Skip to main content
Data & Analytics

Car privacy is awful, researchers find, exposing everything from your medical info to your sex life

Mozilla researchers report that when it comes to privacy, cars are the worst.
article cover

Unsplash

3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

You never know what might happen on the open road—your car, for example, might be stealing data related to your sex life.

That’s according to findings from a Mozilla review of safety and privacy standards from a number of automakers that revealed, as the blog post announcing the study put it, that “Cars Are the Worst Product Category We Have Ever Reviewed for Privacy.”

Mozilla ranked 25 carmakers on deficiencies related to data use, data control, track record, security, and AI, and found that all 25 fell well short of optimal privacy protections. Nissan and Kia go so far as to tell consumers in their disclosures that they collect information on “sexual activity” and “sex life,” respectively, which Mozilla researchers described as “some of the creepiest categories of data we have ever seen.”

“Could there be a ‘good’ reason for your car maker to have that information?” the researchers wondered. “Probably not. If there is, we definitely didn’t find it in Kia’s privacy policy.”

Worst-ranked Tesla earned that distinction for being the only company to get dinged for “untrustworthy AI” because the automaker’s “AI-powered autopilot was reportedly involved in 17 deaths and 736 crashes and is currently the subject of multiple government investigations.” Tesla also tells consumers that not allowing them to collect data could break the car completely.

Highest-ranked Renault and Renault subsidiary Dacia were at the top of the pack for their relatively protected data, which the researchers attributed in part to Europe’s General Data Protection Regulation (GDPR). However, the researchers couldn’t determine if any of the cars they tested encrypt user data.

Mozilla offers some tips and tricks at the end of each individual review to help consumers protect themselves—but ultimately there’s not a lot we can do. The automotive industry doesn’t offer much choice about your privacy protection, and it’s hard to opt out of driving if you don’t live in a region or country with robust public transportation.

As IT Brew previously reported, car software is hackable. In the past few years, a Kia and Hyundai exploit that went viral on TikTok allowed thieves to break into hundreds of cars. And as the tech develops, so do ways of hacking it; automakers at CES23 showed off a number of new software integrations that are here already or coming soon.

Short of regulations in the US comparable to Europe’s GDPR, our privacy is likely to continue to be compromised. And as the Mozilla researchers noted, the difficulty they faced of finding out how cars exploit private data means consumers aren’t going to be able to find this information easily by themselves.

“If three privacy researchers can barely get to the bottom of what’s going on with cars,” Mozilla’s team wrote, “how does the average time-pressed person stand a chance?”

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.