Cars have terrible data privacy practices

“Privacy not Included” is a kind of product guide created by Mozilla. The sole focus of the guide is the privacy of the products, or as is more often the case, the lack of privacy. They recently presented a car report titled “Privacy Nightmare on Wheels“.

As you can guess from the title the results are not good. What you might not guess from the title, though, is that cars are the worst category the experts have looked into since 2017, when the program initially took root. The worst news is that there is almost no vehicle manufacturer that inspires confidence. BMW, Ford, Toyota, Tesla, Subaru, Renault, Dacia, Fiat, Jeep, Chrysler, Dodge, Volkswagen, Lexus, Lincoln, Audi, Mercedes-Benz, Hinda, KIA, Chevrolet, Buick, GMC, Cadillac, Hyundai, Nissan and Tesla were just some of the vehicles that were part of the research.

Photo by Jeff Tumale on Unsplash

All of the car models, without exception, have earned the “Privacy Not Included” seal of disapproval.

All vehicle manufacturers collect too much data

Mozilla investigated 25 vehicle manufacturers and shed light that all of the companies are collecting more user data than necessary. In comparison, the next product on the list in this category is mental health apps. The situation is bad there too, but 63% of products collecting more data than necessary might change your perspective on the situation.

The gist is: they can collect super intimate information about you – from your medical information, your genetic information, to your “sex life” (seriously), to how fast you drive, where you drive, and what songs you play in your car – in huge quantities. They then use it to invent more data about you through “inferences” about things like your intelligence, abilities, and interests.

If case you’re curious, Nissan and KIA are the two manufacturers that have a “sexual activity” in the categories of data they collect.

84% of manufacturers share or sell data

As if it wasn’t bad enough that vehicle manufacturers go overboard with data collection and then share this data, 76% of manufacturers sell the data. As many as 56% of the companies answered that they can share data with government officials or law enforcement only upon request. Which means no court order is needed for monitoring.

The data in question refers only to the personal data of the owners. Anonymized data and aggregated data may also be shared.

92% of manufacturers do not give vehicle owners any control over how the personal data is used

All but two of the 25 car brands we reviewed earned our “ding” for data control, meaning only two car brands, Renault and Dacia (which are owned by the same parent company) say that all drivers have the right to have their personal data deleted. We would like to think this deviation is one car company taking a stand for drivers’ privacy. It’s probably no coincidence though that these cars are only available in Europe — which is protected by the robust General Data Protection Regulation (GDPR) privacy law. In other words: car brands often do whatever they can legally get away with to your personal data.

The researchers could not determine whether any of the manufacturers met the minimum standards

The most devastating thing about this case is that Mozilla researchers could not conclude whether any of the cars met the minimum standards. What is certain is that Tesla is only the second product to fail any of Mozilla’s checks. Previously, an AI chatbot managed to be the first product to do this. Tesla owners have another reason to worry, and that is unreliable artificial intelligence. The brand’s artificial intelligence was reportedly involved in 736 crashes, and 17 deaths.

Photo by Priscilla Du Preez on Unsplash

When it comes to privacy, experts have not been able to determine whether any of the car brands encrypt all of the personal information in the car. With the exception of Mercedes-Benz, Honda and Ford, the rest of the companies did not respond to this line of inquiries. The companies that actually did, provided incomplete answers.

A failure to properly address cybersecurity might explain their frankly embarrassing security and privacy track records. We only looked at the last three years, but still found plenty to go on with 17 (68%) of the car brands earning the “bad track record” ding for leaks, hacks, and breaches that threatened their drivers’ privacy.
Notify of
Inline Feedbacks
View all comments