Arrow-right Camera
The Spokesman-Review Newspaper
Spokane, Washington  Est. May 19, 1883

Carmakers can collect - and sell - too much data about you, watchdog says

A Renault plant is shown near Tangier, Morocco. Renault and Dacia came out the best among the 25 carmakers in a survey ranking carmakers’ data privacy policies.  (Brendan Murray/Bloomberg)
By Andrew Jeong Washington Post

Car companies are collecting “too much personal data” from drivers, who have little freedom to opt out, researchers wrote in a report assessing the data privacy policies of 25 automobile brands.

All carmakers received “Privacy Not Included” warnings from the Mozilla Foundation, which developed the Firefox browser and advocates for better online privacy and internet safety.

This means that the report’s authors have determined the companies’ products to “have the most problems when it comes to protecting a (user’s) privacy.”

Cars are the worst product “we have ever reviewed for privacy,” the authors wrote, calling them a “privacy nightmare.”

The authors have reviewed at least seven additional product categories, including mental health apps, entertainment electronic devices, smart home devices, wearables and health and exercise products.

“Cars is the first category we’ve reviewed where every product earned our Privacy Not Included warning label,” Kevin Zawacki, a Mozilla spokesman, said in an email.

All of the car brands were deemed as collecting too much personal data, while 84 percent also shared or sold data.

More than half “say they can share your information” with government officials upon “informal request.” All except two – Renault and Dacia – gave “drivers little to no control over their personal data,” such as the choice to delete personal data.

The report, published Wednesday, adds weight to concerns that as cars become increasingly connected to each other and to the internet, they are becoming tech products that provide sellers with customer data that can be easily sold and shared without the explicit consent of the product’s end users.

“The gist is: They can collect super intimate information about you – from your medical information, your genetic information, to your ‘sex life’ (seriously), to how fast you drive, where you drive, and what songs you play in your car,” the authors of the report wrote.

Modern automobiles, increasingly equipped with the latest electronic gadgets, can record data automatically.

Connect to a car’s GPS navigation system, and it can collect location data and driver habits.

Hook up your smartphone, and data stored there can be transmitted to carmakers.

“Vehicle data is a low-hanging fruit that offers many opportunities” for carmakers at low cost, said Uri Gal, a professor of business information systems at the University of Sydney Business School in Australia.

Data privacy laws in the United States appear to be “slowly emerging,” while low public awareness about the topic makes it easier for carmakers to collect data, he said.

The Mozilla report assessed what data companies can collect under their own policies – based on companies’ disclosures to government regulators – rather than the data they do collect.

Renault and Dacia came out the best among the 25 carmakers, ranking first and second, respectively.

The authors said that the two brands – whose data privacy policies “aren’t so bad” – probably were ranked highest because of Europe’s General Data Protection Regulation, which is seen as much more stringent than U.S. rules governing data privacy.