by Mark Hackman
OnStar has begun notifying customers that it may continue to collect and use information about the vehicle even if the customer terminates his or her subscription.
In a privacy notice that will take effect this December, OnStar said that it would collect data as long as a data connection was active, including such details as the location and speed of the vehicle, as well as such fine-grained details as the odometer readings and tire pressure.
The privacy statement lists it as being effective as of Dec. 2011, although the statement also notes that the changes were made to the January 2011 privacy statement.
In the privacy notification, OnStar said that it will share the information it collects with credit card processors and data management companies, as well as roadside assistance providers, emergency services providers, law enforcement, and wireless and satellite service providers.
The data collection can be halted, however; OnStar must deactivate the data connection. "Unless the Data Connection to your Vehicle is deactivated, data about your Vehicle will continue to be collected even if you do not have a Plan," the privacy policy states. "It is important that you convey this to other drivers, occupants, or subsequent owners of your Vehicle. You may deactivate the Data Connection to your Vehicle at any time by contacting an OnStar Advisor."
What data does OnStar collect? The company provides a detailed list:
OnStar collects basic contact information, billing information with credit-card information, and details of the car, such as the make, model, and vehicle identification number (VIN);
vehicle information, including diagnostic trouble codes, oil life, tire pressure, and fuel economy, as well as when your fuel was last refilled;
crash information, including the direction of the crash, whether air bags were deployed, and whether the driver and passenger were wearing their seat belts;
anonymized location information, such as the location and speed of the car, via the installed GPS.
In the latter case, OnStar begins by saying that it only collects the GPS location of the vehicle in case of a crash, or lost vehicle. But it also adds that it may collect the information "when needed by us or our Service Providers for our quality, research or troubleshooting purposes" or simply "for any purpose, at any time, provided that following collection of such location and speed information identifiable to your Vehicle, it is shared only on an anonymized basis."
OnStar also collects information on the details of calls made by the associated Hands-Free Calling service.
In July, OnStar launched the OnStar FMV, an aftermarket rear-view mirror with the OnStar service built in. In July, OnStar also added the capability to track their own cars with a beta service. Ford, which competes against OnStar with its Sync service, also recently announced the capability to allow users to call its customer service centers from within the vehicle to inquire about business addresses and phone numbers.
Whether or not OnStar really anonymizes the data is irrelevant, according to Jonathan Zdziarski, a senior forensic scientist at Via Forensics who wrote about the change in the policy.
"This is too shady, especially for a company that you're supposed to trust your family to," he wrote. "My vehicle's location is my life, it's where I go on a daily basis. It's private. It's mine. I shouldn't have to have a company like OnStar steal my personal and private life just to purchase an emergency response service. Taking my private life and selling it to third party advertisers, law enforcement, and God knows who else is morally inept. Shame on you, OnStar. You disgust me."
OnStar also noted that customers with concerns can email its privacy manager at privacymanager@onstar.com, or call the company at (877) 299-1372.
OnStar representatives could not be reached for comment after hours.
Source;
http://www.pcmag.com/article2/0,2817,2393378,00.asp#fbid=8G2XIIvcyWG
