Cars today are like computers on wheels, providing access to apps, entertainment, and even the internet. Like most smart tech, modern vehicles have the ability to collect information about what people do and where they go in their cars. But a new study from the Mozilla Foundation suggests automakers provide little protection when it comes to securing the privacy of that data.
The non-profit group recently published a series of articles about personal data and privacy in cars. It researched 25 brands, all of which earned the foundation's Privacy Not Included warning label, meaning the automakers did a poor job of managing data and providing security. In fact, Mozilla found that cars ranked as the worst category of products it had ever reviewed.
According to the study, all of the car brands surveyed collect too much personal data. In addition to the information required to operate a vehicle, details on how people use their vehicles, how fast they drive, where they go, and other titbits are mentioned as being collected. Auto companies also pull info through the connected services used in the car, including third-party sources from companies like Google, Meta, or Sirius XM.
The study determined that 84 percent of car companies share or sell customer data to third parties, including service providers, data brokers, and other businesses. Additionally, 56 percent of automakers say they share information with government or law enforcement officials in response to court orders, warrants, or informal requests.
Mozilla Foundation concluded most car companies also provide little or no control over personal data. 92 percent of companies surveyed allegedly don't allow or make it extremely difficult for people to delete their personal information. Renault and Dacia are listed as exceptions, though the study notes these two brands fall under the purview of Europe's General Data Protection Regulation (GDPR) privacy laws.
The Mozilla Foundation spent over 600 hours researching the car brands’ privacy practices and was unable to determine the full picture of how consumer data is used or shared. It also reached out to all of the car companies in its survey but only received responses from Ford, Honda, and Mercedes-Benz, and apparently, those responses still didn't answer all of the group's questions.
Motor1.com has also contacted automakers to request comments on the study. A spokesperson from Stellantis responded with the following statement:
Multiple claims in this document are incorrect as they relate to Stellantis brands. We carefully and diligently consider data privacy and act accordingly. Customers with questions may call our Customer Care center.
Nissan does not knowingly collect or disclose consumer information on sexual activity or sexual orientation. Some state laws require us to account for inadvertent data collection or information that could be inferred from other data, such as geolocation. For employees, some voluntarily disclose information such as sexual orientation, but it is not required and we do not disclose it without consent.
We will update this article with additional statements as they become available.