Within the past decade, the technology used in vehicles has significantly advanced, allowing many modern cars to become increasingly connected.
This means new cars now have many ways to record user data. Modern vehicles can record your seatbelt settings and how often you use the accelerator, and even gather biometric information about you.
Unfortunately, some of this data is being sold by the questionable data broker industry.
In May, Privacy4Cars, a U.S.-based automotive firm, released a new tool called the Vehicle Privacy Report. The tool helps reveal how much information on your car can be used.
Like Apple and Google's privacy labels for apps, which show how Facebook might use your smartphone's camera, Vehicle Privacy Report reveals what vehicle manufacturers can know about users.
Tech website WIRED used industry sales data and ran 10 of the most popular cars in America through Vehicle Privacy Report to find out how much information they can collect. The results were alarming.
The analysis follows earlier reports on the amount of data modern cars can collect and share, with some estimates claiming that modern cars can produce 25 gigabytes (GB) of data per hour.
Andrea Amico, the founder of Privacy4Cars, explained that users don't completely understand what data their cars can collect as there is little education and the level of detail and transparency varies across manufacturers.
The tool ranks most modern vehicles as "smartphones on wheels" because they can collect user data and wirelessly send that information to manufacturers.
The Vehicle Privacy Report creates privacy labels under two broad categories:
For many of the new cars and trucks released in the past few years, it's possible that most types of data are collected. According to Privacy4Cars, your car can collect data such as:
The tool works by using a car's Vehicle Identification Number (VIN) and analyzing each manufacturer’s public policy documents.
WIRED gathered publicly available VINs for some cars produced in 2022 and ran them through Vehicle Privacy Report. They also compared the results with the original public policy documents from each company. The results only apply to the U.S. since different laws apply in other countries. (Related: Class action lawsuit filed against Apple over illicit data collection.)
The documents include privacy statements, terms of service and connected vehicle policies. Recent models from a manufacturer collect the same data as other cars in the manufacturer's lineup because they are governed by the same policies. All manufacturers provide data to the government or law enforcement when there is a legal request to do so.
The lengthy documents are often technical, legal files that explain what kind of data is collected and why. For example, some may be gathered for research or product development, while other information could be utilized for personalizing marketing.
If you drive one of these new cars, you need to provide your location data for its mapping and satellite navigation services to work.
The documents also state that sensor data, data from camera images, voice command information, stability control or anti-lock events, security/theft alerts, infotainment (including radio and rear-seat infotainment) system and Wi-Fi usage can be collected.
Companies can also receive information about your home energy usage, which is linked to the charging and discharging of electric vehicles.
Chevrolet, owned by General Motors, collects both information about users and what they do with the vehicle, as do all manufacturers analyzed by Vehicle Privacy Report.
A company spokesperson claimed that its privacy statement is the full documentation of what the company collects. This document also links to its specific privacy document for connecting services, including its cars.
After running the Chevrolet Silverado through Vehicle Privacy Report, it revealed that GM collects people’s identifiers, such as names, postal addresses and email addresses.
According to Chevrolet's documents, it can collect the following information about your vehicle:
It can also collect data like your location, route history, speed and braking and swerving/cornering events.
Honda collects personally identifying information, like your contact information, driving license details, Social Security number and location. This all broadly falls into a category that Honda calls "covered information," or information that’s gathered about a user.
Chris Martin, Honda's regulatory, legal and new technology communications manager, explained that it is difficult to distill how data is collected and used by Honda in a few sentences because of several laws that apply and the different reasons why specific data may be collected.
Martin said checking Honda’s Vehicle Data Privacy Practices document can help you learn more about how your data is being used.
WIRED used the Privacy4Cars tool on the Honda CR-V and Civic models.
Honda can collect information about:
There is also data about how you use the connected elements of your vehicle, like search content, call history information and voice commands, which sometimes include audio recording.
Driver behavior information also include engine speed, pedal position and steering angle.
Your car also generates on-board data, but this is generally not sent to Honda. This is information that’s stored in your car and could be accessed by someone with external data extraction tools, like a technician.
Honda’s documentation says onboard data could include information about how a car is used, driver behavior information or contacts and messages sent using the car's systems.
Privacy4Cars results say it isn't clear how Honda uses biometric data.
According to Martin, no Acura or Honda models in America have systems that transfer biometrics to the company. And while the airbag system in a Honda car may collect weight and body position information, this information is stored on the onboard computer and can only be accessed by a physical connection, with state and federal laws outlining who can access it.
Honda’s connected product privacy notice says users can opt out of many forms of data collection, with instructions in its apps and car owners' manuals.
Only one Ford model, the F150 truck, appears on recent lists of bestsellers, but the truck is usually the most popular across all categories.
Ford collects information about the car owner, including names, driving license data and location details.
Privacy4Cars analyzed four Ford documents to check the data the company can collect.
Alan Hall, Ford's director of technology communications, shared that the company's Connected Vehicle Privacy Notice provides users with the most information about what its cars collect.
Ford vehicles can collect vehicle data such as:
Additionally, Ford can collect driving data and characteristics such as how you push the pedals, driving speed and seat-belt-related data.
Ford can gather data about speed, local weather and travel direction and track the precise location of the vehicle.
Voice recognition systems in some Ford vehicles can gather information when you are listening to music or the radio.
Its "media analytics" involves capturing information about what you listen to in your car such as:
Four Toyota models were included in the pick of the most popular U.S. vehicles in recent years: the Toyota Tacoma, Toyota Camry, Toyota RAV4 and Toyota Highlander.
The privacy documentation analyzed by the Vehicle Privacy Tool is the same for each 2022 Toyota model, but some older cars may collect less data.
Generally, car manufacturers like Toyota collect personal information that is considered identifiers such as:
The Vehicle Privacy Report tool analyzed four publicly available documents from Toyota. One important document is Toyota's connected services privacy notice, which details what information your car may collect.
Aside from information about users, Toyota can also collect data about your "driving behavior," which may include the following information:
Toyota can also gather a user's in-vehicle preferences, favorite locations saved on its systems and images gathered by the car's external cameras or sensors.
Some Toyota car models can even scan your face for face recognition when you enter one of its vehicles.
Corey Proffitt, a senior manager for connected communications at Toyota, explained that this feature is used to verify a driver’s identity and the profile that is stored on a vehicle. Proffitt added that this data is not readable by humans, and any facial features are only stored on the vehicle and not sent to Toyota.
According to the Privacy4Cars tool, Toyota’s documents are suspiciously "silent" on whether the company collects data from users' phones that are often synced with its vehicles.
Proffitt claimed Toyota doesn’t collect this data, except for using an identifier to connect a user’s profile on the Toyota/Lexus app with a vehicle, and only if they already have a profile set up.
The synchronization of contact info and call history for Bluetooth purposes remains on the vehicle and is not sent to Toyota, added Proffitt.
If you own a Toyota car, you can turn off all data transmission by declining "consent for connected services" on its privacy hub. You can also contact Toyota customer service.
If you don't mind your car recording your information, images and videos, think again. In April, a report revealed that between 2019 and 2022 Tesla workers shared sensitive images recorded by customer cars in chat rooms.
The recordings caught Tesla owners in embarrassing situations, with one video showing a naked man approaching a vehicle. In an interview, former Tesla technicians revealed that the computer program they used at work could show the location of recordings, warning that this could be abused to find out where customers lived.
Before you connect your smartphone to a new car, review it's public policy documents. Change the settings so your car can't record your personal information, which can be sold to data brokers.
Watch the video below to know more about U.S. intel agencies that buy data on Americans.
This video is from the NewsClips channel on Brighteon.com.