- Smart cars pose significant privacy concerns due to their extensive data collection practices.
- A recent study indicates that nearly every car manufacturer gathers information about its drivers, with a staggering 84% of them proceeding to share or sell this data.
- This information includes sensitive categories including biometric information, location data, personal details, and even sexual orientation.
- Privacy4Cars, a U.S.-based automotive company, introduced the Vehicle Privacy Report tool earlier this year to inform drivers of the extent of data collection by vehicles.
- ExpressVPN used this tool to analyze the most popular cars in the U.S., revealing how much information they collect.
- Until there are clearer regulations on car data privacy, there are steps you can take to safeguard your personal information from being collected and shared by your smart car.
- For example, opting out of data selling and behavioral advertising and using a privacy-focused VPN when connecting to your car’s Wi-Fi hotspot.
Modern cars have become more than just vehicles; they’re rolling data centers, akin to smartphones on wheels, silently gathering a wealth of information about us as we drive. From tracking our routes to monitoring driving habits and even delving into biometric details, our vehicles are quietly accumulating a hoard of data, often without us even realizing it.
As cars become more automated and connected, the companies behind them are gaining more control over their functionality and data collection. This transition raises a pressing concern over privacy, as our locations and personal information are funneled back to manufacturers and, in some cases, traded by questionable third parties.
In fact, a recent study by the Mozilla Foundation labeled cars as the worst product category they’ve ever evaluated for privacy. Alarming findings include excessive collection of personal data, widespread data sharing, and a notable lack of user control over their information. This situation highlights the urgent need for clearer regulations on car data privacy.
However, until these measures are in place, drivers can take a proactive step by staying informed. Join us as we guide you on what you need to know about how your smart car tracks you, the data it shares, and what you can do about it.
What your car knows
How your car collects data
How your new car tracks you
Why smart cars are a privacy nightmare
The extent of data collection
Where does your personal data go?
Analyzing top car models in the U.S.
The road ahead: smart car data regulation
How to stop your car spying on you
What your car knows
Every time you use your turn signal, you’re not just activating a light; you’re sending a digital message through your car’s intricate internal network. This seemingly small action speaks volumes about the incredible advancement of automobiles.
Since the 1970s, cars have housed computers, but today’s smart cars are in a league of their own. McKinsey predicts that by 2030, up to 95% of new vehicles sold worldwide will be connected.
These modern vehicles feature an array of advanced features, relying on touch-sensitive panels and screens that respond to the slightest touch, a wave, or even a voice command. However, this progress comes with a notable consequence: Every interaction with your car generates a record, from turning the wheel to unlocking the doors. This information is typically collected and stored by the car company.
How your car collects your data
Braking intensity, acceleration, headlight usage, windshield wiper activation, and even opening your driver’s side door all contribute to a detailed profile of you as a driver. This wealth of data has given rise to an entire industry centered around telematics, the art and science of monitoring, logging, and analyzing driving behavior. It underpins incentives like good-driver discounts offered by insurance companies and ushers in a new era of personalized driving experiences.
Connected services and devices
But your car’s capabilities extend beyond the physical actions you perform while driving. Services accessible through your car’s dashboard, like radio stations, the channels you watch on your car’s infotainment system, or a GPS route planner also contribute to the data it collects. Car companies can also access data from your phone when you download your car’s app.
External data sources
Car companies can also gather additional information about you from data brokers, car dealers (who have information from test drives), your social media profiles, and government sources.
20 ways your smart car tracks you
Let’s delve into the specifics. Here’s how a smart car can track its driver:
1. Location tracking
GPS technology allows smart cars to pinpoint their exact location, enabling features like navigation and providing data on travel patterns.
2. Traffic patterns and congestion
Smart cars can collect data on traffic patterns and congestion, which can be used to improve navigation and routing algorithms. However, this data can also be used to track individual vehicles and their movements.
3. Driving behavior
Smart cars monitor factors like acceleration, braking, speed, and steering patterns to analyze how a driver operates the vehicle.
4. In-vehicle preferences
These include settings like seat position, climate control, and entertainment choices, which are recorded to provide a personalized driving experience.
5. Biometric data
Some smart cars can collect biometric data, such as fingerprints and facial scans. This data can be used for security purposes, such as unlocking the car or starting the engine.
6. Data from synced devices
Depending on the manufacturer, your smart car may have the ability to access and collect data from your synchronized mobile devices. This includes call logs, messages, and app usage.
7. External cameras and sensors
Smart cars use a variety of sensors and cameras to monitor their surroundings, enabling features like parking assistance, lane-keeping, and collision avoidance.
