Report: cars are the worst products for protecting user privacy

Data security is one of the most frequently cited arguments automakers make in their fight against right to repair. For instance, in a memo published last October by their advocacy group, they called a new right to repair ballot initiative in Maine a “monetizable data grab” and then painted this picture of what could happen if it passes:

Here’s a scenario. You get a routine repair done at your mechanic. After your leave, the shop retains a pipeline of access to your vehicle’s telematic data and can continue to receive that information wirelessly from your vehicle – days or months after the repair. … They can see where your car has been and where you’ve driven. Your route. How fast you’ve been going. They can sell the data. They can place ads on your in-vehicle computer, like their own advertising platform. These are applications that more closely resemble what happens when you search the internet than anything having do with a traditional vehicle repair.”

That made it extra ironic when a nonprofit best known for its advocacy of a healthy internet, the Mozilla Foundation, published a report titled, “It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy.” In it, they found that every single major car brand on the market today is “terrible at privacy and security,” in the form of collecting too much personal data, sharing or selling that data, giving vehicle owners little to no control of their data, and lacking transparency about how they protect vehicle owner data.

The group has reviewed a wide range of other products with a particular focus on examining privacy policies, ranging from smart home devices and smartphone apps to video game consoles and kids’ toys. For cars, they say they spent 600 hours examining the privacy practices of 25 different brands. They ranked Renault the best and Tesla the worst, but every single one earned a “Privacy not included” warning label from the group, representing the first time they gave an entire product category such low marks.

Graphic from Mozilla Foundation’s report on automobile privacy, summarizing their findings in pretty clear terms. Image: Mozilla Foundation.

“The gist is: they can collect super intimate information about you – from your medical information, your genetic information, to your ‘sex life’ (seriously), to how fast you drive, where you drive, and what songs you play in your car — in huge quantities,” the report says. “They then use it to invent more data about you through ‘inferences’ about things like your intelligence, abilities, and interests.”

There are lots of scary and surprising findings in the report, like which companies will give away your data to law enforcement for even “informal” requests, and which mention they collect information about “sexual activity” and “genetic characteristics.” The summary isn’t particularly long, so it’s definitely worth a read. At the end, they have a petition you can sign that calls on car makers to respect to stop collecting, sharing and selling our very personal information.

That’s a novel concept. Maybe if automakers are so concerned about independent service centers getting access to data, they should stop collecting so much data about drivers in the first place?