These major car companies are accused of harvesting and exploiting customer data
www.abc.net.au
As experts push to strengthen Australia's privacy laws, many car makers are gathering data and potentially selling it to third parties.

Rafi Alam from CHOICE told The World Today: “When we looked at Toyota’s privacy policy, we found that these Connected Services features will collect data such as fuel levels, odometer readings, vehicle location and driving data, as well as personal information like phone numbers and email addresses.”

The program’s policy document says Toyota collects data for various purposes if drivers don’t opt out — including for safety, security, research, product development and data analysis — but the company may also share it with third parties such as finance and insurance companies, debt collection agencies and market research organisations.

In 2023, the Mozilla Foundation reviewed the privacy standards of 25 major car brands, including Toyota. All 25 received failing marks for consumer privacy.

The report found brands such as BMW, Ford, Toyota, Tesla, Kia, and Subaru could “collect deeply personal data such as sexual activity, immigration status, race, facial expressions, weight, health and genetic information, and where you drive”, which they could potentially sell to third parties.

Nissan was accused of being “the very worst offender”, while Toyota was found to have “a near-incomprehensible galaxy of 12 privacy policy documents”.

Can you trust them with everything about what you do in the car, what you say in the car, who’s in the car, where it goes, your connections to every other online data service?

  • RentlarEnglish
    11·
    5 months ago

    Government agencies have already been permitted to read notifications, so if it is readable and recordable by the car in any form, then you bet your ass law enforcement can obtain access to it.

    • thegreekgeek@midwest.socialEnglish
      34·
      5 months ago

      Yeah E2EE doesn’t really matter much if your notification service routes through Google or Apple. Which they pretty much all do if you have push notifications enabled.

      • abhibeckert@lemmy.worldEnglish
        4·
        5 months ago

        E2EE does help. Notifications can include the content of the notification but they don’t have to and it’s generally recommended to send a notification telling the device to launch the app in the background to check the server for new content. The app will then decrypt the message and display a plain text notification that is not sent to any servers.

        If you’re worried about metadata leaks, you can delay delivery by a random time interval.