The nonprofit Mozilla Foundation recently published a series of articles about personal data and privacy in cars. It researched 25 brands, all of which earned the foundation's "Privacy Not Included" warning label, meaning the automakers did a poor job of managing data and providing security. In the end, Mozilla found that cars were the worst category of products it had ever reviewed.
According to the study, all of the car brands surveyed collect too much personal data. In addition to the information needed to operate a vehicle, details about how people use their vehicles, how fast they drive, where they go, and other tidbits are cited as being collected. Car companies also gather information through the connected services used in the car, including third-party sources from companies such as Google, Meta, or Sirius XM.
The study found that 84 percent of car companies share or sell customer data to third parties, including service providers, data brokers, and other companies. In addition, 56 percent of automakers say they share information with government or law enforcement officials in response to court orders, warrants, or informal requests.
The Mozilla Foundation concluded that most car companies also provide little or no control over personal data. 92 percent of the companies surveyed allegedly don't allow or make it extremely difficult for people to delete their personal information. Renault and Dacia are listed as exceptions, though the study notes those two brands fall under the purview of Europe's General Data Protection Regulation (GDPR) privacy laws.
The Mozilla Foundation spent more than 600 hours researching car companies' privacy practices and was unable to get a complete picture of how consumer data is used or shared. It also reached out to all of the car companies in its survey, but only received responses from Ford, Honda, and Mercedes-Benz, and apparently those responses still didn't answer all of the group's questions.
Source: Mozilla Foundation