and Unpaid Legal Advice...

    El Reg seem to have received unpaid legal advice:

    "It could be argued that Jag as data controller have failed in security principle over personal data of the old owner. But they will point to [the] contract [an] old owner signed."

    ...

    "In practical terms the problem Jag has is not having a fallback of remote deletion of data at the end of service contract where a private sale is not managed by their dealer and the old owner doesn't bother. Is it really so difficult to do that?"

    The solution that a solicitor would charge for:

    1) Jag modify the contract customers sign on taking on a vehicle: Customer consents to Jag letting selected third-parties such as subsequent owners of the vehicle have access to vehicle data; Customer can block access to the more personal data(*) by contacting Jag... Ie. it's your data, you, customer, are responsible for it.

    2) Jag ensure they have procedures in place to ensure that only verified new owners gain access to historical vehicle data.

    (*) Note I don't regard MOT and Service history as personal data.

    1. Doctor Syntax Silver badge

      Re: Paid and Unpaid Legal Advice...

      "The solution that a solicitor would charge for:

      1) Jag modify the contract customers sign on taking on a vehicle: Customer consents to Jag letting selected third-parties such as subsequent owners of the vehicle have access to vehicle data"

      The solicitor would need good public liability insurance. That tack would break the rules on opt-out.

      1. Roland6 Silver badge

        Re: Paid and Unpaid Legal Advice...

        >That tack would break the rules on opt-out.

        Only if the choice is incorrectly presented - I seem to remember the MS Windows 10 EULA got a green light, but that was before GDPR came into force...

        If the customer doesn't consent then it has to be clear that in the absence of an automated process (eg. part of the V5c change of keeper) they, the customer, are responsible for notifying the manufacturer of when they dispose of the vehicle so that their instructions can be honoured.

    2. Oengus

      Re: Paid and Unpaid Legal Advice...

      Jag modify the contract customers sign on taking on a vehicle: Customer consents to Jag letting selected third-parties such as subsequent owners of the vehicle have access to vehicle data;

      Isn't the actual issue that the subsequent owners don't have access to the data. The new owner has no contract with Jag and has no access to any data without the original owner performing an action. The original owner has all of the access, regardless of the number of times the vehicle changes hands, until the original owner relinquishes their rights.

      1. Roland6 Silver badge

        Re: Paid and Unpaid Legal Advice...

        >Isn't the actual issue that the subsequent owners don't have access to the data.

        That is how the problem manifests, but not the real issue. As the new owner, it should be possible for them to produce the V5C to a dealer/manufacturer along with relevant id and for them to be granted access to the vehicle data, without having to involve the previous owner. This can be achieved by having the original owner signing relevant consents at the time of original sale; no consent then only limited data ie. data supplied by dealerships will be available to the new owner.

        The only real issue that arises is where the new owner doesn't bother registering their interest in the vehicle with the manufacturer and the original owner also doesn't tell the manufacturer, in this instance the manufacturer will be collecting data from a third-party without their explicit consent... I suspect the solution to this will be to include in the V5c change of keeper service, a service similar to the "Tell us once" notification of death services, whereby DVLC (with the original/new keeper's consent) inform the manufacturer of the change of keeper and thus the manufacturer can block access to vehicle history until such time as a new keeper/owner registers their interest.

        My oblique point was that solicitors will freely tell you what the problems are, but will only tell you about solutions once paid; the contribution from the solicitor clearly gave no hint of how the problem might be solved other than . I suspect that the solution to the GDPR compliance problem is actually very simple, even if it requires a little careful thought and walking through the various change of owner/keeper scenarios.

  16. LucreLout Silver badge

    What am I missing?

    Why can the car not simply detect the absence of the previous owners phone for a number of engine starts, then disconnect it automagically?

    I can well imagine the potential for spousal abuse & snooping that being able to follow "your" cars position data and resting places would open up. I can see advantages too - I'd quite like to be able to geofence my car in relation to my mobile phone - it'd make nicking it without a low-loader much more difficult.

    Given the pace of development of connected / hi-tech cars, and the lack of a clear regulator to ensure consumers are protected (ICO does some of the data bit, DVLA does some, VOSA does others, but who does the rest?), perhaps its time the government created a new regulator or gave one of the others primacy and responsibility for all matters relating to automotive technology?

  17. vtcodger Silver badge

    One thing that MIGHT, and I emphasize MIGHT, help is for developed countries plus China and India to pass laws that require the various subsystems -- power train, location/performance monitoring, entertainment -- be segregated and interface to the, for want of a better term, corporate spying module (CSM) through standardized interfaces. The laws should require that the vehicle be drivable and meet all safety and pollution standards using a standard integration module costing no more than $100 in place of the CSM. Hopefully that would allow a buyer of the vehicle to keep the existing CSM, install a new manufacturer CSM with all the nifty features if they chose, or to simply replace the CSM with a cheap third party integration module and get on with their life

    The idea as I've presented it is probably unworkable. But maybe with some tinkering ...

