Barnes Tech
Blog About
Barnes Tech

Cars and Data Privacy - Follow Up

In a recent post, I discussed cars and data privacy - Cars and Data Privacy, but since then, Mozilla has published a far more detailed and in depth report about how truly awful the privacy of modern cars really is.

Some key points from the article -

  • Car brand collect too much personal data - Every car brand collects more personal data than is necessary, and they use it for reasons that have nothing to do with the operation of the car.

  • Most car brands share or sell your data - 84% of car brands can share your personal data, and 76% can sell it. 56% share it with the government.

  • Drives have essentially no control over their personal data. 2 car brands in Europe have some control in place for individuals, but none of them outside of Europe have any ability for the driver to control their own data.

  • Car brands have a poor security and privacy track record - 68% of car brands have had leaks, hacks, and breaches in the last 3 years.

It is absolutely worth reading the whole article by Mozilla. It’s extremely concerning to me and we need to get some meaningful regulation in place.

Here’s the article from Mozilla - It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

I think there are a few absolutely minimum items we need to legislate on -

  • Our data needs to be our data. Companies need to get permission to gather and especially to sell our data.
  • The only exception should be data gathered for the use of the product itself, and there should be strict regulation in place that puts the burden on companies to prove that they need data, not on individuals to try to prove that data is misused. Companies should face heavy penalties if that data is sold or used for targeted advertising in any way.
  • You should have the right to see what data is gathered about you, and if it’s anonymized in any way, how that works, so that it can be audited by security and privacy professionals.
  • You should have a right to be forgotten by these companies.

I’m sure there is a lot more to do, but we (in the US anyway) desperately need to get something in place. Reading this about cars is honestly offensive to me, and unlike the normal web in my house where I have lots of tools to try to throw off tracking and protect my privacy, there’s absolutely nothing you can do with what your car gathers and then sells about you.