- Most of us have grown accustomed to data-rich information screens in vehicles, but are modern cars sharing too much of our private info?
- The Mozilla Foundation, after studying the information-handling practices of 25 automotive brands, found cars as “the official worst category of products for privacy that we have ever reviewed.”
- The non-profit foundation uncovered the information via the California Consumer Privacy Act, and ranks these automakers from the creepiest down to those that are just very creepy.
Automakers have been touting advantages gained from their partnerships with major computer hardware and software companies for much of the 21st Century.
When your new car or truck’s dashboard reads your eyes and warns you’re too sleepy to keep driving, it will suggest a break and list the closest McCoffee shops on your navigation screen.
Then it records your stops (or lack thereof), adding them to the list of various other stops and destinations and the phone numbers and music downloaded onto the car from your smartphone.
This has all worked out brilliantly—for the automakers, according to a report released this week by the free software community, Mozilla Foundation. As for us drivers, we might as well be Dave confronting HAL 9000 in 2001: A Space Odyssey.
All 25 automotive brands researched by its buyers’ guide earned Mozilla’s *Privacy Not Included label, “making cars the official worst category of products for privacy that we have ever reviewed.” Mozilla began publishing the buyers’ guide in 2017.
The report says that “every car brand we looked at collects more personal data than necessary and uses that information for a reason other than to operate your vehicle and manage their relationship with you.
For context, 63% of the mental health apps (another product category that stinks at privacy) we reviewed this year received this ‘ding.’” (Authors’ emphasis.)
Automakers can collect personal information from the vehicle’s connected services and from its app, able to collect data from your phone. It can gather additional information from such third-party sources as SiriusXM or Google Maps.
Mozilla says connected cars have the ability to gather “super intimate information,” including medical history, genetic information, how fast you drive, where you drive, what songs you play in the vehicle, and even your sex life. From this, more data can be inferred, including owners’ intelligence, abilities, and interests, the review says.
The users’ agreements for 21 of those 25 car brands, or 84%, give themselves authorization to share owners’ personal data, while 19 of them—76%—allow the brands to sell such data.
Fourteen of them, or 56%, say they can share your information with a government or law enforcement in response to a “request,” Mozilla says.
The non-profit foundation’s report says it uncovered these results because of the California Consumer Privacy Act, which forces companies to make such disclosures.
It should be noted that Mozilla studied 23 automotive brands that are sold in the US and two that are not (Renault and Dacia). These were the only two automakers to say all drivers have the right to have their personal data deleted.
This is probably, Mozilla says, the result of Europe’s “robust” General Data Protection Regulation. Researchers also were unable to determine whether any of the 25 brands encrypt all the personal information stored in the car, Mozilla’s basic requirement to earn its Minimum Security Standards designation.
Creepiest of Super Creepy Automakers
Mozilla ranked these 16 brands as the creepiest of the “super creepy” in terms of data collection, in this order from worst to not-quite-as-bad: Nissan, Chevrolet, Kia, Hyundai, Dodge, Lexus, Audi, Toyota, Honda, Volkswagen, Ford, Fiat, Buick, Subaru, Lincoln, and Acura.
Slightly Less Super Creepy
GMC, Mercedes-Benz, Chrysler, and Renault.
One More Step Down on the Super Creepy Scale
Jeep, BMW, Cadillac, and Tesla.
Only Very Creepy
Dacia (after all, they are low-priced cars and perhaps come with a limited suite of connected services).
There is a bit of a JD Power & Company syndrome in this list.
Why, for example, is GMC creepier than Cadillac, Buick creepier than GMC, and Chevrolet creepier than them all? Drill down into a brand’s reports and Mozilla details General Motors’ umbrella privacy policy under all these brands. Perhaps mychevroletapp is creepier than mybuickapp?
Still, the conclusion that any of these brands, from Nissan to Dacia, is worse than an Amazon Alexa is pretty disconcerting.
Also worth noting: While Tesla is not as creepy as Mercedes-Benz or Nissan, it is the second product Mozilla has reviewed, ever, after AI chatbot to earn every single one of the organization’s privacy “dings.”
“What set them apart was earning the ‘untrustworthy AI’ ding. The brand’s AI-powered (A)utopilot was reportedly involved in 17 deaths and 736 crashes and is currently the subject of multiple government investigations,” the report says.
All brands on the list, except Renault and Dacia, have signed on to the Alliance for Automotive Innovation’s “Consumer Protection Principles,” but none of the 23 brands follows them, according to Mozilla.
Do you think the Mozilla report will push automakers to scale back on personal data collection in vehicles? Please comment below.
Contributing Editor
As a kid growing up in Metro Milwaukee, Todd Lassa impressed childhood friends with his ability to identify cars on the street by year, make, and model. But when American automakers put an end to yearly sheetmetal changes, Lassa turned his attention toward underpowered British sports cars with built-in oil leaks. After a varied early journalism career, he joined Autoweek, then worked in Motor Trend’s and Automobile’s Detroit bureaus, before escaping for Mountain Maryland with his wife, three dogs, three sports cars (only one of them British), and three bicycles. Lassa is founding editor of thehustings.news, which has nothing to do with cars.
Read the full article here