Car data privacy gets an “F”. A recent survey indicates that most major manufacturers may sell your personal information, with half admitting they would share it with the government or law enforcement without a court order.
Autos are data-collection hubs due to their many sensors, from telematics to fully digital control consoles.
However, drivers have little control over the personal data their vehicles collect, Mozilla Foundation researchers said Wednesday in their latest “Privacy Not Included” survey. Security standards are also vague, which is concerning given automakers’ hacking history.
“Cars seem to have really flown under the privacy radar and I’m really hoping that we can help remedy that because they are truly awful,” said study research lead Jen Caltrider. “Cars have microphones and people have sensitive conversations. Car cameras face inward and outward.”
Caltrider said automobile purchasers “just don’t have a lot of options” without a used, pre-digital model.
Since 2017, Mozilla has analyzed more than a dozen product categories, including fitness trackers, reproductive health applications, smart speakers, and other connected home products, and cars ranked worst for privacy.
None of the 25 automobile brands whose privacy notices were reviewed—chosen for their popularity in Europe and North America—met Mozilla’s baseline privacy criteria. Mozilla promotes open-source, public-interest technology and maintains the Firefox browser. However, 37% of mental health apps the non-profit tested this year did.
Notices from 19 automakers suggest they can sell your personal info. Half will share your information with the government or law enforcement upon “request” rather than legal order. Only Renault and Dacia, which are not offered in North America, allow drivers to remove their data.
“Increasingly, most cars are wiretaps on wheels,” said Harvard’s Carr Center for Human Rights Policy technology and human rights fellow Albert Fox Cahn. Drivers pay extra to install devices that collect more data on them and their passengers.”
Since 2017, Mozilla has analyzed more than a dozen product categories, including fitness trackers, reproductive health applications, smart speakers, and other connected home products, and cars ranked worst for privacy.
None of the 25 automobile brands whose privacy notices were reviewed—chosen for their popularity in Europe and North America—met Mozilla’s baseline privacy criteria. Mozilla promotes open-source, public-interest technology and maintains the Firefox browser. However, 37% of mental health apps the non-profit tested this year did.
Notices from 19 automakers suggest they can sell your personal info. Half will share your information with the government or law enforcement upon “request” rather than legal order. Only Renault and Dacia, which are not offered in North America, allow drivers to remove their data.
“Increasingly, most cars are wiretaps on wheels,” said Harvard’s Carr Center for Human Rights Policy technology and human rights fellow Albert Fox Cahn. Drivers pay extra to install devices that collect more data on them and their passengers.”
In a 2020 Pew Research survey, 52% of Americans indicated they avoided a product or service because they were apprehensive about its data collection.
Minimum Mozilla security standards include encrypting car personal data. The researchers stated most vehicle brands disregarded their emails and provided partial, unsatisfactory responses.
Japan-based Nissan shocked researchers with its privacy notice’s honesty and thorough data collecting breakdowns, unlike Facebook or Google. Driver’s license numbers, immigrant status, race, sexual orientation, and health diagnoses are considered “sensitive personal information.”
Nissan can also use data “inferences” to construct profiles “reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.”
Six car firms claimed to collect “genetic information” or “genetic characteristics,” researchers found.
Nissan claims it obtained “sexual activity” data.” How wasn’t explained?
Mozilla’s “creepiness” ranking favored Tesla’s electric cars. Tesla’s privacy notice states that it may not be able to warn drivers “in real time” of concerns that could cause “reduced functionality, serious damage, or inoperability” if they opt out of data gathering.
Nissan and Tesla did not answer practice queries quickly
Mozilla’s Caltrider said the EU’s General Data Protection Regulation and California’s Consumer Privacy Act forced carmakers to disclose data collecting.
She said it’s a start by boosting customer awareness, like in the 2010s when a backlash forced TV makers to provide more alternatives to surveillance-heavy connected displays.