    1. Ogi

      > The idea as I've presented it is probably unworkable. But maybe with some tinkering ...

      Actually no. It is perfectly workable. In fact that is how cars in the 90s were made. Lots of discrete systems and components, hanging of a bus and communicating with each other (except without the "CSM", because who would want that in a car?). It was perfectly possible to disconnect/replace the traction control/ABS/Engine/Transmission ECUs and still have the rest work. Which is why these cars make excellent doners for kit/replica cars nowadays.

      Try to use any important bits from a modern car in a replica or kit car and you will find it a massive PITA, usually all the core bits are intergrated into one master ECU, and removing/changing bits and pieces makes the whole thing throw a wobbly and refuse to work. Getting such hardware to work usually involving making your own hardware/software equivalent systems, which is usually too expensive to be worth it.

      This started from the 2000s onwards, integrating things like transmission, engine and anti-lock brake ECUs into one. Slowly they took this to the extreme, where it is pretty much impossible now to disconnect a single part of a cars system without the whole thing failing. A bunch of enterprising chaps have developed "defeat devices" for some of these systems, which fool the ECU into thinking the original system is still present, but even that is getting harder and harder to do, especially with the CSM module being tightly integrated. I guess they would not want you defeating that easily.

      From my perspective, I would never want to buy a car that is always on connected, or that has a data plan and a privacy statement for your collected data, so I guess I will stick with pre-CSM cars.

      As per your suggestion, what should be made a requirement is the ability to disconnect/replace any such CSM modules from a car and have it still work (personally I would like to go back to the 90s "distributed ECU" model, with modern components). It is technically feasible to this , but I strongly suspect that governments and the powers that be would not want it to be made easy.

      Too much potential benefit for them to be able to ask the car manufacturers for backdoor access to historic vehicle data (or possibly direct vehicle access), especially if non-compliance could result in said manufacturer not being able to sell in that market.

      1. vtcodger Silver badge

        "without the "CSM", because who would want that in a car?"

        That's where stuff like GM's On-Star system and probably parts of Tesla's "Autopilot" live along with the pernicious telemetry unit? Manufacturer "enhancements" over and above basic wheels. Some of them may actually have some value to some car owners.

    2. MachDiamond Silver badge

      Replaceable CSM?

      No chance of a separate and replaceable Corporate Spying Module. In the age of big data, auto manufacturers want the revenue stream from selling your data just like Google and Facebook get.

  18. Anonymous Coward
    Anonymous Coward

    Paranoid Android here......

    ......also known as Paranoid Apple.....

    *

    .....but WHO ELSE is listening to all this connected data? Perhaps the car manufacturers, like all the communications companies, have secret deals with a four-letter organisation in Cheltenham? Perhaps all of the above have a vested interest in tracking all this data?

    *

    OK....my nurse says I need to take my meds.....never mind....

  19. Anonymous Coward
    Anonymous Coward

    I'm willing to bet that when most people buy a car they don;t read the contract from top bottom. I can see it now . When you but the car they will ad a clause that says they have the right t collect this data and that when you sell the car you have to tell them and you are liable for the data collected on the third person or some bull shit like that . Yep some lawyer will add some bullshit weasel terms that will have to e tested in court .

  20. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921 Bronze badge

    Computers have ruined everything about cars - I used to be able to just nip out to the local scrappie to replace a busted 1980 Ford Cortina headlight - now I have to get some engineer to tell my car that it has a new headlight using expensive software before it can assume it's head lighting duties. The mechanic has to be approved by the car manufacturer's appointed maintenance arm, after paying for a course on how to use the software. Even after all that some red light will fire up on the dash inexplicably because of software bugs. Like I said, ruined is the modern car.

    1. Anonymous Coward
      Anonymous Coward

      Which is why when I bought a car with all that crap in it the computer and all associated bets were removed and replaced with real parts even if it did mean making them - example, fuel injection removed and replaced with an inlet manifold and twin carbs. All the other junk and sensors were dumped as well and I ended up with better mileage per litre and much better emissions figures at the last CT test, the guys at the test station did a little head scratching when they couldn't find anywhere to plug their equipment in though.

  21. Chris Evans

    Service history is very useful.

    Knowing the full service history of a car can be very useful. I bought a car a few years ago and the paper service history showed it had been regularly maintained but didn't mention that the cam belt had been changed when it should have been. I tried contacting the garage the previous owner had used and they were going to get back to me but never did. I crossed my fingers but a few months latter one broken cam belt and I had to write the car off.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019