Carmakers Are Allowed to Collect So Much Data on You—Even About Your Sex Life
Mozilla has slammed nearly every automaker over privacy policies that allow virtually unfettered access to owners’ personal data.
If you've bought a new vehicle sometime over the past decade, you've probably been impressed by just how far technology has come. From Google Home being able to turn on your car's heat on a cold morning, to using your phone as a key, modern cars are a marvel of convenience. But that comes at a price: privacy.
Much like our phones, our cars are watching our every move. Tesla CEO Elon Musk has called his company's cars sophisticated computer[s] on wheels, which has led some privacy advocates to wonder just how much data these four-wheeled calculators really gather about their drivers. As it turns out, the answer is "a lot." A new study by the Mozilla Foundation is calling nearly every car brand a "privacy nightmare on wheels."
Mozilla openly states that all cars with external-facing cameras are security concerns, however, a special tick goes to Tesla who has proven difficult to trust in the past. For example, Tesla employees have reportedly been caught sharing videos captured from the vehicle's cameras, which include nudity as well as children being hit by cars. Additionally, security experts have repeatedly extracted footage of crashes from vehicle storage long after they were sent to the scrap yard (along with other unencrypted personal data). Not to mention the "Tesla Files" incident where 100 gigabytes of confidential customer data and personally identifiable information was obtained by then-employees and handed over to German media outlet Handelsblatt.
Volkswagen isn't free from dings either. The automaker collects demographic and financial data, vehicle usage information (including speed, geolocation, and seat belt usage), internet activity, and more. VW is also open about sharing customer data specifically for targeted advertising purposes.
Ford keeps a similar policy. The Blue Oval also shares information to marketing partners, advertising agencies, government agencies, and (big surprise) Sirius XM. Perhaps even more concerning is the automaker's clause that it "may collect vehicle location, regardless of location settings" if it determines it needs to repossess your car, ensure the safety of a Ford employee, comply with legal requests, or other circumstances.
And nearly all automakers are open about sharing certain data with law enforcement when deemed "reasonably necessary," though that term isn't often explicitly defined and seems to be left up to someone's arbitrary judgment.
Perhaps most concerning are three brands on the list that look past traditional data points and give themselves permission to peek through your bedroom door: Kia, Nissan, and Subaru.
The privacy policies penned by both Subaru and Kia specifically state that the brand or its employees may collect data on customers that include their "sex life or sexual orientation." Nissan's policy is similar, specifically noting that it collects data on both a customer's "sexual orientation" and their "sexual activity."
The spokesperson went on to tell us that Nissan includes both consumer and employee privacy details in the same report, so it writes its policy "as broadly as possible" to comply with both federal and state laws. However, the spokesperson also said that Nissan "does not knowingly collect or disclose" information on sexual activity or sexual orientation. They later continued:
"Some state laws require us to account for inadvertent data collection or information that could be inferred from other data, such as geolocation. For employees, some voluntarily disclose information such as sexual orientation, but it is not required and we do not disclose it without consent."
We also reached out to Kia and Subaru to clarify their privacy policies, however, neither responded at the time of publishing. It's not clear if these brands follow the same all-encompassing philosophy or if they really seek insight as to when you're getting it on, but either way, their respective privacy policies give them explicit permission to track and store such data.
This may all seem like run-of-the-mill topics to some, especially as people are viewed as data in today's connected world. But remember that once a new company has data about you, you now have one more entity to trust with securing your personal information. One more entity that could be compromised. One more entity that could sell that information to yet another data broker.
We expect automakers—hell, any company really—to be responsible stewards of our sensitive information. But it turns out, in the age of big data where software touches everything we use, that may not be the case even for companies that build cars. So if you're concerned about your in-car data privacy, it might be a smarter choice to consider buying something beige and built a decade ago or more when your current ride goes kaput.
Got a tip or question for the author? Contact them directly: firstname.lastname@example.org