You’re never alone in your car. That was the big takeaway from a recent study of data collection practices and privacy (or lack thereof) for “connected” cars published by the Mozilla Foundation, the non-profit organization best known for its Firefox web browser.
The report was included in the organization’s *Privacy Not Included series about internet-connect devices. It looked at how information is collected and shared by twenty-five major car manufacturers under the three main categories of “data use,” “data control,” and “track record.”
None of the manufacturers in the study received a passing grade in consumer privacy. Not only did Mozilla’s report find “smart” cars to be a “privacy nightmare,” it pronounced cars to be “the official worst category of products for privacy that we have ever reviewed.”
Among the findings: newer cars regularly collect “super intimate information,” including medical data, genetic data, sexual activity, driving habits, location data and even your music listening habits. Compounding the problem, 84% of the car brands studied admitted to sharing driver data, with 76% of them selling user data outright.
While none of the car brands came out very well in the report, Renault and Dacia qualified as the least bad, in that they’re required to adhere to data restrictions outlined by the EU’s GDPR. (Unfortunately, both brands are only available in Europe.)
The worst offenders were Tesla, Nissan and Hyundai. Tesla managed to fail in every category, with special attention given to its AI-based autopilot functionality that has been involved in 17 deaths and 736 crashes.
Nissan’s second worst ranking came with Mozilla’s privacy policy diss, “probably the most mind boggling creepy, scary, sad, messed up privacy policy we have ever read.” Cited in particular was Nissan’s collection and sharing of “sexual activity, health diagnosis data, and genetic information” as well as “psychological trends, predispositions, attitude, intelligence, abilities and aptitudes.”
All the car manufacturers made it very hard, or impossible, for drivers and/or passengers to opt out of the data collection; several, including Nissan and Subaru indicate that sitting down within their vehicles automatically grants consent to their collection practices. Others, like Tesla take a more passive-aggressive approach, stating that users can opt-out of data collection and sharing, with the warning that doing so “may result in your vehicle suffering from reduced functionality, serious damage, or inoperability.”
What can be done?
In short: Not much. The Mozilla report makes clear that there is a general lack of privacy-friendly car brands. All newer car manufacturers treat user data like an all-you-can-eat buffet for themselves as well as third parties.
The primary goal of the report, according to Mozilla, is to raise consumer awareness and “encourage others to hold car companies accountable for their terrible privacy practices too.” Hopefully it will get lawmakers interested in making some changes.