Unveiling the Hidden Privacy Risks in Your Family’s Car
As a child I loved the TV show Knight Rider. Each week a hero named KITT would save the day using speed and style. KITT was a talking car. Also, there was a guy in the car. But who remembers him? I wanted a talking car when I got older.
Today our cars are talking, but not to us. Instead, they are blabbing about our driving habits, sharing our phone data, and tracking us wherever we go. This is not the cool car of the future that we wanted.
Today’s vehicles are more like computers on wheels, packed with technology that makes driving safer and more convenient. However, this convenience comes at a cost - your privacy.
Modern cars are equipped with a myriad of sensors, GPS systems, and connected devices that collect vast amounts of data. While this data collection is often marketed as a way to enhance the driving experience, it also raises significant privacy concerns, particularly for families.
I’ll share with you the privacy risks associated with modern cars, how they collect data, how you can find out what’s being collected, and, importantly, how you can opt-out… if at all.
The Evolution of Car Technology and Data Collection
The automobile industry has witnessed a technological revolution over the past decade. What was once unthinkable at the turn of the century - like real-time navigation, autonomous driving, and remote control of vehicle features—has become reality. This is great, don’t get me wrong.
Connected cars are at the forefront of this revolution. These vehicles are equipped with internet connectivity and various built-in sensors that collect data not only about the car's performance but also about the driver and passengers. This is often promoted to buyers as a feature that you can’t live without. But in reality, it is our data that automakers can’t live without.
Connected cars utilize GPS, telematics systems, and even onboard diagnostics to gather data. It is then transmitted back to the manufacturer and sometimes sold to third-party service providers. While this technology offers undeniable benefits, such as improved safety and convenience, it also opens the door to extensive data collection just by simply using the car.
Types of Data Collected by Cars
Modern cars collect a wide range of data, often without the driver’s explicit knowledge. This data includes:
Location Data: GPS systems in cars track your every move, recording where you go, how long you stay, and the routes you take.
Driving Habits: Cars collect information on your driving behavior, such as speed, braking patterns, and even how frequently you use turn signals.
Personal Information: If your car is connected to your smartphone or other devices, it may have access to your contacts, call history, text messages, and even emails.
In-Car Conversations: Some advanced cars come with voice recognition features that can potentially record in-car conversations.
Usage Data: This includes information on how often you use certain features, such as climate control, radio, or navigation.
Each of these data points may seem innocuous on its own, but when combined, they paint a detailed picture of your daily life. And this information is valuable to automakers, and third parties’ advertisers. And depending on the situation, this data could be exploited by people with the wrong intentions.
How Car Data Collection Poses Privacy Risks
The collection of data by modern cars poses various privacy risks. One of the primary concerns is the potential misuse of this data by manufacturers, service providers, or even hackers.
Car manufacturers often share collected data with third-party companies, which may use it for targeted advertising, research, or even sell it to other entities. This practice raises significant ethical questions about consent and the extent to which consumers are informed about the use of their data.
Also, the risk of data breaches cannot be ignored. As cars become more connected, the collected data also become more vulnerable to cyberattacks. It seems each week major companies are experiencing data breaches. Just look at what happened to National Public Data.
But what about the cars themselves? A skilled hacker could potentially gain access to sensitive information, such as your location history, personal contacts, and even financial information if you use connected payment services in your vehicle.
So is your car a threat to your identity? Will hackers be so good that they can steal your data by simply driving beside you on the interstate with a laptop and a device like a Flipper Zero?
Selling Data to Insurance Companies
Today, many insurance companies offer a smart device that plugs into your car that will share your driving habits so they can adjust your rates. Also, companies like Nationwide
offer the SmartRide App that will assess your driving habits and charge you accordingly. If a client does not want to download the app, then insurance companies can still get data on drivers.
“If you drive a car made by General Motors and it has an internet connection, your car’s movements and exact location are being collected and shared anonymously with a data broker.” - Kashmir Hill, New York Times
For example, The New York Times has reported that automakers, like Ford Motor Company,
have sold driving habit data to data brokers like LexisNexis and Verisk.
Those data brokers sell to insurance companies. When GM owners (and many others) slam on brakes, accelerate quickly, or travel over the speed limit it’s logged and sold. While the data may be anonymized, if the information is tied to addresses, account usernames, and VIN numbers, it’s easy to figure out who is who.
Family Privacy Concerns
For families, the privacy risks associated with modern cars are particularly worrying. While today parents can monitor their children's whereabouts or driving behavior in real-time. That data collection is fine considering the intent is to make sure a teenage driver is being safe.
The same technology can track a partner’s location or driving habits could lead to an invasion of privacy and contribute to unhealthy dynamics in relationships. The data collected by cars could be used to monitor family members in ways that were never intended, blurring the line between safety and surveillance.
Consider a husband and wife who have divorced but both of their names remain on the car title. Until a name is removed, both parties could still track the vehicle. This could be used in court or worse to actually harm someone.
Insights from Mozilla's Privacy Review
Adding to these concerns, Mozilla’s *Privacy Not Included project recently reviewed 25 car brands and found that they are the worst product category for privacy. This is a phenomenal investigation by Mozilla to bring to light the small print we find in automotive contracts.
Here are some key insights I found:
Data Collection: Every brand reviewed collects extensive personal data, including sensitive information like driving habits and more.
Monitoring Sexual Activity: No, this is true. Nissan and Kia both claim they can determine a driver’s sex life from their information gathering.
