Literally every car brand scores below par when it comes to privacy in the car. Yes, all.

Without coming across as a “do your own research” figure, it is important to know to some extent what the digital revolution means for your privacy. The small print of the privacy legislation of almost every smart device contains a method of privacy ‘violation’ that you probably did not think possible. One is worse than the other, but you better be aware of it.

Privacy in the car

Since cars too smart they have the same problem. The microphone, the software, the cameras these days: all intended to help you, but they also collect data. Everyone will, everyone does. It’s what you do with the data that counts.

“Cars are a privacy nightmare”

Mozilla thought it was time for an investigation. With their label “*privacy not included” they examine consumer products based on their privacy regulations. To do this, they examined 25 popular car brands. And all 25 were given the label *privacy not included, which is given out if it is not in order. Yes, all the major car brands score so poorly that Mozilla calls it the worst category they have ever studied.

Personal information

So car companies have a lot of data that they collect and most brands promise to use that data to ‘understand you better and customize your car to your taste’. That may be the case, but literally all 25 car brands in the study collect more data than necessary for that purpose. According to Mozilla, the car is a breeding ground for all the red flags that privacy has to offer. The connected services in your car, but also, for example, the app with which you can turn on the air conditioning in the morning and the functionality of apps such as Google Maps and the American radio service SiriusXM, which is seamlessly integrated into your screen. As a result, car brands control, among other things:

Medical info

Genetic info

Sex life (yes, really)

How fast you drive on average

Where you drive

What music you play in the car

Share personal information

Having the data is one thing, what you do with it is another. But things aren’t going well there either. No fewer than 84 percent of the car brands surveyed share the collected data. They say with providers and data centers, but also companies about which little information is known. 76 percent say they have the right to sell your personal data to a third party. And half (56 percent) of car brands say that for ‘research purposes’ your data can be forwarded to the government for something as simple as a ‘request’. Even if it has little relevance to an investigation, if the police need your data, they will simply get it. And this is the public information that Mozilla could access, there is still a gigantic iceberg of private statistics and information that the car brands do not share.

Data protection

Do you have control over your data? Not for 23 brands, but for two. Renault and Dacia, which coincidentally belong to one parent company, give you the right to delete your personal data. With the rest you have no choice. Either you send all your data straight to the brand, or your car is as basic in terms of multimedia as a Renault Twingo from 2007.

Safety standard

Mozilla has a security standard, where the privacy legislation of a product or company is reviewed using a checklist to see whether your data is protected. Once again, all car brands score far below par because that information is not available or is poorly available. You can forget about end-to-end encryption, at least no one is talking about it. When asked, 22 car brands completely ignored Mozilla and Mercedes, Honda and Ford responded in a way that still leaves most basic safety questions a mystery. Our own research into data leaks also did not yield good results: published documents show that 68 percent of brands have had a serious data leak.

By brand

Keep the comments coming, because Tesla scores the worst on privacy. Mozilla distinguishes five categories: Data use, data choice, previous leaks, security and AI data use. Tesla is the only brand that checks all five boxes in terms of sub-par results. It is true that Tesla is one of the few car brands that uses AI and the problem mainly lies in the unreliability of the system. This is linked to the 17 fatal accidents and 736 other accidents that are being or have been investigated.

Brands that score poorly in all other four categories are:

Nissan

Hyundai

Cadillac

GMC

Buick

Chevrolet

kia

Acura

Honda

Mercedes

Audi

Lincoln

Ford

Lexus

Toyota

Volkswagen

Data use, data choice and security are substandard for the following brands, but nothing is known about leaks:

Dodge

Jeep

Chrysler

Fiat

Subaru

BMW

And as mentioned, only with Dacia and Renault do you have at least some control over your data, so they score ‘the best’. But every car brand, including Renault and Dacia, has a large warning triangle because privacy is inadequately regulated.

Scary dates

As mentioned, car brands sometimes have very strange data about you. Nissan says in their privacy policy that they can collect (and therefore use) information about your sex life. Kia ditto. Six car brands also say that they have and may use genetic information about you. Hyundai claims that their data sharing requests from government bodies may be shared upon legal request, formal or informal. In other words, if the police knock, Hyundai immediately provides your data. Nice feeling, huh? Oh and finally, 22 car brands have supported an alliance to keep data and privacy ‘minimal’, ‘transparent’ and ‘free of choice’. And the number of car brands that adhere to this checklist? Zero.

Trap

Mozilla believes that you are walking into a bit of a trap. Normally they would be able to recommend or advise against whether you should go for a product from a privacy perspective, or whether you should choose a competitor who has better arrangements. So with cars it’s all so bad that it doesn’t matter. Moreover, according to Mozilla, you choose a car based on completely different factors than privacy. If you think a BMW drives better than an Audi, but Audi shares less personal data, you will probably still choose the BMW. And that’s the theory, in practice Audi is just as bad with privacy as BMW. Mozilla emphasizes once again that this is the first time that ALL products have scored below average in terms of privacy.

Permission?

Anyway, you have to ‘give permission’, after all there is a privacy policy. But cars already need a basic level of data to do very basic things. So saying no is actually not an option. Some car brands even collect data from any passengers in the car. Tesla, for example, believes that you can say no, but then you lose a bit of everything in the car connected (such as internet and OTA updates) and the consequences can be bad for your car. So either you share all your data, or your car doesn’t work properly.

Solution?

As it says, there are two solutions to the problem. Solution one is all to drive an old car. You can say a lot about the good old days when the only electronics in the car were the lights, but at least your sex life wasn’t sent to a Chinese data center back then. Another solution is to sign the Mozilla petition at the bottom of the page that we link at the end. They will use that petition to gain more control over privacy in the car. (through Mozilla)

