What Data Does My Car Collect About Me and Where Does It Go?
By Mozilla Foundation, Sept. 6, 2023
What did I learn in researching the privacy and security of 25 of the top car brands in the world? Modern cars are a privacy nightmare and it seems that the Fords, Audis, and Toyotas of the world have shifted their focus from selling cars to selling data.
When all of the 25 car brands we reviewed earn our *Privacy Not Included warning label for failing to respect and protect their customers’ privacy, something is seriously wrong. Car companies, are you hard up on cash? Your swan dive into the data biz is worrying us. It’s just that… Drivers are already paying you for their cars so why are you taking their privacy too? Ugh.
When we first started looking into cars and privacy, only one thing was clear: It’s complicated. Even to the car-markers! In response to a standard set of privacy and security questions we ask companies by email, Mercedes-Benz told us that it wasn’t possible to give us “universal answers.” And they’re kinda right. It is so difficult to get a clear picture of the data comings and goings between vehicles, their apps, their connected services, and more. But did your privacy-researching team take “it’s too complicated” for an answer? Heck no! Determined to help consumers get to the bottom of the privacy and security of cars, here’s what we learned after combing through 25 of the most popular car brands’ (many) privacy policies.
How does my car collect data about me?
Cars have had some kind of computer in them since the 1970’s. What’s new is the number of them and the amount of things they control. If you had the pleasure of driving during the El Camino era before the mid-eighties, you might remember literally rolling down a car window — by turning a crank. (A clunky move that makes it even harder to look cool hanging out the passenger side of your best friend’s ride.)
Nowadays, it takes just a press of a button to “roll down” your car’s windows as more and more of cars’ features are powered by computer systems that also connect to the internet. And we’re not just talking about state-of-the-art future-cars. Consulting firm McKinsey predicts that 95% of new vehicles sold globally will be connected ones by 2030. “Basic vehicles,” the report says, will bring the most value from data because of their popularity. So if it doesn’t yet, calling a car “smart” will soon feel as retro as saying “smart phone.”
Cars with more advanced features and commands barely even need buttons. There’s touch-sensors and screens that work with barely a boop of the finger, a wave of the foot, or even by asking nicely. The future is now! But having all those microphones, cameras, and sensors sending signals through your car’s computers also means that whenever you interact with your car you create a tiny record of what you just did. Like when you turn the steering wheel or unlock the doors. And usually all that information is collected and stored by the car company.
Other bits of information about you and your passengers can be collected automatically, when you’re just sitting there. Because while your car is waiting to respond to your command, its sensors are, uh, “sensing”. That’s probably why vehicle data hubs, the data brokers of the car industry, can brag about having so many data points like driver fatigue — which monitors head and eye position — and heart rate.
Cars’ new bells and whistles mean the potential for more data-collecting sensors, cameras, and microphones. But unlike with apps or smart home devices, most drivers aren’t even aware this data is being collected — let alone have the power to turn it off.
Another way your car collects data is from the connected services you use from your car’s dashboard, like satellite radio or a GPS route planner. Then there’s the devices you connect to it, like a telematics device: a plug-in that sends information about your driving behavior to your insurance company, or your phone. Car companies can also get data about you from your phone when you download the car’s app.
Finally, there’s the old-fashioned way. Just like (way too many) other products that connect to the internet do, car companies often collect extra information about you on their own from data brokers, car dealers (yes, they know all about you from those test drives), social media, the government, and more places we’ll talk about below.
What data does my car collect about me?
There’s probably no other product that can collect as much information about what you do, where you go, what you say, and even how you move your body (“gestures”) than your car. And that’s an opportunity that ever-industrious car-makers aren’t letting go to waste. Buckle up. From your philosophical beliefs to recordings of your voice, your car can collect a whole lotta information about you.
What you do in your car is more than enough information to paint a detailed picture of you. But your car-maker wants more. They can collect information about how much money you make, your immigration status, race, genetic information, and sexual activity (it’s in there!). Heck, they’ll even help themselves to your photos, your calendar, and your to-do list if you’ll let them.
… But wait, there’s more data car companies collect about you
Thirteen (52%) of the cars we looked at also collect information about the world around your car. Apparently, sensors can record information about the weather, the road surface conditions, traffic signs, and “other surroundings,” whatever that means.
Ugh, that pesky “other” category. As creepy and detailed as these data points are, we’re more worried about what’s not in the fine print. As usual, a lot of the privacy policies use vague language. Six companies mention “demographic data” which is about as descriptive as saying “characteristics” — another word that popped up a few times. We have similar worries about “sensor data,” because, like we talked about before, sensors can be high tech enough to measure private stuff, like stress level. Also, “images.” Please, car brands, tell us more.
