Drivers have been warned that cars present a “privacy nightmare” with vehicle manufacturers collecting extensive personal data on drivers, even including their sexual activities.
A study of 25 car brands found they all failed consumer privacy tests carried out by internet-focused non-profit Mozilla Foundation. Its research found that 84% of car companies review, share or sell data collected from car owners.
Mozilla found that all the car brands it reviewed collected more personal data than necessary and personal information collected was used for reasons unrelated to the operation of a vehicle and a car brand’s relationship with its drivers.
The Mozilla research suggests that six car companies can collect intimate information, including a driver’s medical information and genetic information. How fast a person drives, where they drive to and the songs they listen to in their car were also included.
Nissan includes “sexual activity”, in the data it collects and Kia notes that it can collect information about your “sex life” in their privacy policy, Mozilla said.
Kia’s privacy policy states it may process “special categories” of data, including “information about your race or ethnicity, religious or philosophical beliefs, sexual orientation, sex life and political opinions” and “trade union membership”.
Cars can collect personal information from drivers in huge quantities, from the connected services that can be used in the car, to third-party sources such as online radio service Sirius XM or Google Maps. That data can then be used to “invent more data about you through inferences about things like your intelligence, abilities and interests”, Mozilla said.
While the car industry has been focused on the shift from petrol and diesel engines to battery electric propulsion in recent years, some analysts argue that greater disruption is ahead as vehicles become increasingly connected to the internet, and capable of autonomous driving.
That has led to predictions of a massive rise in the sales of services such as music and video streaming as well as driver assistance and self-driving subscriptions. Consultancy McKinsey has forecast that carmakers could make as much as $1.5tn (£1.2tn) in extra revenues by embracing new services ranging from ride hailing, to in-car apps and wireless software upgrades.
However, many services could be much more lucrative for carmakers if they collect more data on customers.
Under Mozilla’s criteria, Tesla failed all of the reviews that looked at security, data control and AI. The US electric car company has already faced criticism over its privacy practices. It emerged earlier this year that employees had shared videos and images recorded by the cameras in customers’ cars. Tesla did not respond to Reuters’ requests for comment at the time.
In 2021, Tesla said cameras were disabled in China after the vehicles were banned from Chinese military facilities because of supposed security concerns.
From the car brands reviewed, 84% say they can share personal data with service providers or data brokers and 76% said they could sell on the data .
Only two of the 25 brands reviewed, Renault and Dacia, owned by the same parent company, stated that drivers had the right to delete their personal data. Renault and Dacia cars are headquartered in Europe, where consumers are protected by General Data Protection Regulation privacy law.
The foundation said that it was unable to confirm whether any of the brands meet its minimum security standards, including whether companies encrypt the personal information of drivers.