Every New Car Is a 'Privacy Nightmare,' Mozilla Researchers Conclude

Modern cars are a “privacy nightmare” that collect vast troves of personal data and demand owners allow manufacturers to share or sell highly sensitive information such as disability status, genetic information, facial templates, and even sexual activity, according to a Mozilla Foundation analysis of car company privacy policies.

The Mozilla Foundation spent 600 hours of research studying 25 privacy policies for major car brands. None of them met the Foundation’s minimum standards around security and privacy; all of them claim the right to collect huge amounts of personal data in dozens of categories from both the car and associated apps. Eighty-four percent of the brands studied share or sell personal data and “inferences” about you based on the data they collect, such as how intelligent you are, your abilities, and your interests. More than half of the companies will share your information with government or law enforcement based on a simple request, not requiring a subpoena. The vast majority of car companies, 92 percent, give drivers “little or no control over their personal data,” Mozilla also found, with the two exceptions being European-based brands Renault and Dacia, which have to comply with the GDPR privacy law.

But Mozilla Foundation holds special antipathy for Nissan, whose privacy policy it calls “probably the most mind boggling creepy, scary, sad, messed up privacy policy we have ever read” because “They come right out and say they can collect and share your sexual activity, health diagnosis data, and genetic information and other sensitive personal information for targeted marketing purposes.” Nissan also discloses that it will share and sell "Inferences drawn from any Personal Data collected to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes" to others for targeted marketing purposes.” 

“Please people, if you care even a little about privacy, please stay as far away from Nissan's cars, apps, and connected services as you possibly can,” Mozilla warns. A Nissan spokesperson did not immediately respond to a request for comment. 

While Nissan’s privacy policy is the most dystopian, all of the companies collect masses of data about the people who drive their cars. Some also collect tons of data about the world around the car. While Nissan’s privacy policy ranks as the creepiest, Tesla scored the worst on Mozilla’s scorecard, with its malfunctioning Autopilot function and
“Full self-driving” beta program which is not actually self-driving and frequently attempts to do very dangerous things leading to analysts penalizing it for “untrustworthy AI.”

Even when car companies aren’t actively selling your data to brokers, they are vulnerable to hacks or other leaks and breaches. For example, Volkswagen and Audi, Toyota, and Mercedes-Benz have all recently suffered data leaks or breaches that affected millions of customers.

Unfortunately, if you want to purchase a privacy-focused car, you’re shit out of luck. As Mozilla’s report summarized it, “they’re all bad.” The most you can do is sign their petition, which politely asks car companies to stop data collection.

Update: After publication, a Nissan spokesperson sent the following statement: “Nissan takes privacy and data protection for our consumers and employees very seriously. When we do collect or share personal data, we comply with all applicable laws and provide the utmost transparency. Nissan’s Privacy Policy incorporates a broad definition of Personal Information and Sensitive Personal Information, as expressly listed in the growing patchwork of evolving state privacy laws, and is inclusive of types of data it may receive through incidental means.”