Study Claims Major Automakers Violate Customer Privacy By Collecting and Selling Personal Data

As impressive and sophisticated technology is these days, it is understandable why customer privacy is a huge concern among the population. Some of us are a little cautious when allowing a device access into our personal lives. One minute you’re talking about buying dog food, next thing you know you’re getting ads for dog food on your smartphone. So it is understandable for people to raise a few eyebrows over the phrase “smart technology” and “artificial intelligence” when customer privacy is an issue.

Not too long ago, it was revealed that a group of Tesla employees violated customer privacy by allegedly sharing lews images of drivers on a private server.

But according to a study conducted by Mozilla, every major auto brand like Ford, Toyota, BMW, Tesla, Kia, etc., can acquire personal information on race, facial expressions, weight, sexual activity, immigration status, health, genetic info, and where you live through sensors, microphones, cameras, personal devices, car apps, company websites, auto dealerships, and driving habits. These companies can then take this data and share or sell it to third parties in the same manner as many social media outlets. The study also claims that automakers can use your information to create conclusions about each driver’s intelligence, driving ability, personality traits, personal preferences, and so on.

The Results

As another edition of Mozilla’s *Privacy Not Included research, the study was the result of 600 hours of reading privacy policies, downloading apps, and communicating with brands. Researchers found that of the 25 major global automakers, none of them met the Minimum Security Standards.

The results revealed that major companies like Volkswagen, Toyota, Kia, and Mercedes-Benz collect demographic data on customers’ age and gender, driving behaviors, and sexual behavior. That data can then be used for marketing purposes, product research and development, and be sold to third parties. Analysts believe that by 2030, the car data monetization industry could be estimated to be worth $750 billion.

“Many people think of their car as a private space – somewhere to call your doctor, have a personal conversation with your kid on the way to school, cry your eyes out over a break-up, or drive places you might not want the world to know about,” says *PNI Program Director Jen Caltrider. “But that perception no longer matches reality. All new cars today are privacy nightmares on wheels that collect huge amounts of personal information.”

While none of the brands involved in this study received Mozilla’s Best Of designation, researchers concluded that European automaker Renault as the “least problematic” when it comes customer privacy. They, much like other European brands, are required to comply with the laws of the General Data Protection Regulation (GDPR) regarding personal data that is used, processed, and stored.

“This isn’t the first time Mozilla has uncovered an industry with terrible privacy practices,” says *PNI researcher Misha Rykov. “But cars are unique — their privacy flaws impact not just the driver, but also passengers and sometimes even nearby pedestrians. They can hear you, see you, and track you. Today, sitting in someone’s car is a lot like handing your phone over to the auto manufacturer.”

Additional Findings on Customer Privacy

• Major auto manufacturers have their own corresponding mobile apps used to locate your car in a crowded parking lot or start it remotely. But these apps are also a resource to gather personal data, such as global location and biometric info.
• Many brands were found to be guilty of “privacy washing,” which is the act of pretending to respect and protect customer privacy while doing the exact opposite.
• Some brands will consider passengers to be “users”, thereby granting them permission to collect personal data. Some will even mention that it is the driver’s responsibility to inform passengers of the vehicle’s privacy policies.
• Automakers like Hyundai and Kia were found to share personal data with law enforcement and governments based on “formal or informal” requests. Kia says in its policy that they may share personal info under certain circumstances, “if, in our good faith option, such is required or permitted by law.”