Most major car manufacturers fail to meet the most basic privacy and security standards in new internet-connected models, according to new findings from Mozilla’s “Privacy Not Included” project.
Mozilla said that all 25 major car brands it examined failed the privacy test. The organization found that popular brands, including BMW, Ford, Toyota, Tesla, Kia, and Subaru, can collect highly sensitive personal information like sexual activity, immigration status, race, facial expressions, weight, health and genetic information, as well as where the car owner drives.
The car manufacturers use a variety of tools to harvest information such as sensors, microphones, cameras, and the phones and devices drivers connect to their cars, as well as by car apps, company websites, dealerships, and vehicle telematics. Furthermore, brands can then share or sell this data to third parties or use it for developing inferences about a driver’s intelligence, abilities, characteristics, preferences, and more.
Nissan was the worst offender, with the company harvesting a wide range of information, including sexual activity, health diagnosis data, and genetic data. In its privacy policy, the Japanese automaker said it can share and sell consumers’ “preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes” to data brokers, law enforcement, and other third parties.
Other bad in terms of privacy car brands include Volkswagen, which collects demographic data (age and gender) and driving behaviors for targeted marketing purposes; Toyota with its long-winded privacy policies; Kia, whose privacy policy states they can collect information about the owner’s “sex life;” and Mercedes-Benz, which manufactures certain models with TikTok, which has its own privacy issues, pre-installed.
On the other hand, Renault and Dacia (both owned by the same parent company) were found to be the least problematic, possibly because, as the European brands, they must comply with the EU’s data protection law (General Data Protection Regulation, GDPR).
“Many people think of their car as a private space — somewhere to call your doctor, have a personal conversation with your kid on the way to school, cry your eyes out over a break-up, or drive places you might not want the world to know about. But that perception no longer matches reality. All new cars today are privacy nightmares on wheels that collect huge amounts of personal information,” said Jen Caltrider, PNI Program Director.
“While consumers can choose to not use a car app or try not to use connected services, that might mean their car doesn’t work properly — or at all. Consumers have almost zero control and options in regard to privacy, other than simply buying an older model. Regulators and policy makers are behind on this front,” the researchers concluded.