An internet and privacy watchdog has a warning: Your car is tracking you, and it’s collecting far more information than it needs just to get you where you’re going.
Mozilla, the nonprofit that develops the Firefox browser, released a report Wednesday detailing how the policies of more than two dozen car manufacturers allow for the collection, storage and sale of a wide range of sensitive information about auto owners.
Researchers behind the report said that cars now routinely collect data on par with tech companies, offer few details on how that data is stored and used, and don’t give drivers any meaningful way to opt out.
“Cars are a humongous privacy nightmare that nobody’s seemingly paying attention to,” said Jen Caltrider, who directs Privacy Not Included, a consumer privacy guide run by Mozilla. “And they’re getting away with it. It really needs to change because it’s only going to get worse as cars get more and more connected.”
Unlike Europe, the U.S has few meaningful regulations on how companies trade and store personal data. That’s led to a bustling industry of companies that buy and sell peope’s information, often without their knowledge.
Carmakers have a long list of personal information they say they may track, including employment and purchasing history, education, internet browsing history, location data, music and podcast listening habits, immigration status, religious and philosophical beliefs and health information.
Six of the manufacturers say they can collect “genetic information” or “genetic characteristics,” thought it’s unclear how. All but four of the car manufacturers say they can or do sell at least some of their customers’ data.
Nissan’s policy says “sexual activity” is an example of the type of sensitive information it can collect. Kia’s mentions “sex life or sexual orientation.”
Nissan did not respond to a request for comment.
A Kia spokesperson said that the company does not actually collect its users’ sex life information, and that it includes that language in its privacy policy because it was part of the list of examples of “sensitive information” under California law. The spokesperson didn’t respond to a request for a full list of what types of sensitive personal information Kia does collect.
Other manufacturers indicated they have lower standards than legally necessary for sharing users’ information with police.
As a rule, U.S. companies turn over information to police if they are compelled to do so by a warrant or court order, and car manufacturers are no exception. But Hyundai’s explanation of its policies goes significantly further, saying it may turn over customer data simply because a police officer or government official asks for it.
Hyundai can share user information “as part of an investigation or request, whether formal or informal, from law enforcement or a government official,” it says.
It’s unclear how much money car companies make from selling or trading the personal information on their users. But the privacy policies reflect an industry that has become awash in user data — especially location data, which can be incredibly useful for companies looking to track people’s habits — but is unequipped to handle it all, Caltrider said.
“These car companies are becoming like tech companies, but they don’t have any idea what they’re doing,” she said. “They’re like, ‘data, let’s get it all.’”
It’s also practically impossible for a car owner to not be part of this practice, Caltrider said. Tesla, for instance, is the only manufacturer surveyed that gives customers a meaningful option to not share their data. But Tesla’s data opt-out policy warns users that doing so may end many features and “may result in your vehicle suffering from reduced functionality, serious damage, or inoperability.”
“Consumers can’t do anything,” Caltrider said. “Usually we tell consumers to shop with their dollars. Now I’m just going to scream for the policymakers and regulators to get in the act because we’re already too late.”
Kevin Collier is a reporter covering cybersecurity, privacy and technology policy for NBC News.
