It’s likely no longer a surprise that companies collect location data from cars’ onboard navigation and through devices. But a government report detailed that these companies might not be doing enough to protect people’s privacy and are not always telling consumers when their data is being used for purposes other than location-based services.

The Government Accountability Office report issued Monday evaluated 10 auto manufacturers, GPS device companies and navigation app developers — including Chrysler, Ford, GM, Nissan, Toyota, Garmin and Google Maps — as more privacy groups and lawmakers have expressed concerns about how location data is collected and used.

“All 10 selected companies have taken steps consistent with some, but not all, industry-recommended privacy practices,” the GAO’s report summary explained. “In addition, the companies’ privacy practices were, in certain instances, unclear, which could make it difficult for consumers to understand the privacy risks that may exist.”

Data collection from GPS_GAO

A figure from the GAO’s report showing how data is transmitted from in-car systems all the way to third parties. The report said car manufacturers and navigation system companies are doing some but not enough to protect consumer privacy and inform them about data use. (Image source: GAO)

The investigation found all companies tell consumers about data collection and sharing practices, but it considered nine companies’ explanations for data collection “broadly worded.”

“Without clear disclosures, risks increase that data may be collected or shared for purposes that the consumer is not expecting or might not have agreed to,” the GAO wrote.

The companies ensured consumer consent to collect data was given and some control over location data was provided, according to the report. But as for data retention, the report said companies didn’t allow consumers to request their information be deleted, which it noted is a recommended practice.

“Without the ability to delete data, consumers are unable to prevent the use or retention of their data, should they wish to do so,” GAO wrote.

As for privacy safeguards, the report identified privacy risks to consumers in some cases where data could be “re-identified and exposed.”

“The good news is that even in the absence of a federal law … we found that all of them were taking some steps consistent with recommended privacy practices to protect location data,” Lori Rectanus, who led the GAO report, told MLive. “The bad news is that they still might be doing some things that consumers may not be aware of.”

Echoing the findings of the GAO report, Sen. Al Franken (D-Minn.) said that it’s clear companies have made strides in consumer privacy protection but still they leave something to be desired.

“Modern technology now allows drivers to get turn-by-turn directions in a matter of seconds, but our privacy laws haven’t kept pace with these enormous advances,” Franken said in a statement.”Companies providing in-car location services are taking their customers’ privacy seriously—but this report shows that Minnesotans and people across the country need much more information about how the data are being collected, what they’re being used for and how they’re being shared with third parties.”

As a result of the report, Franken is reintroducing the Location Privacy Protection Act, which passed in the Senate Judiciary Committee in Dec. 2012.

“It’s just commonsense that all companies should get their customers’ clear permission before they collect or share their location information,”Franken said.

Read the full report.

Featured image via Shutterstock.

(H/T: Daily Mail)