Your car may be listening, watching and collecting your data

The Mozilla Foundation examined 25 car brands and discovered that all of them violate user privacy.
Sejal Sharma
Representational image
Representational image


In-car internet is great. A car occupant can play a song, chat with a voice assistant or find directions to their destination with one click of a button.

But after reading the latest report by Mozilla Foundation on user data privacy in cars, one might rethink before switching on their in-built navigation system. We’re not being alarmists, but the report is sounding alarms left, right, and center.

The organization reviewed 25 car brands and their data collection policies and found that all of these brands are collecting more personal information about whoever sits in the car than is required. Moreover, 84 percent of these brands say they can share your personal data with service providers, data brokers, and other businesses. But shockingly, 19 of these brands (76 percent) say they can also sell your personal data.

While 56 percent of these brands also said that they can share a car user’s data with the government if they request it. The brands that the Mozilla Foundation reviewed include Tesla, Mercedes-Benz, BMW, Renault, Dacia, Chrysler, Jeep, Cadillac, General Motors, Fiat, Lincoln Motor Company, Honda, Subaru, Volkswagen, Audi, Toyota, Hyundai, Kia, and Nissan, among others.

This is worrisome

The organization has stamped these brands with a *Privacy Not Included label. Mozilla’s *Privacy Not Included buyer’s guide helps consumers shop for safe products and apps that are connected to the internet. Unless it’s a vintage car from the 1940s, there are very few air-gapped cars on the road today. An air-gapped car would be a car that has never been connected to the internet.

There will be less and less air-gapped cars in the future. A McKinsey report says that by the year 2030, about 95 percent of new vehicles sold globally will be connected, up from around 50 percent today. Around 45 percent of these vehicles will have intermediate and advanced connectivity.

Collecting more info than required

Cars have microphones and cameras inside and outside of the car, and people have conversations ranging from their private relationships to discussing their financial standing, which could be ‘heard’ and recorded as data by the car.

The report says: “While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines. Machines that, because of their all those brag-worthy bells and whistles, have an unmatched power to watch, listen, and collect information about what you do and where you go in your car.”

Only two brands - Renault and Dacia - said that the drivers of their cars have the right to have their personal information deleted. But the report also mentions that the buyers of these cars, in Europe, are protected by the General Data Protection Regulation (GDPR) privacy law. Its website says that it is the “toughest privacy and security law in the world.”

The worst ranking was given to Elon Musk-owned Tesla, which performed poorly on all safety frontiers like - data use, data control, track record, security, and AI use. The report mentioned that the brand’s AI-powered autopilot has gotten into much trouble of late, reportedly being involved in 17 deaths and 736 crashes, and is also the subject of multiple government investigations.

Add Interesting Engineering to your Google News feed.
Add Interesting Engineering to your Google News feed.
message circleSHOW COMMENT (1)chevron
Job Board