The Mozilla Foundation has warned that car makers are failing to give drivers enough control over their data privacy.
Researchers are warning that modern cars are “wiretaps on wheels”, with manufacturers failing to give drivers control over their data privacy.
In its ‘Privacy Not Involved’ survey, the Mozilla Foundation said that while most major manufacturers admit they may sell drivers’ personal information, half of them said they would share it with governments or law enforcement agencies without a court order. will share.
The proliferation of sensors in automobiles – from telematics to fully digitized control consoles – has made them prodigious data-collection hubs.
Researchers say drivers are given little or no control over the personal data collected by their vehicles. He also warned that the security standards are unclear, which is a major concern given automakers’ track record of vulnerability to hacking.
“It seems like cars have really flown under the privacy radar and I’m really hoping we can help remedy that because they’re really awesome,” said Jane Caltrider, the study’s head of research. “Cars have microphones and people do all kinds of sensitive conversations in them. Cars have cameras that face in and out.”
Unless they choose a used, pre-digital model, car buyers “don’t have a lot of options,” Caltrider said.
Cars scored the worst on privacy among more than a dozen product categories Mozilla has studied since 2017, including fitness trackers, reproductive-health apps, smart speakers and other connected home devices.
The privacy notices of twenty-five car brands were reviewed, selected for their popularity in Europe and North America. Not a single one of them meets Mozilla’s minimum privacy standards, which promotes open-source, public interest technologies and maintains the Firefox browser. In contrast, nonprofits accounted for 37 percent of the mental health apps reviewed this year.
Car makers are selling your personal data
Their notice reveals that nineteen automakers say they can sell your personal data. Half will share your information with the government or law enforcement in response to a “request,” as opposed to requiring a court order. Only two – Renault and Dacia, which are not sold in North America – give drivers the option of deleting their data.
“Increasingly, most cars have wiretaps on the wheels,” said Albert Fox Kahn, technology and human rights fellow at Harvard’s Carr Center for Human Rights Policy. “The electronics that drivers pay more and more money to install are collecting more and more data about them and their passengers.”
“There’s something strangely offensive about turning the privacy of someone’s car into a corporate surveillance space,” he said.
The Alliance for Automotive Innovation, a trade group representing the makers of most cars and light trucks sold in the US, took issue with that characterization. In a letter sent to the US House and Senate leadership on Tuesday, it said it shares the “goal of protecting consumers’ privacy”.
It invoked federal privacy law, saying “the patchwork of state privacy laws creates confusion among consumers about their privacy rights and makes compliance unnecessarily difficult.” The absence of such legislation allows connected devices and smartphones to collect data for tailored ad targeting and other marketing – while also increasing the potential for large-scale information theft through cyber security breaches.
The Associated Press asked the alliance, which has opposed efforts to give car owners and independent repair shops access to onboard data, whether it supports allowing car buyers to automatically opt out of data collection. And provides them the option to delete the collected data. Spokesman Brian Weiss said there are “concerns” about allowing the group to opt out customers completely for security reasons, but he is open to giving them more control over how the data is used by marketing and third parties. supports.
In a 2020 Pew Research survey, 52 percent of Americans said they chose not to use a product or service because they were worried about how much personal information it would collect about them.
Mozilla researchers said most car brands ignored their emailed questions on the matter, which provided partial, unsatisfying responses.
Japan-based Nissan surprised researchers with the level of honesty and detailed description of data collection given in its privacy notice, which is in stark contrast to big tech companies like Facebook or Google. The “sensitive personal information” collected includes driver’s license numbers, immigration status, race, sexual orientation and health diagnoses.
In addition, Nissan says it may share “inferences” drawn from the data to create profiles that “reflect consumer preferences, characteristics, psychological trends, predispositions, behaviors, attitudes, intelligence, abilities and aptitudes.” “
The researchers found that it was one of six car companies that said they may collect “genetic information” or “genetic characteristics”.
Nissan also said it collected information on “sexual activity”. He didn’t say how.
The all-electric Tesla brand scored high on Mozilla’s “creepness” index. If an owner opts out of data collection, Tesla’s privacy notice states that the company may not be able to notify drivers about issues “in real time,” resulting in “reduced functionality, serious damage, or inaction”.
Neither Nissan nor Tesla immediately responded to questions about their practices.
Mozilla credits laws such as the European Union’s General Data Protection Regulation and California’s Consumer Privacy Act in 27 countries for forcing car manufacturers to provide existing data collection information.