Tesla: The ultimate example of data privacy vs convenience – Stacey on IoT
Three months ago, we downgraded from two cars to one. That one is a 2022 Tesla Model 3. We absolutely love it, and so far, it’s met or exceeded all of our expectations. It’s a very connected car, of course. Yet, unlike most connected devices we purchase, we didn’t really review the data privacy implications of owning a Tesla before we ordered it.
So why am I thinking about it now, when it’s too late to do anything about it? A series of articles on Tesla’s data collection and data usage from IEEE Spectrum reminded me of something I shouldn’t need reminding about when it comes to data privacy vs. convenience.
For example, I can’t say I’m surprised that my Tesla logs a “breadcrumb GPS trail of every trip it makes.” It’s a connected car with nearly 10 cameras, internal GPS, and mobile broadband radios. Tesla has its own navigation system based on Google Maps and surely uses GPS data from its fleet to improve that system. I don’t have an issue with that, as Apple CarPlay and Android Auto navigation solutions do the same.
Tesla’s privacy terms are clear in this particular use case, saying the data is anonymized:
Tesla does not associate the vehicle data generated by your driving with your identity or account by default. As a result, no one but you would have knowledge of your activities, location or a history of where you’ve been.
That sounds reassuring except for one key point: Tesla really can’t de-anonymize location data if it wants to effectively use that data to improve its services. Nor can Tesla owners use all of the car’s services if they choose not to share their data.
I declined all the privacy sharing options recently on my car, and I immediately lost the ability to have the car reroute me based on traffic, for example. That’s an important feature for me, so I went back to sharing my data.
Indeed, IEEE reports that a Tesla owner, who’s also an engineer, found many instances of such data tied to a specific vehicle owner being sent to Tesla’s servers. In other words, there’s no independent verification of what Tesla claims its location-based data privacy practice actually is.
Tesla also makes no mention of its cars’ “Shadow Mode.” According to the same engineer, Shadow Mode simulates the driving process while the human driver is actually driving. By finding deviations in the simulated full self-driving mode, Tesla can improve its self-driving feature.
We didn’t opt for full self-driving mode, although the Tesla we bought is equipped to add it in the future. Our Tesla has all of the necessary cameras, sensors, and the processing hardware to enable full self-driving mode. I simply didn’t feel the $12,000 optional cost was worth it. However, Tesla does offer one-month subscriptions to full self-driving mode for $199. Originally, that’s something I might have paid for if I were going on a long road trip, but now that I know about Shadow Mode and that my driving data may not be anonymized, I’m rethinking that option.
Telsa also shares some of the car data, and I’d like to know more about that. Tesla says it only shares the data with third parties if you authorize such sharing. It may use the data for offering services through Tesla or through its service providers and affiliates, but I have no idea who those groups are. Most importantly, Tesla will share vehicle data with “other third parties as required by law.”
Clearly, this data isn’t encrypted either. Or if it is, Tesla has the encryption keys. We know this because this data has been used in criminal investigations, according to IEEE Spectrum. A bank robber used a Tesla as a getaway vehicle, later captured thanks to historical and real-time GPS data provided voluntarily that may have been supplied by Tesla.
Now I don’t rob banks as a general rule of thumb. However, what guardrails are in place to prevent a surveillance state tracking me like I was one?
Moving away from traditional data, there’s also the elephant in the Tesla: Multiple cameras, both outside and inside the vehicle.
This was a real sticking point for my family, but only after we took delivery of the car. After a few weeks of ownership, I was showing them some of the Tesla features and pointed out the interior cameras. Had we not been driving 50mph, I think my wife and daughter would have jumped out of the car.
They’ve already made it clear to me that they don’t want connected cameras inside our smart home. And I respect that. But they don’t want them in their car, either. There’s nothing I can do about that.
Unfortunately, all of the camera recordings are covered under Tesla’s privacy terms. So those recordings fall under the data that’s already being shared with the company. Do I think Tesla engineers are sitting around watching short films of random Tesla drivers? No, I don’t. But that doesn’t matter to my family.
When reviewing the in-car data sharing options, I did find one that prevents the cameras from being used, so we don’t have to cover those up. Of course, if we’re in a crash and those cameras are off, some key information about the crash’s cause could be lost. So, I’m back to sharing my data and keeping the cameras on because of that.
At the end of the day, I’m still happy with our Tesla. So, too, is my family, even if they have some reservations on how their privacy might be compromised.
However, I would like to see Tesla be more forthcoming about what third-party “service providers and affiliates” can access the data, and what they can do with it. Aside from that, our Tesla simply wouldn’t be the same car if we opted not to share our data. As a result, we’ll continue sharing the data because the sensor and the data contribute so much to the experience. As Tesla’s competition ramps up, even more people will have to face the same privacy challenges. It’s probably better to think about it now rather than when you’re so excited by the shiny new vehicle that this becomes an afterthought.
As always, it all comes down to the balance between data privacy and convenience, or value, that a connected device brings. If the Tesla was some random smart home sensor or gadget, we might have passed on the purchase. But it’s a truly smart vehicle that makes us feel safe, while at the same time offering some compelling features.
For us, at least so far, the latter points outweigh the data privacy aspects. Even so, we’ll be watching over time to see just how and where the data from our connected car is being used, and by whom.