[isodev]

It was totally predictable, unfortunately.

At least in the EU it’s quite illegal and even if a car maker slips something in, GDPR is always there so one can request a copy and have it deleted. Wish the regulation was even stricter though.

[nbernard]

At the same time, EU mandates that new cars must have a system able to call help if it detects a crash with the driver not responding... And I suspect most manufacturers will argue that telemetry data are not PIIs until taken to court, so since they have to put a cellular connection anyway, why not use it?

[Summershard]

You actually don’t need any data plan to call emergency services, 112 is literally baked into the GSM standard. As long as the phone (or car) can connect to a network, it can call 112. It doesn’t even need a SIM card.

A side note, though. This SIM-less emergency calls are blocked in some countries because there were a lot of fake calls. Some other countries put such calls on a less important list of calls. Many countries in EU do allow them, though.

So, car manufacturers could just put in the cellular capabilities without connecting to any network. They just don’t want to.

[mrweasel]

When Cariad had a data leak, they were really quick to point out that no payment information had been leaked. That really shows how little they understand about PII. Screw the payment information, I'll just cancelled that card and get any abused funds refunded by my bank, that's not neither my problem nor my concern.

For some strange reason most companies do not understand the inherent danger of having e.g. location data and behavioural patterns leaked. That's much much worse than you stupid debit card number.

[isodev]

There is a very clear definition of PII so I don’t see this being a problem

[drnick1]

The GDPR is a joke. It does not prevent the real problem (data collection). Tech companies can in principle be fined for misusing your data, but most companies won't get caught or will simply pay the fine.

[isodev]

GDPR is useful because it defines what must be protected (or avoided). It’s straightforward to do the right thing as a company.

To make it stricter or pack a bigger punch, there needs to be stronger mandate for such legislation. And we live in interesting times… wars, previously democratic allies disintegrating, useless right wing or russia-aligned governments and MEPs, etc…

So yeah, could be better but all you and I can do is talk to our MEPs, help inform people outside tech, vote this way and hope enough people share the concerns

[hsbauauvhabzb]

How does this work with Europeans who are not based in GDPR regions? As far as I know, they still count, are these systems collecting data about them illegally?

[egorfine]

There is:

a) Zero trust in the car manufacturers to really respect GDPR

b) Zero repercussions for actually stealing my PII. Okay, maybe VW will pay a minuscule fine, but they won't