Your car follows you on Instagram: how to tame its data addiction


Did you read the privacy policy before getting into your car? It could be as long as 14,000 words if you drive a Kia. Or it may require a university degree to comprehend if you drive a Jeep or Tesla, according to a recent report by All About Cookies. Multiple organizations are expressing concerns about cars becoming a “privacy nightmare.”

A recent report from Mozilla revealed that cars track even users' sexual activity and sell user data to third parties. Driving behavior is beamed directly to insurance companies, affecting premiums.

The Electronic Frontier Foundation (EFF), a non-profit defending civil liberties, shared useful tools that users can use to check what data their cars collect, where it goes, and how to opt out.

By entering the vehicle identification number (VIN) it’s possible to get a rough idea of what your car tracks about you and where your data goes. Not only should you be worried about what's written there, but also about what’s left unsaid.

Get a degree before reading the privacy policy

The average human reads a page per minute or 800 words. After evaluating privacy policies from 15 major carmakers, the All About Cookies team found that the average number of words in a car privacy policy is 7,505. That would require 10 minutes to read.

However, it may require years of education to understand them, as privacy policies are often hard to find and filled with legalese and dense language.

“The average automotive privacy policy requires a 12th-grade (High school senior) education to understand,” the report reads. “Jeep has the hardest-to-understand privacy disclosures of any major manufacturer. You need to read at a postgraduate level (above a bachelor’s degree) to understand Jeep’s privacy policy.”

Tesla’s policy was found to be the next hardest to read, “on par with the materials taught in a 300-level college course.”

Meanwhile, the average American reads at a 7th to 8th-grade level. The average customer may not understand these policies.

Mazda had the simplest privacy policy to understand, requiring an 8th-grade comprehension. It is also the shortest, at around 2,200 words.

Mercedes-Benz has the second-easiest policy to read, requiring a 10th-grade education to read its approximately 2,500 words.

Kia has the longest policy with 14,000 words, followed by BMW and Subaru, with policies clocking at 11,000 words.

Car privacy policies

What data can cars collect?

Car companies go to a greater extent on the types of data they collect. While every one of them collects demographic data, driving habits, repairs, and maintenance, some companies venture into darker places.

“We wanted to highlight which companies include these kinds of notable and unexpected pieces of information in their privacy policies, covering sensitive subjects such as customers’ sex lives, genetic information, philosophical beliefs, and more,” All About Cookies said.

Some notables are as follows:

Mazda and Toyota: may check your Instagram, as they declare collecting publicly available social media information

General Motors: known for its Chevrolet, GMC, Cadillac, and Buick brands, collects physiological and biological characteristics, including medical information provided to OnStar, as well as home energy usage, including the use of home energy products and rate plans.

Honda: collects professional or employment-related information, such as employer, income, occupation, and education level, together with other information.

KIA: beams data about race and ethnicity, religious or philosophical beliefs, union membership, genetic and biometric data, sex life and sexual orientation, job history, performance evaluations, and education records, including grades.

Subaru: while also interested in a user’s sex lives, orientation, religious and philosophical beliefs, Subaru goes even further, adding audio recordings of vehicle occupants, mental or physical health conditions or diagnoses, and citizenship status to their list.

“If you do not consent to the collection and processing of Sensitive Personal Information within these categories, please do not access or use the Connected Vehicle Services,” Subaru privacy policy reads.

The New York Times highlighted the concerning practice of automakers sharing customer data with insurance companies, often without the driver's clear knowledge or consent. This can significantly affect their insurance premiums and privacy.

How to sing in a car with no one listening?

EFF warns that cars collect a lot of our personal data, which is later disclosed to third parties.

“It’s often unclear what’s being collected, and what's being shared and with whom,” EFF said. “There's little doubt that many cars sell other data for behavioral advertising.”

For a start, EFF recommends checking what your car is equipped to collect using Privacy4Cars’ Vehicle Privacy Report. After entering your VIN, the site provides a rough idea of what sort of data your car collects. More general practices of car manufacturers are listed on Mozilla's Privacy Not Included site.

Next, it is a good practice to check privacy options in the car’s apps and infotainment system.

“If you use an app for your car, head into the app’s settings, and look for any sort of data sharing options. Look for settings like “Data Privacy” or “Data Usage.” When possible, opt out of sharing any data with third-parties, or for behavioral advertising. As annoying as it may be, it’s important to read carefully here so you don’t accidentally disable something you want, like a car’s SOS feature, ” EFF recommends.

Opting out of certain data sharing might disable some features and even make the car undrivable, as Mozilla found about Tesla: “This may result in your vehicle suffering from reduced functionality, serious damage, or inoperability.”

If the car’s app has driver scoring or feedback options, such as GM’s ”Smart Driver,” Honda’s “Driver Feedback,” or Mitsubishi’s “Driving Score,” there’s a chance that it’s sharing that data with an insurance company, and that may affect your premiums. Check for these options in both the app and the car’s infotainment system.

How to file a privacy request with a carmaker

With complicated privacy legislation in different states, EFF shared a list of links where users can file privacy requests with their car manufacturer so they can see exactly what data the company has collected and request to stop sharing it. Residents from states such as California, Colorado, and others have the “right to access” their data.

“Sometimes, you will need to confirm the request in an email, so be sure to keep an eye on your inbox,” EFF said.

Here are the privacy request pages for the major car brands:

Users can also request their data from data brokers known to hand car data to insurers. EFF linked to two of them: LexisNexis, Verisk. However, there are many more.

It may take 45 to 90 days to receive an email from the car maker or the data broker, which will often include a link to personal data, usually in the form of a CSV, PDF, XLS, or other file.

“Without a national law that puts privacy first, there is little that most people can do to stop this sort of data sharing,” EFF concluded.


More from Cybernews:

Your data, their profit: the data brokers you know nothing about

Italy’s Meloni seeks damages over graphic deepfakes

Future Kindle e-readers will be in color

Vans warns customers of fraud risk after data breach

Google hit with 250m euro fine in France

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked