Study Reveals That Automakers Are Spying on Your Personal Data

Modern cars are truly computers on wheels, brimmed with a slew of high-tech equipment that help to enhance both our driving and comfort. While most of us are indulging in these modern tech amenities and features, it seems that most automakers are actually taking our privacy for granted, as this new study by Mozilla Foundation reveals that car brands are actually the worst in handling their customers’ private data.

Mozilla Foundation has conducted a study on 25 different car brands

Conducted via its ‘Privacy Not Included’ buying guide site, all of the 25 big car brands evaluated by the non-profit foundation are found guilty of spying or not providing utmost protection over their customers’ private data, so much so that Mozilla even found that cars in general are the worst category of product the group has reviewed for data privacy breach.

As a result, all 25 of these car brands are being labelled with the group’s ‘Privacy Not Included’ tag – a warning label given by the Mozilla Foundation to any products or brands that they’ve found guilty of breaching their customers’ privacy.

Aside from driving data, these automakers are also founded guilty fishing data from third-party services like Google (Android Auto)

More details on this study, the group found that car brands are actually collecting too much personal data from their customers, more than what they claimed or required to. This includes personal driving data like the average driving speeds, driving locations, driving behaviours, and many more. Aside from driving data, automakers were also caught fishing for data from connected services used in cars, which includes third-party sources like Google and Meta.

To make things worse, this study found that 84% of car companies share or sell data gathered from their customers to third parties including service providers, data broker firms, and other businesses, with 76% of them sneakily including a clause that essentially allows them to sell your private data in their privacy agreement. Meanwhile, 56% of automakers admit that they actually sold some of their customers’ data to law enforcement officials, which then will be used for court orders, warrants and many other related ventures.

The Mozilla Foundation’s study also concluded that most car brands provide little or no control over their customers’ personal data, with 92% of the brands surveyed allegedly don’t allow or purposely make it complicated for customers to review and delete their personal information. The exception to this final finding is Renault and Dacia, as both brands fell under the purview of EU’s General Data Protection Regulation (GDPR) privacy laws, which dictates that customers must be allowed to delete or remove their personal data.

As for other car brands, they just like to assume that customers have agreed and consented to their privacy agreement once they enter the vehicle. Some brands also like to assume that you’ve consented to all the privacy agreements once you connect your personal devices to the car’s infotainment system. To make matters worse, most of them don’t even put up every bit and detail into their privacy agreements, thus leading customers to agreeing to them blindly.

Both BMW & Ford have put up official statements in respond to this study's finding

Ever since Mozilla Foundation published this eye-opening study, several automakers have further responded to this matter by publishing an official statement. As reported by Motor1, brands like Nissan, Stellantis, BMW, Ford, and Subaru have all responded accordingly to the findings of this study, with few of them now updated and reiterated their privacy agreements, while some now allows customers to easily delete their personal data without any hidden hurdles and clauses.

At the end of the day, efforts from non-profit and independent organisations like the Mozilla Foundation must be applauded, and we at Caricarz.com agree that more studies and research should be made upon this matter, as a bid to keep these automakers accountable for any data breaches and over-mining.