This results in very personal information being collected
A study has found that some car manufacturers collect extensive personal data on drivers, even including their sexual activities.
Manufacturers have been bragging about their cars being “computers on wheels” for years.
And while many are worried that our doorbells might be spying on us, car brands have quietly turned their vehicles into powerful data-consuming machines.
Mozilla Foundation conducted a study of 25 car brands and found they all failed consumer privacy tests.
Here is what the study found.
They Collect Too Much Personal Data
While other things like mental health apps collect a lot of personal data, car companies have many more data-collecting opportunities.
They collect personal information from how you interact with your car and the connected services you use in your car.
It also uses the car’s app, which provides a gateway to information on your phone.
Even more information about you can be gathered from third-party sources like Sirius XM or Google Maps.
This results in very personal information being collected in huge quantities.
This ranges from where you drive and what songs you play in the car to more intimate information such as medical information to even your sex life.
Car manufacturers then use it to invent more data about you through “inferences” about things like your intelligence, abilities and interests.
Is your Data Shared or Sold?
The research found that 84% of the studied car manufacturers said they can share the personal data with service providers, data brokers and other businesses drivers know hardly anything about.
What’s more concerning is that 76% revealed they can sell the data.
Fifty-six per cent also said they can share personal information with law enforcement or the government in response to a “request”, which can be something small.
The willingness of car manufacturers to share your data has the potential to cause real harm.
Mozilla says they only know what companies do with personal data is because of the privacy laws that make it illegal not to disclose that information.
So-called anonymised and aggregated data is likely to be shared too.
Worryingly, the study found that 92% of the researched car manufacturers give little to no control over their personal data.
Only Renault and Dacia say that all drivers have the right to have their personal data deleted.
But it is no coincidence that these cars are only available in Europe, which is protected by the General Data Protection Regulation (GDPR) privacy law.
Do the Car Brands meet Security Standards?
Mozilla found that while the 25 car brands had long-winded privacy policies, there is no confirmation that any of them meet their Minimum Security Standards.
It is not known whether any of the car manufacturers encrypt all of the personal information that sits on the car.
Based on research over a three-year period, 68% of the car brands had a bad track record for leaks, hacks and breaches that threatened their drivers’ privacy.
What the Data Revealed
Out of the 25 car brands, Tesla was the worst offender when it came to privacy.
But what sets it apart from the other brands is its “untrustworthy AI”.
Tesla’s driver-assistance system, also known as Autopilot, has reportedly been the cause of 736 crashes since 2019, with 17 deaths.
It is currently the subject of multiple government investigations.
In 2021, Tesla said cameras were disabled in China after the vehicles were banned from Chinese military facilities because of supposed security concerns.
Nissan is second-last for collecting some of the more creepy data categories.
They have said they can collect and share your sexual activity, health diagnosis data, and genetic information and other sensitive personal information for targeted marketing purposes.
But not to be outdone, Kia’s privacy policy also mentions they can collect information about your “sex life”.
A further six car brands say they can collect your “genetic information” or “genetic characteristics”.
None of the car brands discuss sharing information with the government or law enforcement.
But Hyundai’s privacy policy is a major red flag as it states they will comply with “lawful requests, whether formal or informal”.
What can you do about it?
There are a few steps to take to protect more of your privacy.
For example, you can avoid using your car’s app or limit its permissions on your phone.
Unfortunately, these steps are small compared to all the uncontrollable data collection.
This means that consumers’ choices when buying a car are limited.
People do not comparison-shop for cars based on privacy and they should not be expected to.
This is because there are so many other factors for car buyers such as cost, fuel efficiency and reliability.
Even if you have the funds and resources to comparison-shop for cars based on privacy, you will not find much of a difference.
According to Mozilla’s research, they are all bad.
Many people have lifestyles that require driving, therefore they do not have the same freedom to opt out entirely and not drive a car.
Car companies can manipulate your consent. Often they ignore it and sometimes they assume it.
Car companies do that by assuming that you have read and agreed to their policies before you even enter their vehicles.
Subaru’s privacy policy says that even passengers who use connected services have “consented” to allow them to use – and maybe even sell – their personal information just by being inside.
Meanwhile, Tesla’s privacy notice states:
“If you no longer wish for us to collect vehicle data or any other data from your Tesla vehicle, please contact us to deactivate connectivity.
“Please note, certain advanced features such as over-the-air updates, remote services, and interactivity with mobile applications and in-car features such as location search, Internet radio, voice commands, and web browser functionality rely on such connectivity.
“If you choose to opt out of vehicle data collection (with the exception of in-car Data Sharing preferences), we will not be able to know or notify you of issues applicable to your vehicle in real-time. This may result in your vehicle suffering from reduced functionality, serious damage, or inoperability.”
Some of the car manufacturers in the study take manipulating your consent a step further by making you complicit in getting “consent” from others, saying it is your responsibility to inform them of your car’s privacy policies.
The car industry has been focused on the shift from petrol and diesel engines to battery-powered vehicles in recent years.
However, it is evident that the bigger concern is the extensive data manufacturers collect as cars become increasingly connected to the internet and capable of autonomous driving.
Experts have predicted a massive rise in the sales of services such as music and video streaming as well as driver assistance and self-driving subscriptions.
Consultancy McKinsey has forecast that carmakers could make as much as £1.2 trillion in extra revenues by embracing new services ranging from ride-hailing to in-car apps and wireless software upgrades.
Carmakers are collecting driver habits but the fact that some are collecting extremely sensitive information that has nothing to do with driving is a concern.