When you rent a car at the airport, use a car-share for a family day trip, one of the first things you are likely to do before setting off on your journey, is to connect your phone to the car. You switch on the Bluetooth and see a list of other people’s phones that were previously connected - Mike’s iPhone, Samsung Galaxy, Bikerboy_Troi, Dee Dee. You input your journey into the navigation, perhaps noticing stored locations of previous drivers.

Seems fairly innocuous? Wrong. Your name and navigation history is valuable personal information. The UK Metropolitan Police Agency's “Digital Control Strategy” identifies infotainment systems in cars, which store this information, as a new forensic opportunity. Combine this information with a bit of open source intelligence, such as social media profiles, and you can track down individuals. In fact, a car owner in Baltimore did just this when he used device names stored in the paired device list on his Jeep’s Connect system to track down teenagers on Instagram who took his car for a joy ride.

The car industry is undergoing seismic change. Autonomous vehicles grab the headlines. Yet in conversations around the Internet of Things, the increasingly connected nature of transportation receives insufficient attention. The focus is on the home and work place. Yet cars, still considered private places, are the next gold rush for data miners, with a variety of different companies hungry for your data. Thus, there are a wide variety of privacy-related implications of connected cars, from those that are super connected, to those with basic infotainment systems.

At present, car owners have little understanding or control over the data their cars generate about them, who can access this information, and how it is being used, shared, and sold to data brokers. However, missing from the debate are the implications with respect to the older car rental industry and newer car sharing schemes.

While the rental companies Privacy International reached out to claimed they do not currently benefit from infotainment system data, a wide variety of companies are vying with manufacturers to capitalise on the exploitation of drivers’ data. BVRLA, the trade body for the vehicle rental and leasing sector, stated in a policy update that “the industry is experiencing an explosion in the amount of data that is generated and processed. It is heralding a new era of technological and business convergence involving OEM’s, mobile network operators, insurers, software companies and fleet operators (i.e. car rental companies).

Collecting, analysing and delivering services based on this data will be a key revenue stream.” Privacy International believes that people are given little information or choice on how they can safeguard their information, particularly in relation to the most basic of protections: protection from other car users, whoever they may be. With cars increasingly asking if to download your phonebook, that have facilities for you to make and receive calls, and to message, browse the internet, and stream media, the trove of data on infotainment systems will only increase.