Your car wants to know about your sex life – POLITICO

Automakers are collecting a slew of driver and passenger data — some even monitoring drivers’ sexual activity — according to a new report.

In a study of 25 brands and 15 automakers released Wednesday by the Mozilla Foundation, researchers found that Japanese automaker Nissan said it could sell information about the sexual activity of drivers and passengers, intelligence and health diagnostics to data brokers, law enforcement and other businesses. German automaker Volkswagen said it could record drivers’ voices in order to profile them for targeted ads.

“The amount of data these automakers openly claimed they could collect was shocking,” said Jen Caltrider, senior researcher at the Mozilla Foundation, the nonprofit owner of the company that runs the Firefox browser. “It’s like no one ever challenged them or asked about privacy, so they include everything.”

Europeans are – in principle – better protected against abuse by their landmark privacy law, the General Data Protection Regulation (GDPR), but Mozilla’s Caltrider suggested the law was being misenforced among automakers. A review of enforcement actions across Europe showed that few national regulators had taken action against carmakers’ data collection since the law came into force.

Caltrider and other researchers looked at automakers’ privacy policies and uploaded their apps in Germany, France, the United States, Japan, and South Korea. They discovered that the industry was collecting huge amounts of data through dozens of sensors and technologies built into new car models that calculated how much people weighed when they sat down, filmed the car inside and outdoors with cameras, listened to conversations through microphones, and tracked users through tethered connections. smartphone apps.

“It’s not just about selling cars to make money anymore. It’s about collecting data and then using that data to make money,” Caltrider said, adding that cars seemed to have worse privacy practices than mental health apps, smart home devices, and portable devices like wearables. headphones and fitness trackers.

The researchers also found that 84% of the car brands examined could share and sell data to other companies, such as data brokers, a market estimated at several hundred billion euros by some estimates. Just over half of brands said they can share data with government and law enforcement upon request, rather than a court order.

The researchers also pointed out that people rarely had the ability to explicitly and knowingly consent to their car’s privacy rules. Automaker Subaru, for example, said the very act of being a passenger in one of its cars implied consent to its privacy policy, according to the report.

In some cases, European regulators have clamped down on the auto industry. Tesla, whose European headquarters are in the Netherlands, had to modify its cameras filming its surroundings in March at the request of the Dutch data protection regulator. Volkswagen has been fined just over €1 million since the GDPR came into effect, according to an online list of GDPR fines. The list does not include fines imposed on the other automakers in the report (Nissan, Toyota, Subaru, Kia, Chrysler, Fiat, Renault, General Motors, Mercedes-Benz, Honda and BMW).

Volkswagen digital spokeswoman Kamila Joanna Laures said in a statement that the company collects, processes, uses and stores personal data “only in accordance with legal requirements”.

Nissan and Subaru did not immediately respond to questions from POLITICO.