Using broad language is a classic tool that companies use to leave the door open for collecting more data than they’re spelling out in their policies. It makes it pretty much impossible to know all of the information that’s being gathered about you.
“Practically all of the privacy policies we looked at used qualifying language when listing the data points they collect. Words like ‘such as,’ ‘including,’ or ‘etc.’ tell us we are only getting a sample of what is collected and not the full picture.”
They use other cheeky little tactics to gloss over the amount of data they collect, like this Easter egg we found in Honda’s privacy policy. At the end of a long list of categories of personal information they collect, they put “Personal information as described in Cal. Civ. Code § 1798.80(e).” Huh? It turns out that that’s short for just about anything that “identifies, relates to, describes, or is capable of being associated with a particular individual.” Yowza!
(e) “Personal information” means any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. “Personal information” does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.
CALIFORNIA CIVIL CODE 1798.80 (E)
https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1798.80.&lawCode=CIV
Through inferences, car companies also create new data about you
Twenty two of the car brands (88% of the ones we looked at) mentioned creating inferences — assumptions about you based on other data. And nine of those companies (39%) said specifically that they might sell them to third parties. Hmm. Car companies’ love for inferences might explain why they seem to want to collect as much information about you as possible, even when those data points seem meaningless on their own. Like what “title,” “artist,” and “genre” you listen to in your car. Whether you listen to christian rock, show tunes, or The Joe Rogan Experience podcast on your way to work might not say that much about you… Or maybe it does? Either way, when you combine it with where you work (“employment information”) and all the places you go (“route history”), your track list can probably help fill in some blanks about your “preferences.”
Where does all the data go?
Welp, there’s more not-so-great news, folks. Most of the car companies we looked at commit many of the biggest data privacy no-nos in our books. We already talked about how, according to our standards, they collect too much data about you and how they sell inferences. There’s more. Car brands might combine information collected about you from your car with personal information they get from third parties. Then, they often share (and sometimes sell) that information (plus the “inferences” they created based on it) to all kinds of businesses. Over-collecting, combining, sharing, and selling are all things we do not like to see in privacy policies.
According to their own privacy policies, here are the comings and goings of the data created, collected, shared, and sold by car companies.
When it comes to disclosing who your car shares and sells your data to, vague language strikes again! The privacy policies we read usually only listed the categories of businesses they share with, like “service providers.” When they did name companies, the privacy policies often used more qualifying language like “such as,” “etc.” “and others,” “or similar” to make it clear that they’re only sharing a sample. Other times, the privacy policies only said that data would be shared or sold without saying to who.
After over 600 hours of research, we’re still confused about who car companies are sharing your data with and selling it to. But we do have a pretty good guess about why they’re doing it. Your data is a valuable business asset to these companies. And cars, like we mentioned earlier, can collect more and more detailed personal data than almost any other device or company can. So of course car companies are keen to cash in on that. Nineteen (76%) of the car companies we looked at say they can sell your personal data.
We know this about personal data because of data privacy laws like the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States. Both laws say that if a company plans to sell or share your personal data, they have to let you know. So even though the information isn’t as detailed as we’d like it to be, it is listed in the privacy policy.
On the other hand, even the strongest privacy laws don’t apply to so-called “aggregated and anonymized” data. So we can’t know how that information is handled. What we do know is that there’s a booming industry based on selling data from cars. On their website, automotive data broker (or “vehicle data hub”) High Mobility advertises their wide range of data products that include precise location, those two we mentioned earlier (“heart rate” and “driver fatigue”) and 57 other categories. Oh, and! They have a partnership with nine (36%) of the car brands we researched.
“The detailed data collected by car companies is a data broker’s dream. Indeed, Vehicle Data Hubs are rich with that information. Yet we still know so little about how they obtain, process, and sell it. That is the sad irony about the data broker business: they make billions off of our essentially stolen private information while revealing next to nothing about how they operate.”
The more we try to learn about cars and privacy, the more questions we have. Like, what happens to your personal data after it’s shared? And how can time-stamped, precise location data ever be anonymous?
… And where does the data end up?
Even though it might not sound like it, our research at *Privacy Not Included is based on the best case scenario. We can only really report on what companies say they’ll do with your data in their privacy policies. That’s why we take security standards and track record into account when handing out warning labels. And on that point, it’s a “yikes” across the board for car brands. Seventeen (68%) of the car companies earned our “bad track record” ding for failing to protect and respect their users’ privacy with a leak, breach, or hack recently. Among the greatest hits to their customers’ privacy:
– Volkswagen and its daughter company Audi suffered a data breach affecting 3.3 million users.
– Toyota leaked data of 2.15M users over 10 years between 2013 and 2023.
– In June 2022 Mercedes-Benz disclosed a data leak on the part of a third-party vendor that exposed the personal information of up to 1.6 million prospective and actual customers, including names, street addresses, email addresses and phone numbers.