8. Environmental data
Smart cars can also collect data on the environment around them, such as air quality, temperature, and road conditions. This data can be used to improve navigation, safety systems, and environmental monitoring.
9. Voice recognition
Smart cars with voice recognition systems can track what the driver and passengers say. This data can be used to control the car’s features, such as the climate control, navigation system, and infotainment system.
10. Trip log information
This includes information about when you start and end a journey, as well as details of the trip (e.g., route taken).
11. Airbag system data
Some cars collect data related to the airbag system, including weight and body position information, which is stored onboard. This data can be used to diagnose vehicle problems and investigate accidents.
12. On-board data
This refers to data generated by the car, but not necessarily sent to the manufacturer, unless accessed using external data extraction tools. It covers a wide range of information, including engine performance, tire pressure, and fluid levels, helping with maintenance and diagnostics.
13. Media analytics
Information about what you listen to in your car, such as radio stations and media sources, may be tracked. This includes which shows and channels are watched on the rear seat infotainment system, logins to various streaming sites, and data on which features of the infotainment system are used, such as navigation, music, and settings adjustments.
14. Battery, ignition, and window data
Information about the vehicle’s state, including battery status, ignition status, and window positions, can be collected.
15. Diagnostic information
Smart cars can track a variety of diagnostic information, such as fault codes and system performance data. This data can be used to diagnose vehicle problems and improve vehicle reliability.
16. Stability control and anti-lock events
Recording instances where these safety features are activated provides insights into driving conditions and potential hazards.
17. Security/theft alerts
Smart cars can generate security and theft alerts. These alerts can be sent to the vehicle owner’s smartphone or to a monitoring service.
18. Wi-Fi data usage
Smart cars can track Wi-Fi data usage, such as what websites the driver and passengers visit. This data can be used to personalize the driving experience and target advertising.
19. Home energy usage
Electric vehicles can track home energy usage. This includes data on charging habits and energy consumption patterns.
20. Vehicle maintenance
Smart cars can collect data on their own performance and maintenance needs. This data can be used to improve vehicle reliability and safety, but it can also be used to track individual usage.
Why smart car tracking is a privacy nightmare
Smart cars have revolutionized our driving experience, offering unprecedented connectivity and convenience. However, they come with a significant drawback—a serious invasion of privacy and security. In fact, few products collect as much information about an individual’s actions, whereabouts, and conversations as a smart car.
The extent of data collection
Smart vehicles are continuously gathering data, transmitting it wirelessly to manufacturers, and often sharing it with third-party service providers. The range of information collected is staggering:
Personal details: Name, age, address, Social Security number, driver’s license number.
Location specifics: Precise GPS data, route history, and driving schedule.
Digital footprint: IP address, mobile device location, search content.
Demographic insights: Gender, ethnicity, and other personal details.
Financial information: Payment details, acquisition, and financing of the vehicle.
Biometric data: Facial, voice, and fingerprint recognition.
Behavioral patterns: Driving habits, style, and even 3D images around your vehicle.
And smart car makers don’t stop there. Through external data sources, they go a step further, delving into aspects like income, immigration status, race, and even intimate details like sexual activity (we kid you not) and genetic information. They can even access your photos, calendars, and to-do lists if your privacy settings allow them.
Where does your personal data go?
Manufacturers are legally bound to outline these practices in their privacy policies, however, the complexity of these documents often confuses consumers. And while these policies vary by car maker, the primary recipients of this data include:
- Service providers (although, not specified which ones)
- Government agencies
- Law enforcement
- Advertising and research companies
- Other drivers (usually to improve traffic flow or report accidents)
- Social media platforms
- Data brokers
- Tech giants like Apple CarPlay, Android Auto, and Amazon Alexa
- SiriusXM, OnStar, and other connected services
The murky world of data brokers
One of the most troubling aspects of smart car tracking lies in the involvement of data brokers. These entities operate in a shadowy realm, trading car-generated data without obtaining the explicit consent of vehicle owners. This practice raises significant concerns, including:
- Personal data misuse: When companies fail to be transparent about how they handle personal data, it erodes the principle of informed consent. This puts individuals at risk of having their personal information exploited.
- Targeted advertising: Data brokers can use driver information to bombard individuals with customized advertising. This often happens without people knowing how their data was obtained in the first place.
- Invasive surveillance: This data can be abused for more sinister purposes, enabling unwelcome surveillance that intrudes on personal privacy.
