In today’s world, cars are equipped with advanced technology that allows them to function like computers on wheels. They offer access to apps, entertainment, and even the internet. However, this convenience comes at a cost, as these modern vehicles have the ability to collect personal data about their users’ activities and whereabouts. A recent study conducted by the Mozilla Foundation reveals that automakers are not doing enough to ensure the privacy and security of this data.

The non-profit organization investigated 25 car brands and assigned all of them its “Privacy Not Included” warning label, indicating a lack of data management and security practices. The study went so far as to label cars as the worst category of products it had ever reviewed. The findings were published in a series of articles discussing personal data and privacy in vehicles.

The study revealed that all car brands surveyed collect excessive amounts of personal data. In addition to the necessary data for operating the vehicle, information about how people use their cars, their driving speed, locations visited, and other details were found to be collected. Auto companies also obtain data through connected services used in the vehicle, including third-party sources like Google, Meta, or Sirius XM.

According to the study, 84 percent of car companies share or sell customer data to third parties, which may include service providers, data brokers, and other businesses. Furthermore, 56 percent of automakers stated that they share information with government or law enforcement officials in response to court orders, warrants, or informal requests.

The Mozilla Foundation discovered that most car companies offer limited or no control over personal data. Allegedly, 92 percent of the surveyed companies either do not allow or make it extremely difficult for individuals to delete their personal information. Renault and Dacia were mentioned as exceptions, but it should be noted that these two brands fall under Europe’s General Data Protection Regulation (GDPR) privacy laws.

The Mozilla Foundation spent over 600 hours researching the privacy practices of car brands. However, it was unable to obtain a complete understanding of how consumer data is used or shared. The foundation reached out to all the car companies involved in the study but received responses only from Ford, Honda, and Mercedes-Benz. Even with these responses, the organization’s questions remained unanswered.

Motor1.com has also contacted automakers for their comments on the study. Stellantis, one of the companies contacted, responded with a statement refuting some of the claims made in the study and asserting their commitment to data privacy.

“Multiple claims in this document are incorrect as they relate to Stellantis brands. We carefully and diligently consider data privacy and act accordingly. Customers with questions may call our Customer Care center.”

This article will be updated with any additional statements from automakers as they become available.