The growing concerns about privacy in cars

by Jeppe Songe-Møller and Ann-Britt Rognes


Car on road

In the era of rapidly advancing technology, the automotive industry has seen a monumental shift towards hi-tech cars equipped with sophisticated features and interconnected systems. While these innovations promise convenience, safety, and efficiency, they raise significant concerns regarding user privacy and data security. For the vehicles to be used to their full potential, end-users must leave significant personal information, but is the information protected?

Modern vehicles are no longer just a means of transportation; they have evolved into data-collecting machines. From GPS navigation and infotainment systems to advanced driver assistance systems (ADAS) and telematics, cars constantly gather vast amounts of personal data about their drivers and occupants.

One of the primary concerns associated with this data collection is the potential for misuse and unauthorised access. The sensitive information captured by onboard sensors and connected devices, including location history, driving behaviour, and even biometric data, can be exploited by malicious actors for various purposes, including identity theft, surveillance, and targeted advertising.

Moreover, integrating internet connectivity and wireless communication technologies in modern cars introduces vulnerabilities that hackers could exploit to access sensitive data or remotely control vehicle functions. Such breaches could result in privacy violations or compromise the safety and security of drivers and passengers.

Another pressing issue is the apparent lack of transparency practices in the automotive industry. Many drivers are unaware of the extent to which their personal information is being collected, stored, and shared by their vehicles and associated service providers. The complexity of end-user license agreements (EULAs) and privacy policies further exacerbates this problem, as users often agree to terms without fully understanding the implications for their privacy rights. Often, end-users feel they have to agree to the terms to take advantage of all the benefits and hi-tech gadgets offered by the car. If they do not consent, the vehicle will not function as promised and may even affect the warranty.

An example of the latter can be found in a case concerning Toyota. In this case, a consumer group found that the smart technologies "Connected Services" feature built into new Toyota cars could potentially send personal and vehicle data to third parties. Toyota has insisted it takes customer privacy "extremely seriously" but has acknowledged that the "Connected Services" feature – can only be disabled but not removed from its cars, or else drivers could void their warranty and render Bluetooth and speakers non-functional.

Moreover, a report from the Mozilla Foundation from September 2023 found that modern cars are a privacy nightmare. The report states that 92% of the reviewed automakers gave drivers little control over their personal data, and 84% shared user data with third parties. All 25 car brands researched for the report — including Ford, Toyota, Volkswagen, BMW, and Tesla — failed to meet the nonprofit organisation's minimum privacy standards and were found to collect more personal data from end-users than necessary. Tesla was the worst-ranked brand in the report, getting flagged in every privacy category. Tesla's AI-powered autopilot was highlighted as "untrustworthy" following its involvement in numerous crashes and fatalities.

As the automotive landscape continues to evolve, it is imperative for manufacturers, regulators, and consumers to address these privacy challenges head-on. Stricter regulations and industry standards must be established to govern the collection, storage, and sharing of personal data in connected cars. Manufacturers should prioritise privacy by design principles, implementing robust security measures and transparent data practices from the outset of product development.

At the same time, the end-user must be empowered with greater control over their personal information, including the ability to opt out of certain data collection activities and access comprehensive privacy settings within their vehicles. Education and awareness initiatives are also essential to ensure drivers understand the risks associated with connected cars and the steps they can take to protect their privacy. End-users must learn how to see their vehicles as more than just a means of transportation; they must adopt the understanding that the vehicle is now like a hi-tech machine gathering vast amounts of personal information. And fully understand what it means to leave such electronic traces behind. The next time you sit down in your vehicle, consider what traces you leave behind and if you are comfortable leaving them.

In conclusion, while hi-tech cars offer unparalleled convenience and innovation, they pose significant challenges to user privacy and data security. Addressing these concerns requires a collaborative effort between industry stakeholders, regulators, and end-users to safeguard privacy rights in the digital age of driving. It is about time to make this a priority.

Do you have any questions?