- Discrimination and profiling: Data brokers can compile detailed sets of information to create highly specific profiles of individuals. This can lead to potential discrimination based on factors like race, income, or lifestyle. It can also result in profiles that don’t accurately reflect an individual’s true characteristics.
The unregulated nature of data brokerage raises questions about accountability. With no clear oversight or standardized industry practices, it’s challenging to hold these entities responsible for any misuse or mishandling of the data they acquire.
Hackers can get access to your data
The trade of sensitive information by data brokers also introduces potential security vulnerabilities. In the event of a data breach or cyberattack, this valuable information could fall into the wrong hands, exposing individuals to a range of risks, from identity theft to stalking.
Sixty-eight percent of car brands have a bad track record, indicating recent lapses in protecting their users’ privacy through leaks, breaches, or hacks. Some of the most notable incidents include:
- Volkswagen and Audi: In 2021, a data breach between the sister companies impacted 3.3 million users.
- Toyota: Over the course of ten years, from 2013 to 2023, Toyota exposed data from 2.15 million users, highlighting a prolonged lapse in data security.
- Mercedes-Benz: In June 2022, Mercedes-Benz disclosed a data leak stemming from a third-party vendor, compromising the personal information of potentially 1.6 million prospective and existing customers. This included sensitive details such as names, street addresses, email addresses, and phone numbers.
These breaches can have far-reaching consequences for individuals, from identity theft to targeted cyberattacks.
Your smart car data can be used against you
Another concerning aspect of smart car data collection is that it can be used against you in a court case. Law enforcement agencies globally are increasingly accessing personal car data for investigative purposes. This not only includes location history but also personal communications.
Vehicle manufacturers are known for sharing voice recordings and location history, often without the knowledge or consent of the occupants. In some instances, individuals haven’t even signed up for the service, yet their movements are being recorded.
According to the Mozilla Foundation, 56% of car manufacturers said that they share their drivers’ information with the government or law enforcement in response to a “request,” be it formal or informal.
Analyzing the top car models in the U.S.
To create more awareness about data collection practices, Privacy4Cars, a U.S. automotive firm, unveiled its Vehicle Privacy Report earlier this year.
The online tool works by utilizing the Vehicle Identification Number (VIN) of a car, a unique identifier much like a fingerprint for vehicles. It then cross-references this with each manufacturer’s public policy documents, giving a comprehensive picture of the data landscape. Through this, the report reveals the huge amount of information that our smart cars are capable of collecting and transmitting to manufacturers.
The tool categorizes vehicles as either a “smartphone on wheels” or a “hard drive on wheels”. The latter designation is used for vehicles that have telematics, but the cellular connection is no longer functional (due to it being 3G or older technology).
To gain further insights, using publicly available VIN numbers, we ran the five most popular cars in America (according to research by automotive platform Edmunds Inc.) through the Privacy4Cars tool. Here’s what we found:
2023 Chevrolet Silverado
The Chevy Silverado holds its crown as the top-selling vehicle in the U.S. in 2023. However, due to its advanced telematics capabilities, it actively gathers a wealth of data on both the driver and the vehicle’s operations.
This data collection covers personal details like names, addresses, and email addresses. It also extends to biometric markers such as fingerprints or facial features, all while keeping tabs on the driver’s whereabouts. Though the policy’s wording regarding synchronized phone data can be convoluted, the vehicle crafts user profiles based on individual driver habits and preferences.
The scope of data collection is broad, spanning from camera imagery and sensor metrics to voice commands, stability control, and anti-lock events. It leaves no stone unturned, even logging infotainment system use, from radio to rear-seat entertainment.
In addition to these details, the Silverado logs specific information like battery status, ignition details, window operation, gear status, and diagnostic information. It tracks the driver’s journey, recording location, route history, speed, and noteworthy driving events like braking, swerving, and cornering.
Regarding data sharing, the Silverado divulges information to affiliates within the General Motors network, third-party service providers, insurers, and government agencies. However, the policy leaves a question mark on whether data is shared with data brokers, as the manufacturer neither explicitly affirms nor denies this in its policy.
2023 Ford F-150
Like its contemporaries, the light-duty pickup doesn’t have information about data deletion, despite it collecting a wealth of information about its owners. This includes names, locations, and driving license details. The manufacturer is also keen on identifiers and user profiles and also keeps track of location details. However, the car’s stance on synchronized phones and biometric data is a bit hazy.
A driver’s habits aren’t off the radar either. Ford keeps tabs on speed, pedal usage, and even seatbelt engagement. The vehicle acts as a silent recorder, documenting routes, speed, and even local weather conditions.