With all the mysterious sharing and selling on top of these epic-level oopsie daisies, we’re worried about all that super personal and detailed information getting into even wrong-er hands than your car’s parent company. Like law enforcement, hackers, or just about anyone who can purchase from a data broker.
Want to learn more about what could happen if something goes wrong? We’re not done talking about cars and privacy. Sign up for our newsletter to get our latest delivered to your inbox.
Data your car-maker can collect from you… about 160 personal data items
1 – about you
- name
- address
- phone number
- age
- date of birth
- demographic data
- protected classification information
- your mobile device location
- device identifier
- payment information
- financial account numbers
- credit card number
- debit card number
- information about the acquisition and financing of your vehicle
- the lease/financing term
- billing information
- your credit card number CVV code and expiration date
- other financial information
- records of products or services purchased or considered
- other purchase or usage histories
- device identifier
- driver’s license number
- national or state identification number
- social security number
- employee identification number
- National or State Identification Numbers
- IP address
- Passport number
- insurance policy number
- signature
- sex life or sexual orientation information
- medical information
- health insurance information
- health diagnosis data
- disability status
- basic identifiers
- genetic information
- genetic data
- facial templates
- facial geometric features
- physical or mental disability
- Genetic characteristics
- physiological characteristics
- behavioral characteristics
- biological characteristics
- activity patterns used to extract a template or other identifier or identifying information
- fingerprints
- faceprints
- voiceprints
- iris or retina scans
- keystroke
- gait
- or other physical patterns
- sleep data
- health data
- exercise data
- religion or creed
- Philosophical beliefs
- marital status
- Notifications, including the recipient of the notification or their contact information;
- calendar entries
- contact numbers
- characteristics
- physical characteristics
- language preference
- inferences reflecting your preferences
- demographics and vehicle usage patterns
- nationality
- citizenship status
- education
- current employment
- employment history
- union information
- socio-professional category
- veteran or military status
- immigration status
- ancestry
- race
- national origin
- gender
- sexual activity
- your preferences
- registration and account information
- credentials for multimedia services
- photographs, user-generated content and other materials that you may submit
- your address book, calendar, tasks, and emails, to the extent you authorize such collection
- other information linked or directly related to you
2 – about what you do in your car
- geolocation
- precise location
- route history
- driving schedule
- audio information
- audio recordings of vehicle occupants
- voice recordings
- call recordings for emergency and customer service purposes
- calls and other communication recordings and associated logs with our customer service team or service providers, such as recordings and logs of telephone calls, or communications using Connected Vehicle Technologies and Services
- information about anyone making a call using the Connected Vehicle Technologies and Services; Call history information, including the date, time, and duration of a call, and any response specialist’s notes written during a call;
- visual information
- gestures
- biometric information
- sensor-collected data from radar
- sensor-collected data from ultrasonic devices
- electronic information
- other sensor-collected data
- search content
- vehicle speed
- vehicle usage information
- driving habit and style
- pedal positions
- use of accelerator
- travel direction
- trip start time and end time
- trip start and end location
- current location
- points of interest
- seat belt use
- information about door locks
- information about open doors
- swerving/cornering events
- use of steering functionality
- use of braking functionality
- information about braking habits
- vehicle/technology usage data such as remote start technology
3 – information about your interactions with us, our affiliates, our service providers, Integrated Content Providers, and Optional Third Parties related to your vehicle usage
- battery charging history (for electric vehicles)
- charging locations used (if applicable)
- Real Time Status of your vehicle (i.e., vehicle location, status of powered doors, windows, hood, trunk, sunroof, hazard lights, odometer reading, oil life, fuel economy, trip distance, distance to empty)
- information about the usage of vehicle features, services, and technology
- data from third-party account services that you link to your Connected Services account (e.g., Amazon Alexa)
- use of multimedia screens
- infotainment (including radio and rear-seat infotainment) system
- records from usage of the Connected Services
- information that you provide when using the connect services, including information you send and information you request
- information about what is listened to in the vehicle (such as radio presets, volume, channels, media sources, title, artist, and genre)
- crash or near-crash information about the vehicle or driver’s behavior will be recorded in the vehicle
- air bag deployments
- recent service requests
- purchases
- presets
- other sensor data
- images and event data generated in connection with certain features
- a Vehicle Occupant’s search content
- information collected from camera images
- voice command information
- stability control or anti-lock events
- security/theft alerts
- WiFi data usage
4 – about the world around your car
- ambient data (such as outside temperature and brightness)
- “Exterior Image Data”
- 3-D images around your vehicle
- weather
- road segment data
- road surface conditions
- other driving conditions
- traffic signs
- other surroundings
- traffic jams
- obstacles
- parking spaces