To succeed in today’s data-driven economy, companies are collecting massive amounts of consumer data — and selling it on.
However a startling gap, which most people probably will not consider when assessing their personal privacy, has been unearthed by the Mozilla Foundation.
Everything from your health, to your political preferences, to even your intimate moments, may be being sold on to third-parties without your knowledge. And while we may all be suspicious of our smart phones and home assistants, there’s one more for your list: It’s your car.
Driving Towards Full Disclosure
The ominous suggestion comes from the Mozilla Foundation, which has concluded that “cars are the worst product category we have ever reviewed for privacy.“.
Cars don’t just take you from A to B nowadays, they are computers-on-wheels, and if they are modern enough (and the manufacturer is sneaky enough), you may well have carelessly ticked the box to allow data collection — and the sell to pass that data on.
Which is one thing, but the scale of data that can be collected and inferred, according to Mozilla, is staggering.
According to Jen Caltrider, who leads Mozilla’s *Privacy Not Included work, car manufacturers glean a lot from travels:
“Cars seem to have really flown under the privacy radar, and I’m really hoping that we can help remedy that because they are truly awful. Cars have microphones, and people have all kinds of sensitive conversations in them. Cars have cameras that face inward and outward.”
Reviewing 25 car manufacturers, Mozilla found that 84% confirmed they can share your personal data with service providers, data brokers, and other businesses, and 19 manufacturers (76%) said they can sell your personal data.
56% said they can share your information with a government or law enforcement in response to a “request” — not a court order, but a request.
What Data is Collected?
It will probably be easier to answer what data is not collected.
One manufacturer, who we won’t namedrop here out of respect that they were honest to Mozilla — but the full report is here — said they can collect sensitive personal information, including a driver’s license number, immigration status, race, sexual orientation, and health diagnoses.
They can also share “inferences” drawn from the data to create profiles “reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.”
They can also collect information on “sexual activity”, although they didn’t explain how (but perhaps it’s a digital equivalent of “if this car’s a-rocking…”).
According to Misha Rykov, a researcher in the Privacy Not Included study on how cars steal your data,
“Practically all of the privacy policies we looked at used qualifying language when listing the data points they collect. Words like ‘such as,’ ‘including,’ or ‘etc.’ tell us we are only getting a sample of what is collected and not the full picture.
“The detailed data collected by car companies is a data broker’s dream. Indeed, Vehicle Data Hubs are rich with that information. Yet we still know so little about how they obtain, process, and sell it.”
If you think of a typical journey, you give away a lot of information, particularly if your car has a microphone. Are you listening to religious music? A podcast that aligns with your political views? Talking about health problems? This is a goldmine for tech companies.
If your car has a range of sensors — including heart rate monitors — and permission to pass whatever it gathers to a third-party data agency, themselves expert at drawing inferences — then you are revealing an awful lot about yourself.
Researcher Misha Rykov added:
“Cars’ new bells and whistles mean the potential for more data-collecting sensors, cameras, and microphones. But unlike with apps or smart home devices, most drivers aren’t even aware this data is being collected — let alone have the power to turn it off.”
The Bottom Line
We are used to being suspicious of our smartphones and home assistants and knowing that all those clicks we make online help build a profile of us.
But our car? Which, for some people, is that last bastion of peace and quiet?
It’s absolutely worth it if you have a car from recent years, checking out if you inadvertently signed away the rights to your data, and if you are shopping in the near future, keeping this investigation close in mind.
Because to give the final word to researcher Misha Rykov:
“What did I learn in researching the privacy and security of 25 of the top car brands in the world? Modern cars are a privacy nightmare and it seems that the Fords, Audis, and Toyotas of the world have shifted their focus from selling cars to selling data.”