When it comes to sharing, Ford isn’t shy. They disseminate data to affiliates, service providers, insurers, and government bodies. The stance on data brokers, however, remains elusive.
2023 RAM 1500
When it comes to personal data, RAM opts for a “no-deletion” policy, including personal identifiers from names and addresses to Social Security numbers and driving license details, as well as biometrics. RAM also monitors driving habits, recording timestamps, speed, acceleration, and braking. The vehicle tracks journey details like location, weather, and routes taken. It even keeps an eye on its own status, monitoring refueling, battery levels, and camera imagery.
In terms of synchronized phones, RAM’s policy is nuanced. While data isn’t directly taken from synced phones in the vehicles, an exception exists for RAM’s own branded mobile remote apps.
On the upside, RAM provides three avenues for individuals to manage their personal data in most of their new vehicles. This includes toggling geo-location data collection, opting in or out of specific data uses through digital channels, and requesting the “right to be forgotten.”
2023 Honda CR-V
Honda’s data collection practices involve gathering a wide range of information, which the company categorizes as “covered information.” This includes personally identifying details such as contact information, Social Security numbers, and driving license information.
Unlike some of Honda’s other models, the CR-V specifically collects information about the vehicle’s status, including fuel levels, tire pressure, and battery charge. The car also records trip log data, such as the start and end times of journeys, and monitors the status of the airbag system.
Additionally, the CR-V collects information on how the connected features of the vehicle are used, which can include search history, call logs, and voice commands (which potentially include audio recordings). Driver behavior information is also tracked, including details like pedal position, engine speed, and steering angle.
On top of that, the airbag system may collect weight and body position information, but this data is stored locally on the onboard computer and can only be accessed through a physical connection, with state and federal laws governing who can access it.
2023 Tesla Model Y
Tesla doesn’t have a straightforward policy for deleting user data, which suggests that information could potentially be held indefinitely. This raises concerns about how much control users actually have over their personal information.
Tesla is open about collecting data about its drivers in the form of personal identifiers, it also tracks location data. However, the company’s policies around synchronized phone information user-profiles and biometrics are a bit of a mystery, leaving users uncertain about how this particular category is managed.
The road ahead: calls for stronger smart car data regulations
Most smart car brands fall short in data use and security, demonstrating poor data control. None of the policies outlined by the majority of smart car manufacturers offers a comprehensive view of how driver data is utilized and shared.
The notion of “consent” in the world of smart cars is also often illusory. Unlike optional smart home devices, driving is a necessity for many. Companies frequently sidestep or presume consent, assuming you’ve read and agreed to their policies before you even get into their vehicle. Subaru, for example, states that passengers implicitly “consent” to the use, and potentially sale, of their personal information simply by being inside.
Tesla takes it a step further, allowing you to opt out of data collection, but with a veiled warning that it may impair your car’s functionality. Nissan goes so far as to burden you with the responsibility of informing others about your car’s privacy policies.
This stark disadvantage faced by consumers when it comes to smart cars has prompted Senator Elizabeth Warren to get involved. In November 2022, she addressed this escalating concern, highlighting the pressing need for action.
In a six-page letter to the top antitrust enforcers in the U.S., Lina Khan, chair of the Federal Trade Commission, and Jonathan Kanter, head of the antitrust division of the Justice Department, she expressed profound unease over the rising competition and consumer protection issues linked to smart vehicles.
The Surveillance Technology Oversight Project (STOP) took it a step further with their report titled “Wiretap on Wheels,” where they emphasized:
“Modern cars collect a huge amount of data, stored indefinitely onboard and in the cloud. The data tracks not just the car, but its occupants: it records our location history, phone contents (contacts, emails, texts, tweets, social media feeds), voice recordings, weight, and other biometric data. If this sounds creepily expansive, it is. Car data often is collected for the benefit of manufacturers, not drivers.
Our information fuels a billion-dollar industry centered on subscription services and on selling drivers’ data to third parties, including law enforcement. Many cars on the road feed this industry: 84 million connected cars beamed data to manufacturers and other companies in the U.S. in 2021. Drivers can refuse some data collection, but saying “no” often comes at the cost of passenger safety: no data, no emergency roadside service, or built-in navigation tools.”
The urgency for action is clear. There’s a critical need for more robust regulation and oversight in the smart car industry. Clearer, stricter guidelines governing data collection, sharing, and resale are vital to protect the privacy and security of vehicle owners. However, until these regulatory measures are firmly established, it’s important that consumers take proactive steps to safeguard their data.
