Nissan and Kia that collect information about your “sexual activity”. GM which seamlessly transmits your location data to the police. Hyundai that sells your data to other companies. All this with your consent, buried in confidentiality policies of several dozen pages and which practically cannot be refused.
These are some of the examples taken from a recently published in-depth study by the Mozilla Foundation, a California-based nonprofit. Of the 25 brands analyzed for 600 hours, none passed the privacy test. Even European consumers, a little better protected thanks to General Data Protection Regulation, are victims of this bulimia of personal data. Only three manufacturers responded, incompletely, to requests for clarification.
“Modern cars are a privacy nightmare,” summarize the three authors from the Mozilla Foundation, Jen Caltrider, Misha Rykov and Zoë MacDonald.
The worst category
Since 2017, Mozilla has analyzed more than 300 “smart” consumer technology products, from Sony headphones to the Nintendo Switch, including scales, e-readers, doorbells and smart speakers.
Cars are “the worst official privacy product category we have ever examined,” the NPO authors say.
Here are the three notable conclusions of this report:
- all collect too much personal data;
- most (84%) share or sell your data;
- most (92%) give drivers little or no control over their personal data.
With a certain humor, the report ranks the 25 brands sold by 14 manufacturers “from the most creepy to the least creepy”. The three manufacturers who dominate this sad podium: Nissan, GM (Buick, Chevrolet) and Kia (see capsules opposite). They are not the only ones to receive these criticisms, let us remember, since all the manufacturers failed the exam.
Without commenting on the Mozilla study, which he did not analyze, Habib Louafi recalls that the car “has become an extension into cyberspace” of the person, in the same way as the telephone.
We increasingly have very connected cars. And if we move towards autonomous cars or driver assistance systems, the car needs to collect more and more information about the customer. This information is necessary if we want to offer these services.
Habib Louafi, cybersecurity and privacy expert
Government intervention
This expert in cybersecurity and privacy, assistant professor in the science and technology department of TÉLUQ University, notes that this is a “very old problem”, with which giants like Amazon, Facebook and Google have had to juggle since their foundation. “Companies need information for personalized services. […] If the car goes into listening mode, it has to listen to everything and then filter out what it needs. »
He agrees that user information and consent are at the heart of the problem and that it is very difficult to control the use that companies make of the data collected. “Government agencies need to verify this with audits. »
He himself, as a citizen, recognizes that it is “difficult to maintain control”. It tries to limit the information it provides in cyberspace as much as possible. “Customers need to be vigilant. »
The authors of the Mozilla Foundation are not naive; consumers have little choice considering that all manufacturers have serious shortcomings in terms of privacy protection. Refusal to provide information may lead to the deactivation of certain functions. Their solution: put a petition online denouncing the “shameless” nature of this information harvesting and asking companies to “stop collecting, sharing and selling our private information”.
The three worst builders, according to Mozilla
Nissan
“Nissan’s privacy policy is probably the most mind-boggling, scary, sad and convoluted privacy policy we have ever read,” it says. Nissan states in particular that it may collect and share information about “your sexual activity, your health diagnostic data, as well as your genetic information and other sensitive personal information for targeted marketing purposes”. Let us point out that if this astonishing paragraph does indeed appear in Nissan USA’s policies, we were unable to find it in Nissan Canada’s online documents.
GM
For its Buick and Chevrolet models, General Motors relies heavily on its application myChevrolet and OnStar connected services. The policies specify that they can collect “name, address, geolocation data, characteristics such as age, race, religion, medical conditions, physical or mental disabilities, sex, gender identity, pregnancy, medical conditions, sexual orientation, genetics, physiological, behavioral and biological characteristics such as fingerprints. And GM has been singled out by many media for its great openness in giving this information to police officers in the United States, particularly in matters of immigration.
Kia
Just like Nissan, Kia gives itself the right to collect data on “your genetic information” or your “sex life”, as well as “your religious or philosophical beliefs”. The South Korean manufacturer may further share and sell this data to all “affiliates”, “partners”, “service providers”, “advertising and social networks”, as well as “data analysis providers , data improvement and market research. These third parties may also provide feedback to Kia.