Investigation Reveals Cars Are Data-Collection Machines

by Daniel Li, age 16

Recent investigations by Mozilla's Privacy Not Included project have uncovered a startling reality about modern vehicles. Far from being mere transportation devices, these cars have transformed into sophisticated data-collection machines, raising concerns about privacy and personal data security.

Mozilla's study meticulously evaluated 25 major car brands, concluding that none of the cars followed fundamental privacy and security norms in their internet-connected vehicles. All brands, including giants like BMW, Ford, Toyota, Tesla, and Subaru, failed Mozilla's assessment. These vehicles are not just tracking mundane details like location or driving speed; they are delving into intensely personal aspects such as the driver's race, facial expressions, weight, and health information.

Volkswagen vehicles, for example, monitor seatbelt usage and braking intensity. More invasive still, specific models reportedly gather data on the driver's sexual activity, race, and immigration status. Nissan, identified as the most egregious violator, collects and reserves the right to sell information ranging from sexual activity to health diagnoses and genetic data. Their privacy policy outlines a willingness to sell a wide array of personal data, from preferences to psychological tendencies.

While Nissan defends its practices as transparent and compliant with laws, other manufacturers offer varied responses to accusations of privacy concerns. Volkswagen acknowledges collecting data for targeted advertising, while Kia's policy allows monitoring aspects as personal as one's sex life. Although equipped with potentially intrusive apps like TikTok, Mercedes-Benz declined to comment directly on the study. However, The MercedesMe Connect app, as per spokesperson Andrea Berg, provides users with privacy settings and opt-out options. BMW emphasizes its commitment to customer privacy, offering granular control over personal data collection and processing.

Despite these assurances, the broader issue of data privacy in vehicles remains concerning. Mozilla's report highlights the industry's engagement in “privacy washing,” a practice where companies convey a false sense of security about data privacy. The Alliance for Automotive Innovation's "Consumer Privacy Protection Principles," while protective, are criticized as non-binding and vague.

The issue of consent further complicates matters. Brands like Subaru consider any passenger a 'user' who has implicitly consented to data collection, an approach Mozilla deems problematic because not every passenger knows the terms a vehicle’s owner has agreed to. The ambiguity surrounding these companies' data encryption practices adds another layer of concern. Mozilla's findings reveal a disturbing trend in modern vehicles: a transformation into data-collecting entities with significant privacy implications.

The automotive industry's current approach to personal data collection and privacy policies challenges the perception of cars as private spaces. This approach raises critical questions about consumer rights and data security in an increasingly connected world.

[Source: Gizmodo; Image Credit: Metamorworks]