Our Vehicles are Gobbling up our Personal Data

The IoT has the potential to fulfill the grand promise of the Internet – to unite the entire globe by uniting every electronic device, system, and appliance in one worldwide network.

“The collective network of connected devices and the technology that facilitates communication between devices and the cloud, as well as between the devices themselves,” according to Amazon.

But with all that connection comes data collection. Personal data collection. Mountains of it. And nowhere is that more prevalent than our increasingly high-tech vehicles, which Mozilla highlighted in a recent report, calling cars “the official worst category of products for privacy that we have ever reviewed.”

All 25 vehicles they reviewed earned their “Privacy Not Included warning label,” with car companies collecting absurdly intimate information like medical information, your genetic information, how fast you drive, where you drive, what songs you play in your car, and even your sex life (not joking).

They begin by editorializing that every car brand they researched collects more personal data than is reasonably necessary to operate your vehicle and maintain your relationship with them. The wild part is that a mere 63% of the famously intrusive mental health apps crossed that metaphorical data privacy line.

And here’s the key – the data-collecting opportunities go far beyond what we physically and knowingly input (say, in the vehicle’s built-in GPS). Your vehicle “can collect personal information from how you interact with your car, the connected services you use in your car, the car’s app (which provides a gateway to information on your phone)...”

That makes your car a more zealous data collector than even multipurpose consumer devices like (insert anything with “smart” in the title), though perhaps it’d be more accurate to say that your car cannibalizes the data from items like your smartphone.

As you’d expect, most of these companies (84%) share your personal data with service providers, data brokers, and other businesses, while a slightly lower proportion (76%) sell your data.

A little over half (56%) would share your information with law enforcement via a simple request, to say nothing of a court order. Hyundai’s privacy policy says it’ll comply with “lawful requests, whether formal or informal” (so all requests).

This wouldn’t be as big a problem if the companies gave you any control over your data, but only 2 of 25, Renault and Dacia (both owned by the same company, mind you) let you delete said data.

And that’s just scratching the surface. The IoT is growing by the minute, and as it does (and our cars get more connected), data privacy will get more and more critical.