Data Sharing: A astounding 84% of these brands share or sell collected data with third parties, amplifying privacy risks.
Lack of Control: Drivers have little control over their data, with no clear options to manage how it’s used or shared.
Security Shortfalls: None of the reviewed brands clearly meet Mozilla’s minimum-security standards, raising concerns about potential vulnerabilities.
Transparency Issues: Privacy policies are often vague, making it challenging for consumers to understand what data is collected and how it’s used.
AI and Voice Data: Many cars use AI and voice assistants that can record conversations without explicit user consent, further confusing privacy issues for drivers.
These findings highlight the urgency of addressing privacy concerns in the automotive industry.
How to Find Out What Data Your Car is Collecting
Understanding what data your car is collecting starts with reviewing its privacy policy. Fun, right? Every car manufacturer provides a privacy policy that outlines the types of data collected, how it is used, and with whom it is shared - kinda. This information is usually available on the manufacturer’s website.
However, these privacy policies are often long and filled with legal jargon, making them difficult to understand. (Trust me, I’ve tried.) It’s a good idea to take the time to read through the policy carefully but let’s be honest, who has time for that?
Vehicle Privacy Report
If you are looking for answers that are faster and simpler to understand, you can get a Vehicle Privacy Report for free. This service offers you the opportunity to see the data that is generally being collected about your car’s make a model. It does not offer the specific data being collected. This is powered by Privacy4Cars and even has a opt-out feature.
Asking the Manufacturer about Data Collection
If you’re unsure about the data your car is collecting, don’t hesitate to contact the manufacturer directly. Most car companies have customer service lines or online support that can provide detailed information about data collection practices. When contacting the manufacturer, be sure to ask specific questions, such as:
What types of data does my car collect?
How is this data used, and is it shared with third parties?
Can I disable certain data collection features?
By being proactive, you can ensure that you’re fully informed about your car’s data practices.
How to Opt-Out of Car Data Collection
One of the most effective ways to protect your privacy is to disable data-sharing features in your car. Many modern vehicles come with options to limit or disable data collection, although these settings may be buried in the vehicle’s infotainment system or app.
Here’s a general guide to disabling data-sharing features:
Open Settings Menu: Navigate to your car’s infotainment system. Then locate the settings menu.
Find Privacy Settings: Look for privacy-related options, which may be labeled as “Data Sharing,” “Connected Services,” or “Privacy.”
Disable or Limit Data Sharing: Depending on your car, you may have the option to disable data sharing entirely or limit it to specific features.
Keep in mind that disabling certain features may affect the functionality of your car’s connected services, such as navigation or remote diagnostics. It’s important to weigh the benefits of these services against the potential privacy risks.
Data Removal Tools
It may be impossible to stop all of the data that your car collects on you. But by opting out, you can remove the data after the fact. There are two good options for you.
Data Removal Service: DeleteMe
An outstanding data removal service is DeleteMe. DeleteMe scours the internet for your personal private data then deletes it. This is good to remove your personal private data from hundreds of data broker sites. I’ve been a customer since 2018, and you can save 20% on a privacy plan when using the discount code DAD at checkout. Feel free to read my full review of their service.
Vehicle Privacy Report
As mentioned before, with your car’s VIN you can see the general information that’s being collected about your car with a Vehicle Privacy Report. Then for free, you can have the service act as your representative to opt-out of further data collection.
Is Data Automotive Data Collection Legal?
At some point we have to wonder why car manufactures are allowed to collect this much information on their customers and second hand customers. Currently, brokers who collect and sell car telemetry or user-behavioral data to service companies, such as insurers and marketers, are not legally required to offer consumers the option to opt out.
They often claim that the data is "anonymized," even though it's linked to identifiers like the VIN and vehicle registration, making this claim very questionable. This data collection exists in a legal grey area, and while future regulations might address it, automakers are currently engaging in voluntary limitations to avoid stricter regulations. This is why a data removal service like DeleteMe is important, to make sure your data isn’t sold after it’s collected without being able to opt-out.
Legal Rights and Consumer Protections
Consumers have legal rights when it comes to data privacy, and it’s important to be aware of these protections. In the United States, for example, the California Consumer Privacy Act (CCPA) grants consumers the right to know what data is being collected about them and to request that it be deleted.
If you’re concerned about your privacy, you can exercise your legal rights by:
File A Privacy Request: Under laws like the CCPA, you have the right to request a copy of the data that a company has collected about you.
Requesting Data Deletion: You can also request that certain data be deleted, although there may be exceptions for data that is necessary for safety or legal reasons.
The Electronic Frontier Foundation has an excellent article on automotive data collection. In this article they list several links to privacy request webpages for some of the major car manufacturers. I’ve submitted a request from my auto manufacturer but I’ve not received my information as of the writing of this article.
Conclusion: The Privacy Risks of Modern Cars
As vehicles evolve into sophisticated data-collecting machines, the privacy of drivers and passengers is increasingly at risk. Modern cars gather and share extensive personal information, often without the clear consent of their users.
The findings from Mozilla’s *Privacy Not Included project underscore the seriousness of these risks, revealing significant gaps in data protection and transparency across the automotive industry. To safeguard your privacy, it’s essential to understand what data your car collects, how it’s used, and to take proactive steps to manage or opt-out of data sharing. By staying informed and exercising your rights, you can protect your personal information in this rapidly changing landscape.
