Automakers can, and do, use your private information however they want
The first paragraph of Mozilla’s *Privacy Not Included” buyer’s guide about car privacy issues is worth repeating here:
“Ah, the wind in your hair, the open road ahead, and not a care in the world … except all the trackers, cameras, microphones, and sensors capturing your every move. Ugh. Modern cars are a privacy nightmare.”
“Ugh” may be an understatement. The crux of the matter is control: The nonprofit Mozilla Foundation has found that vehicle manufacturers have collected tons of “private” data from vehicle operators, thanks to the proliferation of sensors and cameras and smartphones connected in and to cars.
In its report, Mozilla found that 25 car brands all failed the consumer privacy tests it carried out. Its research found that 84 percent of car companies review, share or sell data collected from car owners, and that the information was used for reasons unrelated to the operation of a vehicle or to a car brand’s relationship with its owners.
And beyond that, the report says that many companies — more than half — “say they can share your information with the government or law enforcement in response to a ‘request.’ Not a high bar court order, but something as easy as an ‘informal request.’”
Some other points made by the foundation:
— Six car companies can collect intimate information, including a driver’s medical information and genetic information. Plus info about how fast a person drives and the songs he listens to in the car.
— Nissan earned its second-to-last spot (Tesla, not surprisingly, was worst) “for collecting some of the creepiest categories of data we have ever seen”: In an apparent attack of full disclosure, Nissan said that it can share “inferences” drawn from the data to create profiles “reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.” It also collects information about “sexual activity.” It’s not clear how they can do that, but in their privacy notice they say they could. Not to be outdone, the report says, “Kia also mentions they can collect information about your ‘sex life’ in their privacy policy.”
— Only two of the 25 brands reviewed, Renault and Dacia, stated that drivers had the right to delete their personal data. The brands are headquartered in Europe, where consumers are protected by General Data Protection Regulation privacy laws.
But controlling the data outflow collection is no easy task for car buyers, Mozilla says.
“We spent over 600 hours researching the car brands’ privacy practices,” the report says. “That’s three times as much time per product than we normally do. Even still, we were left with so many questions. None of the privacy policies promise a full picture of how your data is used and shared. If three privacy researchers can barely get to the bottom of what’s going on with cars, how does the average time-pressed person stand a chance?”
The Associated Press reports that the Alliance for Automotive Innovation, a trade group representing the makers of most cars and light trucks sold in the U.S., sent a letter Tuesday to U.S. House and Senate leadership, saying it shares “the goal of protecting the privacy of consumers.” The absence of such a law, the organization said, lets connected devices and smartphones amass data for tailored ad targeting and other marketing while also making possible massive information theft through cybersecurity breaches.
But until there’s a law, as the report says, “Consent is an illusion.”
Check out the full Mozilla Foundation report. It’s a troubling read.