The Times Australia
The Times World News

.

Cars are a 'privacy nightmare on wheels'. Here’s how they get away with collecting and sharing your data

  • Written by Katharine Kemp, Associate Professor, Faculty of Law & Justice, and Deputy Director, Allens Hub for Technology, Law & Innovation, UNSW Sydney
Cars are a 'privacy nightmare on wheels'. Here’s how they get away with collecting and sharing your data

Cars with internet-connected features are fast becoming all-seeing data-harvesting machines – a so-called “privacy nightmare on wheels”, according to[1] US-based research conducted by the Mozilla Foundation[2].

The researchers looked at the privacy terms of 25 car brands, which were found to collect a range of customer data, from facial expressions, to sexual activity, to when, where and how people drive.

They also found terms that allowed this information to be passed on to third parties. Cars were “the official worst category of products for privacy” they had ever reviewed, they concluded[3].

Australia’s privacy laws aren’t up to the task of protecting the vast amount of personal information collected and shared by car companies. And since our privacy laws don’t demand the specific disclosures required by some US states, we have much less information about what car companies are doing with our data.

Australia’s privacy laws need urgent reform. We also need international cooperation on enforcing privacy regulation for car manufacturers.

How do cars collect sensitive data?

Apart from data entered directly into a car’s “infotainment” system, many cars can collect data in the background via cameras, microphones, sensors and connected phones and apps.

These data include:

  • speed
  • steering, brake and accelerator pedal use
  • seat belt use
  • infotainment settings
  • phone contacts
  • navigation destinations
  • voice data
  • your location and surroundings
  • and even footage of you and your family outside your car. (Between 2019 and 2022, Tesla employees internally circulated intimate footage[4] collected from people’s private cars for their own amusement, according to reports.)

A lot of these data are used, at least in part, for legitimate purposes such as making driving more enjoyable and safer for the driver, passengers and pedestrians.

But they can also be supplemented with data collected from other sources and used for other purposes. For instance, data may be collected from your website visit, your test drive at a dealership, or from third parties including “marketing agencies[5]” and “providers of data-collecting devices, products or systems that you use”.

The latter is very broad since our TVs, fridges and even our baby monitors can collect data about us.

Mozilla points out these combined data can be used “to develop inferences about a driver’s intelligence, abilities, characteristics, preferences and more”.

Connected cars transmit data in real time

While cars have been collecting large amounts of information since they became “computers on wheels[6]”, this information has generally been stored in modules in the vehicle and accessed only when the car is physically connected to diagnostic equipment.

Now, however, vehicles are being sold with connected features[7] “in the sense that they can exchange information wirelessly with the vehicle manufacturer, third party service providers, users, infrastructure operators and other vehicles”.

This means your connected car can transmit data about you and your activities, generally via the internet, to various other companies as you go about your life.

Your internet-connected car can collect a range of data about you. Shutterstock

Where do the data go?

In Australia, we have little information about how our information can be used and by whom.

In its US-based study, Mozilla found data from consumers’ cars was being disclosed to other companies for marketing and targeted advertising purposes. It was also sold to data brokers.

Mozilla was able to uncover highly detailed information, largely because the laws of California[8] and Virginia[9] require specific disclosures about who personal data is disclosed to and for what purposes (among other higher privacy standards).

Australian privacy law doesn’t require such specific disclosures. This is one reason car brands often have separate privacy policies for Australia.

A look at the privacy policies of various companies supplying connected cars in Australia reveals several vague, broad statements. Aside from using your data to provide you with connected services, these companies will:

Some may disclose your information to law enforcement or the government even when not required by law, such as when they believe “the use or disclosure is reasonably necessary to assist[10] a law enforcement agency”.

Trust us – we invented a ‘voluntary code’

It’s safe to say car manufacturers generally don’t want privacy laws tightened. The Federal Chamber of Automotive Industries[11] (FCAI) represents companies distributing 68 brands of various types of vehicles in Australia.

During the recent review of our privacy legislation, the FCAI made a submission to the Attorney General’s department arguing against many of the privacy law reforms under consideration[12].

Instead, it promoted its own Voluntary Code of Conduct for Automotive Data and Privacy Protection[13]. This weak document seems designed to comfort consumers without adding any privacy protections beyond existing legal obligations.

For example, signatories don’t say they’re bound by the code. Nor do they promise to follow its terms. They only say its principles will “drive their approach to treatment of vehicle-generated data and associated personal information”. There are no penalties for ignoring the code.

It even states signatories will “voluntarily notify” consumers of certain matters when the Privacy Act already requires this as a matter of law.

The code also notes third parties are increasingly interested in accessing and using consumers’ data to provide services, including insurance companies, parking garage operators, entertainment providers, social networks and search engine operators.

It says companies making data available to such third parties “will strive to inform you” about this.

We need privacy law reform

The government recently proposed important and wide-ranging privacy law reforms[14], following the Privacy Act Review which began in 2020. These changes are long overdue.