12 ways to protect yourself from your car spying on you
A vigilant awareness of privacy policies and the use of tools like Privacy4Cars are important steps in the effort to add an extra layer of defense against unwarranted data collection. Here are a few more tips on how to shield yourself against the relentless data collection and potential sale of your personal information by smart cars:
1. Consider older, non-connected models
One effective approach to safeguarding your privacy is to opt for an older, used car that lacks internet connectivity and cameras. By doing so, you can significantly reduce the potential points of data collection and minimize the risk of unwanted surveillance.
2. Be cautious of the information you share on social media
It’s important to be mindful of the information you share, especially on social media platforms or when communicating with friends and family. Avoid disclosing sensitive details about your smart car, such as its location or your travel plans on social media, and rather opt for messaging platforms that have end-to-end encryption like WhatsApp or Telegram.
3. Embrace open-source solutions
An emerging trend in the automotive industry mirrors the competition between open-source Android and closed-source iOS in the smartphone realm. Look for car manufacturers that offer open-source options, enabling users to have greater control over their car’s operating system and, consequently, their data privacy.
4. Disable tailored advertisements
In your contract when purchasing a vehicle, refuse consent for personalized advertisements to prevent the sharing of your personal information for targeted marketing.
5. Opt-out of data selling and behavioral advertising
Take advantage of opt-out options to limit the sharing of your personal data and cross-context behavioral advertising.
6. Perform a factory reset
Before selling or trading in your car, ensure you conduct a factory reset to erase all personal data and disconnect any associated apps. The same goes for purchasing a used car—confirm that the previous owner has removed their connected account.
7. Strengthen security measures
Implement robust passwords and enable two-factor authentication for apps and services linked to your car.
8. Exercise data caution
Grant access to your data only to trusted third parties and limit data collection through mobile apps using iOS or Android settings.
9. Disable location sharing
Opt out of location sharing on your mobile device to restrict access to your real-time whereabouts.
10. Evaluate voice assistants
If you’re concerned about data collection, reconsider using voice assistants like Amazon Alexa, which may gather voice requests, IP addresses, and geolocation information for advertising purposes.
11. Keep software updated for enhanced security
Regularly updating your smart car’s software is a critical measure in fortifying your privacy defenses. Manufacturers frequently release security patches that address vulnerabilities. By staying up-to-date, you ensure that your vehicle is equipped with the latest protections against potential intrusions.
12. Use a privacy-focused VPN for added security
When connecting to your car’s Wi-Fi hotspot, consider using a privacy-focused VPN like ExpressVPN. This technology creates a secure tunnel for your data, shielding it from prying eyes. It also adds an extra layer of protection, making it significantly more challenging for any potential eavesdroppers to intercept your online activities.
Cause for concern or a necessity? What are your thoughts on smart car data privacy practices?
FAQ: About smart cars
Are smart cars safe?
Smart cars are generally considered safe, but it is important to note that they’re smaller and lighter than traditional cars, which can make them more vulnerable in a crash. However, smart cars are equipped with a variety of safety features including a strong steel safety cage, airbags for the driver and front passenger, side airbags, window airbags, and a knee airbag for the driver. They also feature advanced safety systems such as an Anti-lock Braking System (ABS), Electronic Stability Control (ESC), Traction Control, and a Tire Pressure Monitoring System (TPMS). Additionally, smart cars come with driver assistance features like blind spot monitoring, lane departure warning, forward collision warning, and automatic emergency braking, which work to prevent accidents from happening in the first place.
What are the worst smart cars for privacy?
The worst smart cars for privacy are those that collect the most data about their drivers and passengers, and share that data with the most third parties. These cars may also have poor privacy policies and make it difficult for drivers to opt out of data collection.
According to a 2023 report by the Mozilla Foundation, the worst smart cars for privacy include:
These car brands collect a wide range of data about their drivers and passengers, including location data, driving habits, and even personal information such as race, ethnicity, and religion. They also share this data with a variety of third parties, including data brokers, law enforcement, and insurance companies.
Many of these car brands also have poor privacy policies and make it difficult for drivers to opt out of data collection. For example, Tesla has been criticized for its “shadow mode” feature, which collects driving data even when drivers are not using the car’s Autopilot or Full Self-Driving Beta systems.
Are all smart cars electric?
No, not all smart cars are electric. However, the vast majority of new smart vehicles being developed today are electric. This is because electric vehicles offer many advantages over traditional gasoline-powered vehicles, such as lower emissions, lower operating costs, and better performance.
Privacy should be a choice. Choose ExpressVPN.
30-day money-back guarantee