“Bad news: your car is a spy,” Gizmodo reported, citing new research from the nonprofit Mozilla Foundation that found new cars to be the worst category for privacy of any product it had ever reviewed since 2017. “If your vehicle was made in the last few years, you’re probably driving around in a data-harvesting machine that may collect personal information as sensitive as your race, weight and sexual activity.”
Skip advert
Mozilla’s *Privacy Not Included testers said they spent more than 600 hours researching the privacy practices at 25 of the top automakers in the U.S. and Europe. None of the automakers met the team’s minimum standards for data use and security, and most also got black marks on data control and privacy and security track records. “We can’t stress enough how bad and not normal this is for an entire product guide to earn warning labels,” Mozilla’s researchers wrote.
“Many people think of their car as a private space — somewhere to call your doctor, have a personal conversation with your kid on the way to school, cry your eyes out over a break-up, or drive places you might not want the world to know about,” said Jen Caltrider, director of Mozilla’s *Privacy Not Included project. “But that perception no longer matches reality. All new cars today are privacy nightmares on wheels that collect huge amounts of personal information.”
How do cars spy on you?
Automakers have been openly “bragging about their cars being ‘computers on wheels’ for years to promote their advanced features,” but those advanced features, mixed with internet connectivity, have turned new cars into “powerful data-gobbling machines,” Mozilla reported. Today’s vehicles have cameras facing inward and out, microphones, and a wide array of sensors. They collect or access your data when you pair your phone and when you use their apps, maps, and connected services.
Skip advertSkip advert
“Whenever you interact with your car you create a tiny record of what you just did,” Mozilla noted. Your car knows “when you turn the steering wheel or unlock the doors,” but it can also detect when you are “singing at the top of your lungs, engaging in hanky panky in the back seat, or driving to a domestic violence shelter.”
Skip advert
“Increasingly, most cars are wiretaps on wheels,” Albert Fox Cahn, a technology and human rights fellow at Harvard’s Carr Center for Human Rights Policy, told The Associated Press. “The electronics that drivers pay more and more money to install are collecting more and more data on them and their passengers.” There is “something uniquely invasive,” he added, “about transforming the privacy of one’s car into a corporate surveillance space.”
Why are cars harvesting your data?
When you read their voluminous privacy policies, as Mozilla did, “most major car manufacturers admit they may be selling your personal information — though they are vague on the buyers,” AP reported.
Of the 25 automakers, 84% said they can share your personal data — “with service providers, data brokers and other businesses we know little or nothing about” — and 76% said they can sell your personal data, Mozilla’s researchers said. “So while you are getting from A to B, you’re also funding your car’s thriving side-hustle in the data business in more ways than one.”
More than half said they can share your information with law enforcement or the government in response to a “request,” not a court order, displaying a “beyond creepy” eagerness to share your data, the *Privacy Not Included team added. “A 2023 rewrite of ‘Thelma & Louise’ would have the ladies in custody before you’ve had a chance to make a dent in your popcorn.”
Which automakers are the worst offenders?
Each of the 25 car brands — Subaru to Toyota, BMW to Mercedes, Chevrolet to Ford — “collects more personal data than necessary and uses that information for a reason other than to operate your vehicle and manage their relationship with you,” Mozilla’s privacy team said. But some brands were singled out for special mention. Tesla, for example, was “only the second product we have ever reviewed to receive all of our privacy ‘dings,'” after an AI chatbot.
Skip advert
Nissan had “probably the most mind boggling creepy, scary, sad, messed up privacy policy we have ever read,” Mozilla’s privacy team wrote. “Here’s why: They come right out and say they can collect and share your sexual activity, health diagnosis data, and genetic information and other sensitive personal information for targeted marketing purposes.” Not to be outdone, “Kia also mentions they can collect information about your ‘sex life’ in their privacy policy,” they added. “Yes, reading car privacy policies is a scary endeavor.”
How do Nissan and Kia track your sexual activity?
They “didn’t explain how,” AP reported.
What do the automakers say?
Kia told the New York Post the kind of information it collects “depends on the context in which a consumer interacts with us,” adding, “To clarify, Kia does not and has never collected “sex life or sexual orientation” information from vehicles or consumers in the context of providing the Kia Connect Services.”
Skip advertSkip advert
Nissan, like most of the automakers who responded after Mozilla’s report, said in a statement it takes “privacy and data protection for our consumers and employees very seriously” and complies “with all applicable lies.” The car companies that responded to Mozilla’s request for comment — “Mercedes-Benz, Honda, and technically Ford” — “still didn’t completely answer our basic security questions,” the researchers said.
What can car consumers do?
Unless car buyers opt for a used, pre-digital model, they “just don’t have a lot of options,” Caltrider told AP. Automakers seem better behaved in the European Union, where the laws are stricter, and the U.S. could pass similar laws, she added. Mozilla is hoping that raising awareness among consumers will raise awareness and fuel a backlash, as happened with TV makers in the 2010s and other surveillance-heavy “smart” devices. “Cars seem to have really flown under the privacy radar and I’m really hoping that we can help remedy that because they are truly awful,” Caltrider said.
Skip advert
