Nissan and Kia that collect information about your “sexual activity.” GM which seamlessly transmits your location data to the police. Hyundai that sells your data to other companies. All this with your consent, buried in confidentiality policies lasting several dozen pages and which practically cannot be refused.
These are some of the examples taken from a recently released in-depth study by the Mozilla Foundation, a California-based nonprofit. Of the 25 brands analyzed for 600 hours, none passed the privacy test. Even European consumers, a little better protected thanks to the General Data Protection Regulation, are victims of this bulimia of personal data. Only three manufacturers responded, incompletely, to requests for clarification.
“Modern cars are a privacy nightmare,” summarize the three authors from the Mozilla Foundation, Jen Caltrider, Misha Rykov and Zoë MacDonald.
Since 2017, Mozilla has analyzed more than 300 consumer “smart” technology products, from Sony headphones and Nintendo Switch to scales, e-readers, doorbells and smart speakers.
Cars are “the worst official privacy product category we have ever examined,” say the NPO’s authors.
Here are the three key findings from this report:
With some humor, the report ranks the 25 brands sold by 14 manufacturers “from most creepy to least creepy.” The three manufacturers who dominate this sad podium: Nissan, GM (Buick, Chevrolet) and Kia (see capsules opposite). They are not the only ones to receive these criticisms, let us remember, since all the manufacturers failed the exam.
Without commenting on the Mozilla study, which he did not analyze, Habib Louafi recalls that the car “has become an extension into cyberspace” of the person, in the same way as the telephone.
This cybersecurity and privacy expert, assistant professor in the science and technology department of TÉLUQ University, notes that this is a “very old problem”, with which giants like Amazon, Facebook and Google have had to juggle since their foundation. “Companies need information for personalized services. […] If the car goes into listening mode, it has to listen to everything, then filter out what it needs. »
He agrees that user information and consent are at the heart of the problem and that it is very difficult to control the use that companies make of the data collected. “Government agencies need to verify this with audits. »
He himself, as a citizen, recognizes that it is “difficult to maintain control”. It tries to limit the information it provides in cyberspace as much as possible. “Customers need to be vigilant. »
The authors of the Mozilla Foundation are not naive; consumers have little choice considering that all manufacturers have serious shortcomings in terms of privacy protection. Refusal to provide information may lead to the deactivation of certain functions. Their solution: put a petition online denouncing the “shameless” nature of this information harvesting and asking companies to “stop collecting, sharing and selling our private information”.
“Nissan’s privacy policy is probably the most mind-boggling, scary, sad, convoluted privacy policy we’ve ever read,” it says. Nissan states, among other things, that it may collect and share information about “your sexual activity, health diagnostic data, and genetic and other sensitive personal information for targeted marketing purposes.” Let us point out that if this astonishing paragraph does indeed appear in Nissan USA’s policies, we were unable to find it in Nissan Canada’s online documents.
For its Buick and Chevrolet models, General Motors relies heavily on its myChevrolet app and OnStar connected services. The policies specify that they can collect “name, address, geolocation data, characteristics such as age, race, religion, medical conditions, physical or mental disabilities, sex, gender identity, pregnancy, medical conditions, sexual orientation, genetics, physiological, behavioral and biological characteristics such as fingerprints”. And GM has been singled out by many media outlets for its great openness in giving this information to police officers in the United States, particularly in matters of immigration.
Just like Nissan, Kia gives itself the right to collect data on “your genetic information” or your “sex life”, as well as “your religious or philosophical beliefs”. The South Korean manufacturer may further share and sell this data to all “affiliates”, “partners”, “service providers”, “advertising and social networks”, as well as “data analysis providers , data improvement and market research”. These third parties may also provide feedback to Kia.