Proposals such as an updated definition of “personal information” and higher standards for “consent” could help protect consumers from intrusive and manipulative data practices.

The proposed “fair and reasonable test” would also assess whether a practice is substantively fair. This would help avoid claims data practices are lawful just because consumers had to provide consent.

The FCAI points out many cars aren’t specifically designed for Australia’s relatively small market, so increased privacy standards might result in some vehicles not being released here. But this isn’t a reason to carve out vehicles from privacy law reform.

Privacy laws are also being upgraded in numerous jurisdictions overseas. Australia’s government agencies should coordinate with their international counterparts to protect drivers’ privacy.

Read more: To steal today's computerized cars, thieves go high-tech[15]

References

  1. ^ according to (foundation.mozilla.org)
  2. ^ Mozilla Foundation (foundation.mozilla.org)
  3. ^ they concluded (foundation.mozilla.org)
  4. ^ intimate footage (www.abc.net.au)
  5. ^ marketing agencies (www.toyota.com.au)
  6. ^ computers on wheels (www.toyota.com.au)
  7. ^ connected features (www.ag.gov.au)
  8. ^ California (www.oag.ca.gov)
  9. ^ Virginia (pro.bloomberglaw.com)
  10. ^ reasonably necessary to assist (www.kia.com)
  11. ^ Federal Chamber of Automotive Industries (www.fcai.com.au)
  12. ^ law reforms under consideration (www.ag.gov.au)
  13. ^ Voluntary Code of Conduct for Automotive Data and Privacy Protection (www.fcai.com.au)
  14. ^ wide-ranging privacy law reforms (www.ag.gov.au)
  15. ^ To steal today's computerized cars, thieves go high-tech (theconversation.com)

Read more https://theconversation.com/cars-are-a-privacy-nightmare-on-wheels-heres-how-they-get-away-with-collecting-and-sharing-your-data-214386

Times Magazine

Headless CMS in Digital Twins and 3D Product Experiences

Image by freepik As the metaverse becomes more advanced and accessible, it's clear that multiple sectors will use digital twins and 3D product experiences to visualize, connect, and streamline efforts better. A digital twin is a virtual replica of ...

The Decline of Hyper-Casual: How Mid-Core Mobile Games Took Over in 2025

In recent years, the mobile gaming landscape has undergone a significant transformation, with mid-core mobile games emerging as the dominant force in app stores by 2025. This shift is underpinned by changing user habits and evolving monetization tr...

Understanding ITIL 4 and PRINCE2 Project Management Synergy

Key Highlights ITIL 4 focuses on IT service management, emphasising continual improvement and value creation through modern digital transformation approaches. PRINCE2 project management supports systematic planning and execution of projects wit...

What AI Adoption Means for the Future of Workplace Risk Management

Image by freepik As industrial operations become more complex and fast-paced, the risks faced by workers and employers alike continue to grow. Traditional safety models—reliant on manual oversight, reactive investigations, and standardised checklist...

From Beach Bops to Alpine Anthems: Your Sonos Survival Guide for a Long Weekend Escape

Alright, fellow adventurers and relaxation enthusiasts! So, you've packed your bags, charged your devices, and mentally prepared for that glorious King's Birthday long weekend. But hold on, are you really ready? Because a true long weekend warrior kn...

Effective Commercial Pest Control Solutions for a Safer Workplace

Keeping a workplace clean, safe, and free from pests is essential for maintaining productivity, protecting employee health, and upholding a company's reputation. Pests pose health risks, can cause structural damage, and can lead to serious legal an...

The Times Features

Duke of Dural to Get Rooftop Bar as New Owners Invest in Venue Upgrade

The Duke of Dural, in Sydney’s north-west, is set for a major uplift under new ownership, following its acquisition by hospitality group Good Beer Company this week. Led by resp...

Prefab’s Second Life: Why Australia’s Backyard Boom Needs a Circular Makeover

The humble granny flat is being reimagined not just as a fix for housing shortages, but as a cornerstone of circular, factory-built architecture. But are our systems ready to s...

Melbourne’s Burglary Boom: Break-Ins Surge Nearly 25%

Victorian homeowners are being warned to act now, as rising break-ins and falling arrest rates paint a worrying picture for suburban safety. Melbourne residents are facing an ...

Exploring the Curriculum at a Modern Junior School in Melbourne

Key Highlights The curriculum at junior schools emphasises whole-person development, catering to children’s physical, emotional, and intellectual needs. It ensures early year...

Distressed by all the bad news? Here’s how to stay informed but still look after yourself

If you’re feeling like the news is particularly bad at the moment, you’re not alone. But many of us can’t look away – and don’t want to. Engaging with news can help us make ...

The Role of Your GP in Creating a Chronic Disease Management Plan That Works

Living with a long-term condition, whether that is diabetes, asthma, arthritis or heart disease, means making hundreds of small decisions every day. You plan your diet against m...