How carmakers sell driver data to insurers | Kaspersky official blog
Early in the movie “The Fifth Element”, there is a sequence that shows the dystopian nature of the future world: Korben Dallas’s smart taxi fines him for a traffic violation and revokes his license. Back in 1997, this seemed like science fiction – and it was. Today it’s turning into reality. But first things first.
Not so long ago, we looked at the potential dangers associated with the amount of data modern vehicles collect about their owners. Then, even more recently, an investigation revealed what this might mean in practice for drivers.
It turns out that carmakers, through specialized data brokers, are already selling telematics data to insurance companies, who are using it to raise the cost of insurance for careless drivers. Most alarming of all, however, is that car owners are often kept in the dark about all of this. Let’s investigate further.
Gamification of safe driving with far-reaching consequences
It all started in the US when owners of General Motors vehicles (parent company of the Chevrolet, Cadillac, GMC, and Buick brands) noticed a sharp rise in their auto insurance premiums compared to the previous period. The reason, it transpired, was the practice of risk profiling by data broker LexisNexis. LexisNexis works with auto insurers to supply them with driver information, usually about accidents and traffic fines. But vehicle owners hit by the premium hike had no history of accidents or dangerous driving!
The profiles compiled by LexisNexis were found to contain detailed data on all trips made in the insured vehicle, including start and end times, duration, distance and, crucially, all instances of hard acceleration and braking. And it was this data that insurers were using to increase insurance premiums for less-than-perfect drivers. Where did the data broker get such detailed information?
From General Motors’ OnStar Smart Driver. That is the name of the “safe driving gamification” feature built into General Motors vehicles and the myChevrolet, myCadillac, myGMC, and myBuick mobile apps. The feature tracks hard acceleration and braking, speeding, and other dangerous events, and rewards “good” driving with virtual awards.
What’s more, according to some car owners, they didn’t enable the feature themselves – the car dealer did it for them. Crucially, neither General Motors’ apps nor the terms of use explicitly warned users that OnStar Smart Driver data would be shared with insurance-related data brokers.
This lack of transparency extended to the privacy statement on the OnStar website. While the statement mentions the possibility of sharing collected data with third parties, insurers are not specifically listed, and the text generally aims for maximum vagueness.
Along the way, LexisNexis was discovered to be working with three other automakers besides General Motors – Kia, Mitsubishi, and Subaru – all of which have similar safe driving gamification programs under names like “Driving Score” or “Driver Feedback”.
At the same time, another data broker – Verisk – was found to be providing telematics data to car insurers. Its automotive clients include General Motors, Honda, Hyundai, and Ford.
As a result, many drivers found themselves, in effect, locked into a car insurance policy with costs based on driving habits. It’s just that such programs used to be voluntary, offering a basic discount for participation – and even then, most drivers opted out. Now it appears that carmakers are enrolling customers not only without their consent, but without their knowledge.
According to available information, this is currently only happening to drivers in the US. But what starts in the States usually migrates, so similar practices may soon appear in other regions.
How to protect yourself from data-hungry cars
Unfortunately, there is no silver bullet to stop your automobile from harvesting data. Most new vehicles already come with built-in telematics collection as standard. And the number is only going to grow so that in a year or two these cars will make up more than 90% of the market. Naturally, the maker of your car won’t make it easy or even possible to turn off telematics.
If you’re ready to consider the factor of your car collecting data on you for third parties (or, in simple words, spying), then read our post with detailed tips on how you can try to get rid of surveillance by carmakers. Spoiler alert: it’s not easy and requires careful study of the documentation, as well as sacrificing some of the benefits of connected cars, so these tips won’t work for everyone.
As for the scenario described in this post of selling driver data to insurers, our advice is to search the in-vehicle menu and mobile app for a safe driving gamification feature and disable it. It may be called “Smart Driver”, “Driving Score”, “Driver Feedback”, or something similar. US-based drivers are also advised to request their data from LexisNexis and Verisk to be prepared for nasty surprises, and to see if it’s possible to delete information that has already been collected.
Kaspersky official blog – Read More