Cars Are the Worst Product Category We Have Ever Reviewed for Privacy
It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy
Author: Jen Caltrider, Misha Rykov and Zoë MacDonald
Source: https://www.mozillafoundation.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/
Summary
Modern cars[1] are the worst culprits at protecting our privacy. Surprisingly, they are even worse when compared to other offenders such as home security systems and dating apps.
Takeaways
- The following brands were tested:
| Car Brand | Country of Origin | Parent Company | Data Use | Data Control | Track Record | Security | AI |
|---|---|---|---|---|---|---|---|
| Renault | France | Renault Group | x | x | |||
| Dacia | Romanian | Renault Group | x | x | |||
| BMW | German | BMW Group | x | x | x | ||
| Subaru | Japanese | Subaru Corporation | x | x | x | ||
| Fiat | Italian | Stellantis | x | x | x | ||
| Jeep | American | Stellantis | x | x | x | ||
| Chrysler | American | Stellantis | x | x | x | ||
| Dodge | American | Stellantis | x | x | x | ||
| Volkswagen | German | Volkswagen Group | x | x | x | x | |
| Toyota | Japanese | Toyota Motor Corporation | x | x | x | x | |
| Lexus | Japanese | Toyota Motor Corporation | x | x | x | x | |
| Ford | American | Ford Motor Company | x | x | x | x | |
| Lincoln | American | Ford Motor Company | x | x | x | x | |
| Audi | German | Volkswagen Group | x | x | x | x | |
| Mercedes-Benz | German | Mercedes-Benz Group | x | x | x | x | |
| Honda | Japanese | Honda Motor Co. Ltd | x | x | x | x | |
| Acura | Japanese | Honda Motor Co. Ltd | x | x | x | x | |
| Kia | Korean | Hyundai Motor Group | x | x | x | x | |
| Chevrolet | American | General Motors | x | x | x | x | |
| Buick | American | General Motors | x | x | x | x | |
| GMC | American | General Motors | x | x | x | x | |
| Cadillac | American | General Motors | x | x | x | x | |
| Hyundai | Korean | Hyundai Motor Group | x | x | x | x | |
| Nissan | Japanese | Nissan Motor Co. Ltd. | x | x | x | x | |
| Tesla | American | Tesla Motors | x | x | x | x | x |
- Modern cars fail because of the following factors:
- collecting too much personal data - they collect more personal data than necessary, including:
- how you interact with your car (e.g. how fast you drive, what songs you play in your car)
- what connected services you use in your car
- your car's app, i.e. the app that you install on your phone to easily connect to your car
- third party sources can be used to gather additional information (e.g. Sirius XM, Google Maps)
- they can even collect information about your sex life (e.g. Nissan, Kia)
- selling personal data
- 76% of the car brands can share your personal data with service providers, data brokers, and other businesses
- 56% of them can share your information with the government or law enforcement in response to an informal request (which is by standards, is a lower bar than a formal court order)
- anonymized and aggregated data is also shared
- little to no control over personal data
- only 2 brands (Renault and Dacia) say that all drivers have the right to have their personal data deleted [2]
- unclear confirmation of meeting minimum security standards - it is unsure whether or not the car brands are even encrypting user data being collected
- 68% of the car brands earned a bad track record for leaks, hacks and breaches
- collecting too much personal data - they collect more personal data than necessary, including:
- Overall, Tesla is the car brand that is the worst offender against privacy vulnerabilities
- Opting out of privacy consent might even break your car [3]
- However, all of the car brands researched earned the "Privacy not included warning label" from the privacy researchers
What is even considered a modern car? It could be the year manufactured (e.g. 2000s or later), but it's definitely in consideration to the newer features: advanced computerization, electronic capability, safety features, fuel efficiency, and styling. Source: https://shunauto.com/article/what-is-considered-a-modern-car ↩︎
These brands are owned by the same parent company and are only available in Europe, which is protected by the GDPR privacy law ↩︎
However, “if you no longer wish for us to collect vehicle data or any other data from your Tesla vehicle, please contact us to deactivate connectivity. Please note, certain advanced features such as over-the-air updates, remote services, and interactivity with mobile applications and in-car features such as location search, Internet radio, voice commands, and web browser functionality rely on such connectivity. If you choose to opt out of vehicle data collection (with the exception of in-car Data Sharing preferences), we will not be able to know or notify you of issues applicable to your vehicle in real time. This may result in your vehicle suffering from reduced functionality, serious damage, or inoperability." Source: https://www.tesla.com/legal/privacy ↩︎