Cars are now crammed with sensors, software and silicon chips. Its manufacturers feast on their findings, as research by Mozilla shows. All 25 surveyed manufacturers collect more data than necessary; the vast majority also resell this information.
Many industries flout privacy, such as, for example, the collective of mobile apps aiming at improving mental health. In that case, 63 percent were found to have violated core privacy principles, according to Mozilla. It’s a disconcerting finding for an area where a lot of sensitive data is shared by users.
Tip: AI training over data privacy: Microsoft and Zoom get caught
The car industry, however, appears to be even worse at handling the issue. Not a single brand passed Mozilla’s tests without transgressing in at least one regard. In other words, all 25 examined companies collect more data than necessary, cannot guarantee that the data is kept safe, and/or sell the information on to third parties.
What does your car know about you?
Mozilla reminds us that the modern car has been sold to users as a “computer on wheels,” as Elon Musk put it eight years ago. With that, our vehicles’ skills have naturally improved, requiring a multitude of sensors. However, automakers are also tracking what apps you use on your infotainment system to collect even more data. 92 percent of the companies in question give the user no control over this either: only the twin brands Renault and Dacia offer users the option to have all their own data deleted. Cars also collect data while you are simply sitting in your seat: a company like Wejo makes profits by measuring 660 data points including heart rate and fatigue, for example, to pass on to other parties via APIs. Thus, it’s not just the car brands themselves that are making off with your personal details, but they feed an entire ecosystem of data brokers and other third parties.
Mozilla has a laundry list of data that automakers can collect. Personal data, financial information, health insurance, iris scans, religion, hobbies and ancestry can all be tracked. 84 percent of the companies surveyed then share or sell this data. 56 percent may even share this information with authorities, including sometimes even through an informal request without any legal interference.
Among car brands, the worst privacy standards were found at Tesla and Nissan. The former was rated negatively based on all measured categories: data usage, data control, historical track record, security and AI. Mozilla argues that Tesla’s unreliable AI autopilot feature puts it in a unique category. In other words Elon Musk’s company has a lot of work to do in terms of how it deploys user data.
However, Nissan’s handling of information is even more personal: its U.S. privacy statement states that the company can detect sexual activity, health diagnoses and genetic information for targeted marketing campaigns. It goes far beyond what might be considered within bounds: data collection for diagnostic purposes to make traffic safer.
Creepy, but also dangerous?
Mozilla’s framing assumes “creepiness.” Specifically, it mainly touts which companies collect a disproportionate amount of data from the end user only to remain mostly shady about what exactly it knows. For example, most parties did not even respond to Mozilla’s questions. This uncertainty leads to a dangerous scenario: after all, what if there’s a data breach and you, as the customer, don’t know what hackers can steal?
The big problem, then, is that the vague policies lead to additional suspicion. After all, a modern car these days usually has an on-board microphone that is constantly enabled. In addition, many users connect their phones and other devices to their vehicles, making it possible to collect even more data points.
The only parties that are informed about what car brands know are the companies that purchase the data. Here, in many cases, it is impossible to determine how anonymous you remain as an end user. Unfortunately, there isn’t a single brand that can be trusted based on Mozilla’s findings. Consent is an illusion, the researchers conclude. The only thing you can currently do as an end user, they believe, is to sign the petition Mozilla has created against these practices.
Also read: Mercedes-Benz partners with Google to enhance the software in its cars