Your car may be collecting extensive data about you

Have you ever read the privacy policy for OnStar? Of course not. And chances are, you were never given access to the data privacy policy for your car manufacturer — or if you were, it was one of a thousand things you initialed or were given when you bought your car.

We’re at a watershed moment for personal data collection by cars. That’s because most 2020 model-year vehicles in the U.S. will come with a built-in internet connection. From here on out, new cars will be a lot like smartphones on wheels, with the ability to access your phone, run apps and collect data about you and your movements. Are you ready?

It’s not just new cars, either. Many existing models not only have hundreds of sensors but they also collect and store data from those sensors. Many cars automatically copy over all your personal data, including your photographs, as soon as you plug your smartphone in.

You can’t access the data your car collects. You generally can’t discover what’s being collected, much less tell your car to stop collecting it. Your vehicle could be selling your contacts, photos, call history, location and itinerary to third parties, including law enforcement, without your knowledge.

Technically, carmakers say, this is with your full consent, but there’s no way to opt out from the collection and sale of this data. There are no federal laws regulating what data automakers can collect, how long they can keep that data, or what they can use it for.

Hacking a car for science

A Washington Post reporter recently looked into how much data cars collect on their owners. Since there’s no way to get the data from the car company, he had to hire a hacker. He was only able to access one of several systems that collects data: the infotainment system.

The hacker was a Cal Tech-trained engineer who ordinarily works for an accident reconstruction company. It took substantial gear and know-how to hack into the vehicle. The car was a two-year-old Chevy Volt lent by a volunteer.

You might not expect your infotainment system to be beaming much of interest to third parties, but the hacker explained that it is one of several onboard computers that interact. To hack it, the team had to extract it from the vehicle and hook it up to another computer.

What data did the infotainment system yield? Enough to reconstruct the user’s day:

  • A map marked with precise destinations
  • The unique identifiers for the reporter’s and owner’s phones
  • A detailed log of the owner’s phone calls
  • The reporter’s and owner’s contact lists, including addresses, emails and photos

The hacker said this isn’t unusual. Some cars record your location every few minutes, even if you aren’t using the navigation system. Some cars contain hard drives five times larger than the basic iPhone 11. Tesla’s Model 3 can even collect short videos from the vehicle’s cameras. Soon, the data collected could include facial recognition technology, as facial cameras are being added to ensure drivers are paying attention.

What can you do to protect your privacy?

According to the Post, there’s not much you can easily do to prevent this data collection or control the use of the data. Although carmakers have pledged transparency, the Post called eight manufacturers and none offered any meaningful way to manage the data.

Keep this in mind the next time you view that offer from your automobile insurance to give you a discount on your auto insurance in exchange for allowing the insurance company to interact with your car and track your driving habits.

For now, the best way to prevent data collection might be simply to buy an older car.

Skip to content