Did you read the privacy policy before getting into your car? It could be as long as 14,000 words if you drive a Kia. Multiple organizations are expressing concerns about cars becoming a “privacy nightmare”, according to”cybernews.com”.
A recent report from Mozilla revealed that cars track even users’ sexual activity and sell user data to third parties. Driving behavior is beamed directly to insurance companies, affecting premiums.
The Electronic Frontier Foundation (EFF), a non-profit defending civil liberties, shared useful tools that users can use to check what data their cars collect, where it goes, and how to opt out.
By entering the vehicle identification number (VIN) it’s possible to get a rough idea of what your car tracks about you and where your data goes. Not only should you be worried about what’s written there, but also about what’s left unsaid.
Get a degree before reading the privacy policy
The average human reads a page per minute or 800 words. After evaluating privacy policies from 15 major carmakers, the All About Cookies team found that the average number of words in a car privacy policy is 7,505. That would require 10 minutes to read.
However, it may require years of education to understand them, as privacy policies are often hard to find and filled with legalese and dense language.
“The average automotive privacy policy requires a 12th-grade (High school senior) education to understand,” the report reads. “Jeep has the hardest-to-understand privacy disclosures of any major manufacturer. You need to read at a postgraduate level (above a bachelor’s degree) to understand Jeep’s privacy policy.”
Tesla’s policy was found to be the next hardest to read, “on par with the materials taught in a 300-level college course.”
Meanwhile, the average American reads at a 7th to 8th-grade level. The average customer may not understand these policies.
Mazda had the simplest privacy policy to understand, requiring an 8th-grade comprehension. It is also the shortest, at around 2,200 words.
Mercedes-Benz has the second-easiest policy to read, requiring a 10th-grade education to read its approximately 2,500 words.
Kia has the longest policy with 14,000 words, followed by BMW and Subaru, with policies clocking at 11,000 words.
What data can cars collect?
Car companies go to a greater extent on the types of data they collect. While every one of them collects demographic data, driving habits, repairs, and maintenance, some companies venture into darker places.
“We wanted to highlight which companies include these kinds of notable and unexpected pieces of information in their privacy policies, covering sensitive subjects such as customers’ sex lives, genetic information, philosophical beliefs, and more,” All About Cookies said.
Some notables are as follows:
Mazda and Toyota: may check your Instagram, as they declare collecting publicly available social media information
General Motors: known for its Chevrolet, GMC, Cadillac, and Buick brands, collects physiological and biological characteristics, including medical information provided to OnStar, as well as home energy usage, including the use of home energy products and rate plans.
Honda: collects professional or employment-related information, such as employer, income, occupation, and education level, together with other information.
KIA: beams data about race and ethnicity, religious or philosophical beliefs, union membership, genetic and biometric data, sex life and sexual orientation, job history, performance evaluations, and education records, including grades.
Subaru: while also interested in a user’s sex lives, orientation, religious and philosophical beliefs, Subaru goes even further, adding audio recordings of vehicle occupants, mental or physical health conditions or diagnoses, and citizenship status to their list.
“If you do not consent to the collection and processing of Sensitive Personal Information within these categories, please do not access or use the Connected Vehicle Services,” Subaru privacy policy reads.
The New York Times highlighted the concerning practice of automakers sharing customer data with insurance companies, often without the driver’s clear knowledge or consent. This can significantly affect their insurance premiums and privacy.
How to sing in a car with no one listening?
EFF warns that cars collect a lot of our personal data, which is later disclosed to third parties.
“It’s often unclear what’s being collected, and what’s being shared and with whom,” EFF said. “There’s little doubt that many cars sell other data for behavioral advertising.”
For a start, EFF recommends checking what your car is equipped to collect using Privacy4Cars’ Vehicle Privacy Report. After entering your VIN, the site provides a rough idea of what sort of data your car collects.
Next, it is a good practice to check privacy options in the car’s apps and infotainment system.
“If you use an app for your car, head into the app’s settings, and look for any sort of data sharing options. Look for settings like “Data Privacy” or “Data Usage.” When possible, opt out of sharing any data with third-parties, or for behavioral advertising. As annoying as it may be, it’s important to read carefully here so you don’t accidentally disable something you want, like a car’s SOS feature, ” EFF recommends.
Opting out of certain data sharing might disable some features and even make the car undrivable, as Mozilla found about Tesla: “This may result in your vehicle suffering from reduced functionality, serious damage, or inoperability.”
If the car’s app has driver scoring or feedback options, such as GM’s ”Smart Driver,” Honda’s “Driver Feedback,” or Mitsubishi’s “Driving Score,” there’s a chance that it’s sharing that data with an insurance company, and that may affect your premiums. Check for these options in both the app and the car’s infotainment system.