in

Cars And Privacy: They’re So Bad, It’s The Worst Product Category Ever Reviewed

(Mozilla Foundation) Ah, the wind in your hair, the open road ahead, and not a care in the world… except all the trackers, cameras, microphones, and sensors capturing your every move. Ugh.Modern cars are a privacy nightmare.

Car makers have been bragging about their cars being “computers on wheels” for years to promote their advanced features. However, the conversation about what driving a computer means for its occupants’ privacy hasn’t really caught up.

While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines. Machines that, because of their all those brag-worthy bells and whistles, have an unmatched power to watch, listen, and collect information about what you do and where you go in your car.

All 25 car brands we researched earned our *Privacy Not Included warning label — making cars the official worst category of products for privacy that we have ever reviewed.

The car brands we researched are terrible at privacy and security

Why are cars we researched so bad at privacy? And how did they fall so far below our standards? Let us count the ways!

1. They collect too much personal data (all of them)

We reviewed 25 car brands in our research and we handed out 25 “dings” for how those companies collect and use data and personal information. That’s right: every car brandwe looked at collects more personal data than necessary and uses that information for a reason other than to operate your vehicle and manage their relationship with you. For context, 63% of the mental health apps (another product category that stinks at privacy) we reviewed this year received this “ding.”

And car companies have so many more data-collecting opportunities than other products and apps we use — more than even smart devices in our homes or the cell phones we take wherever we go. They can collect personal information from how you interact with your car, the connected services you use in your car, the car’s app (which provides a gateway to information on your phone), and can gather even more information about you from third party sources like Sirius XM or Google Maps. It’s a mess. The ways that car companies collect and share your data are so vast and complicated that we wrote an entire piece on how that works. The gist is: they can collect super intimate information about you — from your medical information, your genetic information, to your “sex life” (seriously), to how fast you drive, where you drive, and what songs you play in your car — in huge quantities. They then use it to invent more data about you through “inferences” about things like your intelligence, abilities, and interests.

2. Most (84%) share or sell your data

It’s bad enough for the behemoth corporations that own the car brands to have all that personal information in their possession, to use for their own research, marketing, or the ultra-vague “business purposes.” But then, most (84%) of the car brands we researched say they can share your personal data — with service providers, data brokers, and other businesses we know little or nothing about. Worse, nineteen (76%) say they can sell your personal data.

A surprising number (56%) also say they can share your information with the government or law enforcement in response to a “request.” Not a high bar court order, but something as easy as an “informal request.” Yikes — that’s a very low bar! A 2023 rewrite of Thelma & Louise would have the ladies in custody before you’ve had a chance to make a dent in your popcorn. But seriously, car companies’ willingness to share your data is beyond creepy. It has the potential to cause real harm and inspired our worst cars-and-privacy nightmares.

And keep in mind that we only know what companies do with personal data because of the privacy laws that make it illegal not to disclose that information (go California Consumer Privacy Act!). So-called anonymized and aggregated data can (and probably is) shared too, with vehicle data hubs (the data brokers of the auto industry) and others. So while you are getting from A to B, you’re also funding your car’s thriving side-hustle in the data business in more ways than one.

3. Most (92%) give drivers little to no control over their personal data

All but two of the 25 car brands we reviewed earned our “ding” for data control, meaning only two car brands, Renault and Dacia (which are owned by the same parent company) say that all drivers have the right to have their personal data deleted. We would like to think this deviation is one car company taking a stand for drivers’ privacy. It’s probably no coincidence though that these cars are only available in Europe — which is protected by the robust General Data Protection Regulation (GDPR) privacy law. In other words: car brands often do whatever they can legally get away with to your personal data.

4. We couldn’t confirm whether any of them meet our Minimum Security Standards

It’s so strange to us that dating apps and sex toys publish more detailed security information than cars. Even though the car brands we researched each had several long-winded privacy policies (Toyota wins with 12), we couldn’t find confirmation that any of the brands meet our Minimum Security Standards.

Our main concern is that we can’t tell whether any of the cars encrypt all of the personal information that sits on the car. And that’s the bare minimum! We don’t call them our state-of-the-art security standards, after all. We reached out (as we always do) by email to ask for clarity but most of the car companies completely ignored us. Those who at least responded (Mercedes-Benz, Honda, and technically Ford) still didn’t completely answer our basic security questions.

A failure to properly address cybersecurity might explain their frankly embarrassing security and privacy track records. We only looked at the last three years, but still found plenty to go on with 17 (68%) of the car brands earning the “bad track record” ding for leaks, hacks, and breaches that threatened their drivers’ privacy.

At a glance: How the car brands stack up

Here’s how the cars performed against our privacy and security criteria.

MISSING: summary MISSING: current-rows.
Car brand Data use Data control
Renault x x ⚠️
Dacia x x ⚠️
BMW x x x ⚠️
Subaru x x x ⚠️
Fiat x x x ⚠️
Jeep x x x ⚠️
Chrysler x x x ⚠️
Dodge x x x ⚠️
Volkswagen x x x x ⚠️
Toyota x x x x ⚠️
Lexus x x x x ⚠️
Ford x x x x ⚠️
Lincoln x x x x ⚠️
Audi x x x x ⚠️
Mercedes-Benz x x x x ⚠️
Honda x x x x ⚠️
Acura x x x x ⚠️
KIA x x x x ⚠️
Chevrolet x x x x ⚠️
Buick x x x x ⚠️
GMC x x x x ⚠️
Cadillac x x x x ⚠️
Hyundai x x x x ⚠️
Nissan x x x x ⚠️
Tesla x x x x x ⚠️

Some not-so-fun facts about these rankings:

Read More

Leave a Reply

Loading…

Till Death Do Us Part: Documents Reveal CDC Pushed People Who Were Injured From COVID-19 Shots To Keep Getting Boosted

Video: ‘It’s All Coming Back To Me Now’