Your Car Is Spying on You. Seriously.
- By Lachlan Colquhoun
- April 08, 2024
The world of connected cars and telematics can deliver undoubted advantages, but there is a dark side.
On the positive side of the ledger, turning vehicles into data-harvesting machines can make for more efficient corporate fleet management. There are also safety benefits of installing technology that can alert first responders during accidents or breakdowns.
However, there is a negative point of view that the world of connected cars is a "privacy nightmare on wheels," according to a report by the U.S.-based Mozilla Foundation.
“All new cars today are privacy nightmares on wheels that collect huge amounts of personal information,” said Mozilla’s Jen Caltrider, the lead for *Privacy, Not Included.
The Mozilla report, released late last year, looked at 25 car brands that collected customer data.
This went well beyond data on how often and how far people drive.
“Deeply personal”
Today, connected cars exchange information across wireless networks, often in real-time, with vehicle manufacturers, third-party service providers, and infrastructure operators.
This data can be sold to data brokers for marketing and targeted advertising.
“New cars today are privacy nightmares on wheels that collect huge amounts of personal information."
According to Mozilla research, popular car brands such as BMW, Tesla and Toyota can collect "deeply personal" data such as sexual activity, immigration status, race, facial expressions, weight and genetic information.
Between 2019 and 2022, it has been reported that Tesla employees internally circulated intimate footage taken in private cars for their own amusement.
The report says sitting in a car was "a lot like handing your phone over to the auto manufacturer."
“Researchers found data is being gathered by sensors, microphones, cameras, and the phones and devices drivers connect to their cars, as well as by car apps, company websites, dealerships, and vehicle telematics,” the report said.
"Brands can then share or sell this data to third parties. Car brands can also use much of this data to develop inferences about a driver's intelligence, abilities, characteristics, preferences, and more."
Failure to meet standards
Mozilla has an ongoing report into data privacy called “*Privacy Not Included," the research into cars was the first time none of the brands met Mozilla's minimum security standards.
"Specifically, researchers couldn't confirm whether any of the brands encrypt all of the personal information they store on vehicles and only one of the brands—Mercedes—even replied to Mozilla’s questions about encryption,” the report says.
The worst offender, according to Mozilla, is Nissan.
“The Japanese car manufacturer admits in their privacy policy to collecting a wide range of information, including sexual activity, health diagnosis data, and genetic data—but doesn’t specify how,” the report says.
“They say they can share and sell consumers’ “preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes” to data brokers, law enforcement, and other third parties.”
While none of the brands received Mozilla’s “Best of” status, the report said that French brand Renault—ironically a joint venture partner of Nissan—was the "least problematic", mainly because, as a European manufacturer, Renault must comply with the General Data Protection Regulation (GDPR).
“Many people think of their car as a private space—somewhere to call your doctor, have a personal conversation with your kid on the way to school, cry your eyes out over a break-up, or drive places you might not want the world to know about,” says Caltrider.
“But that perception no longer matches reality.”
Voluntary code
In Australia, one of the main champions of data privacy in this area is Dr. Katharine Kemp, from the faculty of Law & Justice at the University of New South Wales.
Kemp says that if people find out how much data is being collected and how it is being shared, they will be met with "very vague, broadly worded privacy policies," the ultimate aim of which is to give car companies permission rather than to protect consumers.
“I think it is an appalling way to treat consumers, to be providing essentially no privacy choices, and it emphasizes that cars are the Wild West of consumer privacy,” Kemp told the Australian Broadcasting Corporation in February 2024.
She was responding to the case of a Queensland man who decided against purchasing a Toyota vehicle after he learned about the data collection in the company’s Connected Services system, which can share data with third parties such as financial and insurance companies and for market research.
"Connected Services operate by using data collected from you and your vehicle, including your personal information, vehicle information and vehicle location," the Toyota policy says.
Most people wouldn’t even read the policy, just as most people wouldn’t reach the terms and conditions of most products.
There is an option not to sign up for the Connect Services features, but anyone who opts out disables features such as Bluetooth connectivity and speaker functionality, as well as aspects of the vehicle warranty.
Given those options, most people would just submit and allow the Connected Services.
Australia has a voluntary code of conduct on data privacy through an industry body, the Federal Chamber of Automotive Industries. Members tell customers about data collection but do so voluntarily.
This, according to Dr. Kemp, is “opportunistic”. She says Australian privacy laws are well behind those of other jurisdictions, particularly the European Union.
An ongoing review of the Privacy Act has led to some legislative recommendations, so there is some hope for progress.
Until then, however, new car owners who value their privacy might have to choose between convenience and functionality on the one hand and their privacy on the other.
Image credit: iStockphoto/Natali_Mis
Lachlan Colquhoun
Lachlan Colquhoun is the Australia and New Zealand correspondent for CDOTrends and the NextGenConnectivity editor. He remains fascinated with how businesses reinvent themselves through digital technology to solve existing issues and change their business models.