According to a new investigation, car manufacturers are gathering massive amounts of data on drivers and passengers, with some even tracking drivers’ sexual activities.
Researchers discovered that Japanese car manufacturer Nissan said it could sell information about drivers and passengers’ sexual activity, intelligence, and health diagnosis to data brokers, law enforcement agencies, and other companies in a review of 25 car brands and 15 car manufacturers published on Wednesday by Mozilla Foundation. Volkswagen of Germany stated that it could record drivers’ voices in order to profile them for targeted advertisements.
“The amount of data that these car manufacturers blatantly said that they could collect was shocking,” said Jen Caltrider, lead researcher at Mozilla Foundation, the nonprofit owner of the company running the Firefox Browser. “It’s like nobody’s ever challenged them or asked them questions about privacy, and so they just include everything.”
The report reveals the alarming extent of data collection in the automotive industry
The General Data Protection Regulation (GDPR), Europe’s historic privacy law, protects Europeans from misuse in theory, but Mozilla’s Caltrider indicated the rule was inadequately enforced with automotive businesses. A review of enforcement actions across Europe revealed that few national regulators had taken action against vehicle firms’ data collection after the regulation went into effect.
Caltrider and his colleagues examined car manufacturers’ privacy policies and downloaded their apps in Germany, France, the United States, Japan, and South Korea. They discovered that the industry collected massive amounts of data via dozens of sensors and technology built into newer car models that calculate people’s weight as they sit, filmed the car inside and outside with cameras, listened to conversations through microphones, and tracked users via connected apps on smartphones.
It’s not just about selling cars to make money anymore
“It’s not just about selling cars to make money anymore. It’s about collecting data, and then using that data to make money,” Caltrider explained, adding that autos appeared to have poorer privacy standards than mental health applications, smart home gadgets, and wearables such as connected headphones and fitness trackers.
Researchers also discovered that 84% of the car brands examined may share and sell data to other manufacturers such as data brokers, a sector estimated to be worth hundreds of billions of euros by some estimations. Just over half of the brands stated they can disclose data with the government and law enforcement when asked, rather than when a court order is issued.
Researchers also noted that users were rarely allowed to expressly and deliberately accede to the privacy regulations of their cars. According to the report, automotive firm Subaru stated that simply being a passenger in one of its vehicles implies consent to its privacy policy.
Mixed regulatory responses and minimal fines for data privacy violations in the automotive industry
European regulators have taken action against the car sector in various circumstances. Tesla, which has its EU headquarters in the Netherlands, was required by the Dutch data protection agency in March to make adjustments to its cameras that record their surroundings. According to an online list of GDPR fines, Volkswagen has been fined a little over €1 million since the GDPR went into effect. The list does not include sanctions for the other vehicle manufacturers included in the investigation (Nissan, Toyota, Subaru, Kia, Chrysler, Fiat, Renault, General Motors, Mercedes-Benz, Honda, and BMW).
Kamila Joanna Laures, Volkswagen’s digital problems representative, stated in a statement that the firm gathers, processes, utilizes, and keeps personal data “only in accordance with legal requirements.”