I have to admit I haven’t read this thread trough but cars currently are potentially connected to net (at least in EU) due to requirement of automated emergency call (all new cars since 2018). So new cars at least have a link.
Second thing of interest to this thread is - because at a glance, I don’t think it has come up - a research from last fall by Mozilla foundation about just how creepy and invasive the automotive industry is slurping up driver/passenger data (this was made from the American market and EU may have it a bit better with GDPR requirements curbing the most egregious practices, but potentially same tech is used here):
Here are some of the highlights, which are a lot, but I encourage to read the report (bolded emphasis from the report page):
The gist is: they can collect super intimate information about you – from your medical information, your genetic information, to your “sex life” (seriously), to how fast you drive, where you drive, and what songs you play in your car – in huge quantities. They then use it to invent more data about you through “inferences” about things like your intelligence, abilities, and interests.
most (84%) of the car brands we researched say they can share your personal data – with service providers, data brokers, and other businesses we know little or nothing about. Worse, nineteen (76%) say they can sell your personal data.
All but two of the 25 car brands we reviewed earned our “ding” for data control, meaning only two car brands, Renault and Dacia (which are owned by the same parent company) say that all drivers have the right to have their personal data deleted.
A failure to properly address cybersecurity might explain their frankly embarrassing security and privacy track records. We only looked at the last three years, but still found plenty to go on with 17 (68%) of the car brands earning the “bad track record” ding for leaks, hacks, and breaches that threatened their drivers’ privacy.
Some not-so-fun facts about these rankings:
-
Tesla is only the second product we have ever reviewed to receive all of our privacy “dings.” (The first was an AI chatbot we reviewed earlier this year.) What set them apart was earning the “untrustworthy AI” ding. The brand’s AI-powered autopilot was reportedly involved in 17 deaths and 736 crashes and is currently the subject of multiple government investigations.
-
Nissan earned its second-to-last spot for collecting some of the creepiest categories of data we have ever seen. It’s worth reading the review in full, but you should know it includes your “sexual activity.” Not to be out done, Kia also mentions they can collect information about your “sex life” in their privacy policy. Oh, and six car companies say they can collect your “genetic information” or “genetic characteristics.” Yes, reading car privacy policies is a scary endeavor.
-
None of the car brands use language that meets Mozilla’s privacy standard about sharing information with the government or law enforcement, but Hyundai goes above and beyond. In their privacy policy, it says they will comply with “lawful requests, whether formal or informal.” That’s a serious red flag.
-
All of the car brands on this list except for Tesla, Renault, and Dacia signed on to a list of Consumer Protection Principles from the US automotive industry group ALLIANCE FOR AUTOMOTIVE INNOVATION, INC. The list includes great privacy-preserving principles such as “data minimization,” “transparency,” and “choice.” But the number of car brands that follow these principles? Zero. It’s interesting if only because it means the car companies do clearly know what they should be doing to respect your privacy even though they absolutely don’t do it.
What’s the solution? Public transport, bike or old car (which preferably has been converted to an electric one)?
(Just how much sex are people having in their cars and can someone pay to get their data amended so it looks like they are having more fun? )