Mozilla recently disclosed that in their assessment of various car brands, all 25 of them failed their privacy evaluations. According to Mozilla, these car manufacturers exceeded reasonable boundaries in their data collection and usage policies. Some of them even included provisions for acquiring highly invasive types of information, such as your sexual history and genetic data. The technology in modern cars is indeed capable of gathering such personal information, and the fine print in user agreements outlines how manufacturers seek your consent every time you start your car.
Adonne Washington, a policy council at the Future of Privacy Forum, explained that these privacy policies are crafted to ensure protection and compliance with diverse state laws. These policies also consider the potential for technological advancements that may occur while you own the car, recognizing that tools designed for one purpose could expand in scope.
Therefore, it’s sensible for car manufacturers to include a wide range of data in their privacy policies to legally protect themselves in case they inadvertently engage in certain data collection activities. For instance, Nissan’s privacy policy covers extensive categories of user information, including “sexual orientation, sexual activity, precise geolocation, health diagnosis data, and genetic information.” This broad scope serves as a precautionary measure to avoid potential legal issues. Nissan clarified that it does not knowingly collect or disclose information related to sexual activity or orientation, but the clauses remain to comply with certain state laws.
Despite these measures, it remains unclear why these companies would require highly personal information about their drivers and how they intend to use it. Moreover, even vehicles without advanced smart features, but equipped with USB, Bluetooth, or recording capabilities, can capture substantial amounts of driver data. The absence of truly disconnected cars, combined with a lack of transparency regarding the use of driver data, leaves consumers with little choice but to trust that their information is handled responsibly.
Furthermore, the issue becomes more complex when considering shared cars, such as rental vehicles or when minors use a family car. Unlike cell phones, which are typically single-user devices, cars are shared and can collect data not only on the driver but also on passengers.
Reading and comprehending these extensive contracts is a challenging task, and even if drivers are aware of the need to do so, it’s a daunting undertaking. Car manufacturers often compound these agreements with additional terms and conditions, making it even more convoluted for consumers. Opting out of data sharing and connected services is not always straightforward, and consumers typically do not read these contracts thoroughly.
Additionally, managing data stored in the vehicle and on the manufacturer’s servers poses another challenge when selling the car. Buyers may need to ensure that the data is properly erased before completing the sale, adding another layer of complexity to the process.
The ultimate solution to these privacy and data collection challenges likely requires federal regulation, as existing state privacy laws have limited reach and effectiveness. Many consumers are unaware of these issues or have no choice but to own a car, making federal intervention crucial to safeguarding their privacy and data rights.