Would You Like the Data Theft Option with that Rental Car? - IP Blog
September 07, 2016

Authored by Shane Olafson

According to a recent Federal Trade Commission (“FTC”) blog post, consumers should think twice before connecting their cell phones to a rental car.   The FTC warns that the vehicle could record all kinds of data, including your personal contacts, location, web browsing, and even your text messages.

This blog post written by an FTC staff attorney explains that so-called “connected cars” can access and record users’ cellphone data, and retain that data for an indefinite period.  “Unless you delete that data before you return the car, other people may view it, including future renters and rental car employees or even hackers,” explains the FTC.  As someone who frequently rents cars, I can vouch for this personally.  I have rented cars on numerous occasions where the car’s address book was populated with a previous customer’s contacts. 

To reduce the risk of data theft, the FTC recommends consumers take certain steps such as using the car’s cigarette lighter to charge devices instead of the USB port, checking the permission settings on the car’s infotainment system and restricting access to any data you don’t want taken, and deleting your data from the system before returning the rental car.

While these may be prudent tips, they beg a larger question:  Why are rental cars allowed to collect such information in the first place?  This seems to be an ideal case for lawmakers or state attorneys general to mandate privacy-by-design: Perhaps car rental agencies should be forbidden from collecting phone data in the first place, or at a minimum from retaining such data after the cars are returned.  But unless and until that happens, caveat emptor.

Related Services

Related Industries