According to research conducted by the Mozilla Foundation, cars with internet-connected features are collecting vast amounts of personal data, leading to concerns about privacy. The study examined the privacy terms of 25 car brands and found that they collect a range of customer data, including facial expressions, sexual activity, and driving habits. The researchers concluded that cars are the worst category of products for privacy. Australia’s privacy laws are inadequate to protect the personal information collected and shared by car companies, and there is a lack of specific disclosures about how car companies use data. Urgent reform is needed in Australia’s privacy laws, as well as international cooperation on privacy regulation for car manufacturers.
Cars collect sensitive data through various means, such as cameras, microphones, sensors, and connected phones and apps. This data includes information about speed, pedal use, seat belt use, infotainment settings, phone contacts, navigation destinations, voice data, location, and even footage of individuals and their families outside the car. While some of this data is used for legitimate purposes like improving safety, it can also be combined with data from other sources and used for other purposes. For example, data may be collected from website visits, test drives, or third parties. Connected cars can transmit data in real-time to various companies.
In Australia, there is limited information about how personal data collected from cars can be used and by whom. The Mozilla study found that data from consumers’ cars in the US was being disclosed to other companies for marketing and targeted advertising purposes and sold to data brokers. Australian privacy laws do not require specific disclosures like those in California and Virginia. Privacy policies of companies supplying connected cars in Australia often contain vague statements. The Federal Chamber of Automotive Industries (FCAI) has opposed privacy law reforms and instead promoted a weak Voluntary Code of Conduct for Automotive Data and Privacy Protection.
Privacy law reform is necessary in Australia to protect consumers from intrusive data practices. Proposed reforms include an updated definition of “personal information,” higher standards for consent, and a fair and reasonable test to assess the fairness of data practices. The FCAI argues that increased privacy standards may result in some vehicles not being released in Australia, but this should not be a reason to exempt vehicles from privacy law reform. Privacy laws are being upgraded in other jurisdictions, and international cooperation is needed to protect drivers’ privacy.