Mozilla Criticises Privacy of Leading Car Manufacturers

Mozilla criticizes privacy of leading car manufacturers

Mozilla examined how leading automakers protect consumer privacy for the latest edition of its “Privacy Not Included” report. All 25 car brands tested scored “disastrously.” According to Mozilla, they collect data on sexual activity, facial expressions and health, among other things, and also share this information with third parties.

The handling of customer data from car manufacturers such as BMW, Ford, Nissan, Toyota, Tesla, Kia and Subaru was examined. Among other things, they are said to collect data through sensors, microphones and cameras in vehicles and through the cell phones and devices that users pair with vehicles. Other data sources include car apps, company websites, dealerships and telematics systems, according to the study.

Automakers forgo encryption

The data can apparently be shared and sold by manufacturers to third parties. It is also said to be used by manufacturers to look back at intelligence, skills, traits, preferences and other personal characteristics.

The research team behind “Privacy Not Included” also criticized the fact that none of the brands in the test met Mozilla’s minimum security standards. The researchers found that none of the brands encrypted all personal data stored in their vehicles. On its own, only one manufacturer – Mercedes – even responded to Mozilla’s request regarding encryption.

The brand with by far the most breaches, according to Mozilla, is Nissan. The Japanese automaker admits in its privacy policy to collecting a variety of information, including sexual activity, health, and genetics – but how that data collection is done is not explained. Nissan says it may share and sell consumers’ “preferences, traits, psychological trends, tendencies, behaviors, attitudes, intelligence, abilities and aptitudes” to data brokers, law enforcement and other third parties.

Volkswagen is cited as another negative example in the study. The Wolfsburg-based company says it collects demographic data (such as age and gender) and driving behavior information (such as seat belt and braking habits) for targeted marketing purposes. Kia, on the other hand, claims in its privacy policy to collect data about its customers’ “sex lives.”

“For many people, their car is a private space – a place where they can call their doctor, have a personal conversation with their child on the way to school, cry their eyes out in heartbreak, or drive to places they don’t want the world to know about. But this idea no longer corresponds to reality: in terms of privacy protection, all new cars are true nightmares on wheels that collect huge amounts of personal data,” comments Jen Caltrider, Program Director at Privacy Not Included.