Consumer group Choice takes aim at Toyota over private data collection
Choice has slammed Toyota, Kia and Hyundai as the worst handlers on Australian customer's data. Photo: AAP
Consumer group Choice has knocked Toyota over its data-collecting policy and the sharing of information with third parties like debt collectors and insurance companies, while calling for stronger safeguards on personal data.
Rafi Alam, Choice senior campaigns and policy adviser, said Toyota’s connected services policy means if you do not opt out it will collect and use personal and vehicle data for research, product development and data analysis.
“It may also share the data with third parties, such as debt collectors or insurance companies,” he said.
“Toyota says it needs consent to share your information in some cases, but Toyota’s policies are incredibly vague about what actually counts as consent.”
Toyota’s privacy policy allows the widespread collection of information, including – but not limited to – names, date of birth, contact numbers, emails, residential and business addresses, vehicle information, location, employment details and history, marital status and IP addresses.
The collection and misuse of personal data within the car industry has raised alarms in the past, with most companies collecting swathes of data and allowing it to be shared with third parties because consumers ‘consent’ to its use when agreeing to privacy policies.
History of leaks
A TND investigation in October found that Toyota wasn’t the only major car company with privacy policies that put their customers at risk, but the manufacturer – which has the largest market share in Australia – has leaked private data in the past.
Toyota left Oceania and Asia customer data publicly accessible between October 2016 and May 2023, with names, addresses, phone numbers, email addresses, and vehicle information available on the internet.
A spokesperson for Toyota Motor Corporation Australia (TMCA) told The New Daily that it collects data from customers to support sales, after-sales service, warranty requirements, research and product improvements, but does not “routinely collect data that is defined as sensitive information under the privacy act”.
“TMCA uses a broad range of security measures to protect this data including internal access limitations, data encryption, anonymisation strategies and the use of secure servers located in Australia,” the spokesperson said.
“Where data is held in overseas locations, it is done so in line with Australian law.”
The spokesperson said that reasonable steps are taken to protect customer data from misuse, data is not sold to third parties, and when “identifiable data is shared with third parties, it is done so with the consent of the individual”.
Privacy v deposit
Choice spoke to a Toyota customer who, after spending $68,000 on a HiLux, became aware of Toyota’s connected services.
“Mathew told us the more he looked into the policy, the more uncomfortable he felt having this technology in his car,” Alam said.
“He asked Toyota if the technology could be removed – not simply deactivated – prior to picking up the car, but they said removing it would void the warranty, and his insurance would likely also be at risk.”
One customer who bought a HiLux changed his mind after reading Toyota’s privacy policy. Photo: AAP
Toyota refused to refund his $2000 deposit when he cancelled his finance and didn’t pick up the car, but was eventually refunded after Choice sent questions to Toyota Australia.
Alam said privacy problems are becoming a real issue with cars and people shouldn’t have to give up their privacy rights to purchase a new vehicle.
“Car companies say these technology features increase driver safety, but in a world of data hacks and sharing, it’s just another way for companies to gather valuable information, whether consumers like it or not,” Alam said.
“The government urgently needs to introduce stronger safeguards and prohibitions on the collection and use of this kind of highly personal data.”