This year, I bought a new vehicle, and it’s an exciting time to enjoy the latest safety features, technology and performance that come with a new car or truck. But when I sat down to finalize the deal with the dealership, I was surprised when the salesman asked me to download an app to my phone.
Me: “An app?”
Salesman: “Yeah, just go to your app store and download the Toyota app. I’ll help you get it set up.”
Me: “Why do I need an app for my new truck?”
That’s exactly what I was wondering—why would I need an app for my truck? To my surprise, some features of my new vehicle required not just the app, but also an account with Toyota. Curious, I started the setup process, only to be met with multiple prompts asking me to agree to data sharing and collection. I declined, but the fact that a car or truck collects so much user data is something worth sharing.
Background
In the past five years, there has been increasing concern about the privacy implications of vehicles collecting personal data. Multiple articles and reports have highlighted that modern cars, particularly connected and smart vehicles, collect large amounts of data about drivers, often without clear consent or understanding from the users.
For example, Mozilla’s 2023 report titled “Privacy Nightmare on Wheels” found that all 25 major car brands they reviewed, including Ford, Toyota, and Nissan, failed privacy tests. These vehicles gather a wide range of personal data, such as driving habits, location, facial expressions, and even more sensitive information like sexual activity and health conditions. This data is often shared with or sold to third parties, including insurers, marketers, and potentially even law enforcement agencies.
“According to Mozilla research, popular global brands — including BMW, Ford, Toyota, Tesla, Kia, and Subaru — collect deeply personal data such as sexual activity, immigration status, race, facial expressions, weight, health and genetic information, and where you drive. Researchers found that data is gathered by sensors, microphones, cameras, and the phones and devices drivers connect to their cars, as well as by car apps, company websites, dealerships, and vehicle telematics. Brands can then share or sell this data to third parties. Car brands also use much of this data to infer a driver’s intelligence, abilities, characteristics, preferences, and more.” Source: Mozilla
Moreover, Popular Science reported that automakers share vast amounts of telematics data—such as location and vehicle performance—with third-party companies, which can sometimes lead to misuse. Even though some companies attempt to anonymize this data, studies have shown that it is often easy to re-identify individuals from supposedly anonymous data sets.
In the past, privacy concerns and data collection were mostly tied to our computers and phones. It is my assumption that a large majority of people do not realize that their vehicles are now the new effort in data collection and profit.
Where does the data go?
Some of this data is shared directly with insurance companies, who use it to assess driver risk. For example, the Toyota app includes an option called Insure Connect, which “Provides drivers in eligible areas with the opportunity to receive discounted auto insurance quotes based on safe driving behavior.” The app tracks data like fast acceleration, harsh braking, sharp turns, vehicle location, trips, and personal details such as name, address, email, and phone number.
Other data is used for marketing and profit. Senators Ron Wyden (D-Ore.) and Edward J. Markey (D-Mass.) wrote to the FTC about GM, Honda, and Hyundai sharing driver data with data brokers. For instance, Hyundai sold data from 1.7 million cars to Verisk, earning over a million dollars. The senators urged the FTC to investigate automakers and their data broker partners for sharing data on millions of Americans without consent.
Summary
If you value your privacy, it’s worth exploring what data your vehicle’s apps and infotainment systems collect about you and your family. Personally, I disable as much of it as possible. After all, I already paid for my vehicle—I don’t want my driving habits, location, and personal data to become additional revenue for someone else with or without my consent.