Cars are changing, and quickly. Electric cars are on the rise, and at the same time, manufacturers are pushing autonomous driving technologies — even if we’re still a while away from actual self-driving cars. But there are other aspects about cars that are changing too — the fact that they’re becoming increasingly connected, and increasingly computer-controlled. And, with all the data that cars can collect, privacy is becoming increasingly important.
Turns out, however, cars aren’t that great at preserving your privacy. In fact, they’re terrible at it.
According to a new report from Mozilla, every major car brand has glaring privacy concerns — so much so that Mozilla ranked cars as “the official worst category of products for privacy.” That’s below notoriously privacy-unaware product categories, like mental health apps and sex toys.
There are a ton of reasons why cars are so bad at handling your privacy. For starters, according to the report, they simply collect too much data — and the report is quick to highlight that every car brand does this. This data can range from how users interact with their car, to some information from third-party services like Google Maps. If they have an accompanying app, cars can even collect data from your phone.
Once they’ve collected that data, they’re not very careful with it. In fact, 84% of car brands share your personal data, and 76% of them sell it.
Perhaps the worst part is that, unlike devices like TVs, there’s no way for the user to opt out of these privacy violations. Ninety-two percent of car brands give the user no control over their data — with only two brands giving users the right to have their data deleted.
The ending result of the study? Not a single car company met Mozilla’s Minimum Security Standards, which include the very basics — things like data encryption.
Perhaps the most interesting aspect of the study was exactly which car companies are worst. You would assume that the tech-focused new brands would at least be better at handling user privacy — but on the contrary, Tesla was the worst offender. Tesla cars represented the second product ever to fail in every single category of Mozilla’s study — meaning that Tesla cars collect user data without giving the user control, and they fail to secure that data. That’s despite the fact that Tesla has signed onto a list of Consumer Protection Principles. It just … doesn’t follow them.
Despite how bad Tesla is, the second-worst was arguably creepier. Nissan earned its place in the second-worst slot for some of its data collection categories, which include the user’s “sexual activity.” Kia also collects information about the user’s “sex life,” and a hefty six car companies collect users’ “genetic information.”
Yeah, it’s pretty absurd.
There’s really a very limited solution to this problem. Mozilla said in its report that the advice it usually gives to customers to protect their privacy feels like “tiny drops in a massive bucket.” In other industries, you could simply spend your money on companies that have good data practices. If you don’t like the fact that Google’s business model revolves around collecting user data, you could simply buy an iPhone.
You don’t really have that option here. While some car companies seem less bad than others, they’re all terrible at protecting your privacy.
Even if you wanted to switch cars, it’s a lot trickier than switching phones. Between the hassle of visiting a dealer, registering the new car, and selling the old car, it’s no wonder most people feel stuck. And that’s if you can even find a new model in today’s competitive market, where you need to be ready to pull the trigger before someone else swoops in.
So if we can’t vote with our wallets, what can be done? Car companies aren’t careless, they’re greedy. The ones selling your data are making money from you years after you’ve paid for their car, and they’re unlikely to turn off that money tap just based on one report.
There needs to be better legislation, not just around data collection, but around the selling of user data too. Car companies should be held to a standard of data protection — and if they leak it or it gets hacked based on their carelessness, there should be massive fines. In the meantime, applying pressure to lawmakers may be our best option to stop car companies from tracking our every move in the cars we own.