BOSTON (AP) — Cars are getting an “F” in data privacy. Most big manufacturers admit they sell your personal information, a new study found, with half also saying they would share it with the government or law enforcement without a court order.
The proliferation of sensors in automobiles—from telematics to fully digitized control consoles—makes them extraordinary data collection centers.
But drivers are given little or no control over the personal data their vehicles collect, researchers at the nonprofit Mozilla Foundation said in their report Wednesday. The latest “Privacy Not Included” survey Security standards are also unclear, with automakers’ track record of susceptibility to hacking a major concern.
“Cars seem to have really flown under the privacy radar and I’m really hoping we can help remedy that because they’re really awesome,” said Jane Caltrider, head of research for the study. Cars have microphones and people have all sorts of sensitive conversations. The car has cameras that face inward and outward.”
Unless they choose a used, pre-digital model car, buyers “just don’t have many options,” Caltrider said.
Cars scored the worst for privacy among more than a dozen product categories — fitness trackers, reproductive health apps, vehicles and Smart speakers and other connected home appliances — that Mozilla has studied since 2017
None of the 25 car brands studied – chosen for their popularity in Europe and North America – meet the minimum privacy standards of Mozilla, which promotes open source, public interest technology and maintains the Firefox browser. In contrast, 37% of nonprofit mental health apps reviewed this year did.
Nineteen automakers say they can sell your personal data, the notices reveal. Half will share your information with a government or law enforcement agency in response to a “request” — as opposed to a court order requirement. Only two — Renault and Dacia, which are not sold in North America — offer drivers the option to keep their deleted data.
“Increasingly, most cars are wire taps on wheels,” says Albert Fox Kahn, technology and human rights fellow at Harvard’s Carr Center for Human Rights Policy. “The electronics that drivers pay more to install are collecting more data on them and their passengers.”
“There is something uniquely offensive about transforming the privacy of a car into a corporate surveillance space,” he added.
A trade group representing the makers of most cars and light trucks sold in the U.S., the Alliance for Automotive Innovation, took issue with that feature. A Letter sent on Tuesday To the US House and Senate leadership, it said it shares the “goal to protect consumer privacy”.
It called for a federal privacy law, saying “the patchwork of state privacy laws creates confusion among consumers about their privacy rights and makes compliance unnecessarily difficult.” The absence of such laws allows connected devices and smartphones to collect data for tailored ad targeting and other marketing — while also increasing the potential for widespread data theft through cybersecurity breaches.
The Associated Press Alliance asked, which has resisting effort To give car owners and independent repair shops access to onboard data, if it allows car buyers to opt out of automatic data collection — and gives them the option to collect deleted data. Spokesman Brian Weiss said the group “has concerns” about letting consumers opt out entirely for security reasons — but supports giving them more control over how data is used in marketing and by third parties.
In 2020 research, 52% of Americans say they have opted against using a product or service because they are worried about how much personal information it will collect about them.
In terms of security, Mozilla’s minimum standards include encrypting all personal information in a vehicle. Researchers say that most car brands ignore questions emailed to them on the subject, which yield partial, unsatisfactory responses.
Founded by researchers with Japan-based Nissan Provides a privacy notice with a detailed breakdown of integrity levels and data collection, Contrast that with big tech companies like Facebook or Google. “Sensitive personal information” collected includes driver’s license numbers, immigration status, race, sexual orientation and health diagnoses.
Further, Nissan said it may share “inferences” drawn from the data to create profiles “reflecting consumer preferences, characteristics, psychological tendencies, tendencies, behaviors, attitudes, intelligence, abilities and aptitudes.”
It was among six car companies that said they could collect “genetic information” or “genetic traits,” the researchers found.
Nissan also said it collected data on “sexual activity.” It doesn’t explain how.
The all-electric Tesla brand scored high on Mozilla’s “creepiness” index. If an owner opts out of data collection, Tesla’s privacy notice states that the company will not be able to notify drivers “in real time” of issues that could result in “reduced performance, serious damage or inoperability.”
Neither Nissan nor Tesla immediately responded to questions about their practices.
Mozilla’s Caltrider credited laws such as the 27-nation European Union’s General Data Protection Regulation and California’s Consumer Privacy Act that compel carmakers to provide existing data collection information.
It’s a start, he said, by raising awareness among consumers, just as happened in the 2010s when a consumer backlash prompted TV makers to offer more alternatives to surveillance-heavy connected displays.