“Cars are the worst product category we have ever reviewed for privacy,” says non-profit Mozilla Foundation in its latest assessment of the privacy policies of the world’s largest automakers.

The organisation found that all 25 car brands reviewed were collecting too much personal data, leveraging harvesting opportunities such as the car itself, connected services, the car’s app (which provides a gateway to information on your phone), and information from third party sources such as Sirius XM or Google Maps.

Tesla, Nissan, GM, Kia, Fiat’s Dodge, and Hyundai feature amongst the “creepiest” automotive brands on the market in terms of their handling of users’ data. Renault’s Dacia, BMW and Subaru were amongst the least “creepy” of the reviewed cars.

Nissan, for example, says in its USA privacy notice that it collects, shares and uses sensitive personal information for targeted marketing purposes. This includes immigration status, race, national origin, religious or philosophical beliefs, sexual activity, sexual orientation, precise geolocation, health diagnosis data and genetic information.

The company also says that it shares and sells inferences drawn from any personal data collected in order to create a profile reflecting the consumer’s “preferences, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities aptitudes” for targeted marketing purposes.

Nissan did not respond to a request for comment at the time of writing.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Tesla also performed very poorly on Mozilla’s metrics. Tesla has been the subject of privacy concerns for some time, with Reuters reporting back in April that Tesla employees were sharing sensitive image recorded by customer cars via an internal messaging system. The highly invasive videos and images recorded by customers’ cars included a video of a naked man approaching a vehicle and a Tesla driving at high speed into a child riding a bike.

Reuters reported that data labellers for Tesla were given access to thousands of videos or images recorded by car cameras in order to view and identify objects such as pedestrians, street signs, construction vehicles and garage doors.

Mozilla Foundation’s assessment discovered that customers who opt out of the company’s vehicle data sharing policy are warned that opting out “may result in your vehicle suffering from reduced functionality, serious damage, or inoperability.” In other words, opting out of intrusive data sharing could transform customers’ Teslas into a high-tech, high-cost brick.

“What did I learn in researching the privacy and security of 25 of the top car brands in the world?” Misha Rykov, one of Mozilla’s researchers, said, “Modern cars are a privacy nightmare and it seems that the Fords, Audis and Toyotas of the world have shifted their focus from selling cars to selling data.”

“Cars’ new bells and whistles mean the potential for more data-collecting sensors, cameras, and microphones. But unlike with apps or smart home devices, most drivers aren’t even aware this data is being collected – let alone have the power to turn it off.”

Indeed, data security is becoming an increasingly pressing issue for the modern automotive company, whose computerised cars are WiFi-enabled, Bluetooth-embedded, and carriers of CPUs. GlobalData’s database shows that mentions of “data security” and “data protection” in company filings increased by a factor of 13 between 2018 and 2022, as worrying cases of automakers’ data leaks emerge.

Intel claimed back in 2016 that autonomous vehicles would produce 4TB of data in one and a half hours of driving by 2020, while McKinsey estimated that as much as $750b worth of in-vehicle data could be collected by 2030.

Counterintuitively, an ongoing GlobalData poll of B2B audiences that to date has 1,124 responses saw a decline in the proportion of respondents that are very concerned about data security risks from artificial intelligence from 62% in May to 57% in July and 29% in August. The proportion of those expressing that they are not very concerned rose from 4% in May to 5% in July and also 29% in August.

Our signals coverage is powered by GlobalData’s Thematic Engine, which tags millions of data items across six alternative datasets — patents, jobs, deals, company filings, social media mentions and news — to themes, sectors and companies. These signals enhance our predictive capabilities, helping us to identify the most disruptive threats across each of the sectors we cover and the companies best placed to succeed.