According to a study involving 25 car brands and 15 carmakers published by the Mozilla Foundation, the Japanese car manufacturer Nissan stated that it could potentially sell information related to drivers’ and passengers’ sexual activity, intelligence, and health status to “data brokers,” law enforcement agencies, and other companies or services.
Furthermore, the German company Volkswagen has disclosed that it can record drivers’ voices to utilize this data for targeted advertising.
Carmakers sell data to other companies
Researchers also found that 84% of the carmakers participating in the study can share or even sell data to other companies. More than half of the car brands admitted that they could share data with governments and law enforcement agencies when requested without waiting for the necessary legal authorization.
“Our main concern is that we can’t tell whether any of the cars encrypt all of the personal information that sits on the car. And that’s the bare minimum! We don’t call them our state-of-the-art security standards, after all. We reached out (as we always do) by email to ask for clarity but most of the car companies completely ignored us. Those who at least responded (Mercedes-Benz, Honda, and technically Ford) still didn’t completely answer our basic security questions,” researchers pointed out.
Owners have little or no control
“Cars seem to have flown under the privacy radar and I’m hoping that we can help remedy that because they are truly awful,” said Jen Caltrider, the study’s research lead. “Cars have microphones and people have all kinds of sensitive conversations in them. Cars have cameras that face inward and outward.”
Caltrider and other researchers examined the privacy policies of carmakers and downloaded their applications in Germany, France, the USA, Japan, and South Korea. They discovered that the industry gathers vast amounts of data through dozens of sensors and technologies integrated into the latest car models. These new technologies calculate the weight of individuals as they sit, record the car both internally and externally with cameras, capture conversations through microphones, and monitor users through connected smartphone apps.
Europeans are generally better protected from violating their data under the General Data Protection Regulation (GDPR) law. However, according to Caltrider, this law has not been adequately enforced within the automotive industry.
“Increasingly, most cars are wiretaps on wheels,” said to AP Albert Fox Cahn, a technology and human rights fellow at Harvard’s Carr Center for Human Rights Policy. “The electronics that drivers pay more and more money to install are collecting more and more data on them and their passengers. There is something uniquely invasive about transforming the privacy of one’s car into a corporate surveillance space,” he added.