The diverse range of personal data collected by cars is being exposed, stolen, and onsold so regularly that one advocate believes buyers should vote with their wallets to incentivise manufacturers to take privacy seriously – and develop the “Volvo of privacy”.

Yet most cars still fall far short of that ideal – a reference to Volvo’s policy of standardising safety features like seatbelts and side impact airbags when rivals still charged extra for them – and Andrea Amico wants everyone to know just how far.

Even with no formal marketing beyond word-of-mouth, over 600,000 people have tapped Privacy4Cars’ Vehicle Privacy Report (VPR) tool to check the privacy credentials of their vehicles since the tool was first launched last year.

Enter your vehicle identification number (VIN), and it offers a multi-point assessment of the vehicle’s privacy credentials – including whether it stores personal data, location information, phone data synced via Bluetooth, individual user profiles, and more.

The tool – which was recently expanded to Australia – also evaluates the complexity of the language in the car’s privacy reports, and whether the manufacturer shares or sells data to insurance, government, service providers, data brokers, or affiliates.

What your car is saying about you

Amico, who formerly ran a used car inspection company, has worked in vehicle privacy for over a decade – including some years spent hacking into cars to see what information could be collected without drivers’ knowledge.

“When it comes to personal data and even culturally,” he told Information Age, the automotive industry “is just not quite there yet” – noting the response of Skoda that driver safety was never threatened by hacks disclosed at the recent Black Hat event.

Tesla owners have every right to be be concerned about their privacy. Source: Privacy4Cars

Those hacks – which tapped vulnerabilities in the car’s infotainment unit, could let hackers install new software to track the car, record in-car conversations, take screenshots of the infotainment display, and steal the owner’s phone contacts.

“Culturally, automotive makers still have not quite realised how the lines between loss of privacy and loss of safety are not bright at all,” Amico said. “It’s a very muted, very thin line – and the fact that the industry has not talked about it this way is naïve at best.”

Recent studies of car privacy policies have found cars are a privacy nightmare, with manufacturers using in-car sensors, cameras, and microphones to monitor drivers’ driving habits, movements, address book contacts, and even their sex lives.

Does anyone want to drive a hard drive on wheels? Source: Privacy4Cars

“Modern cars are surveillance machines on wheels… that can detect everything we do inside, even where and when we do it,” Mozilla Foundation privacy researchers concluded after scrutinising the privacy policies that all buyers accept by default.

Drivers need to push a cultural change

The level of data collection by contemporary cars has raised concerns not only among drivers, but among governments – with China recently banning many government employees from driving Teslas, and the US government pushed by many to do the same.

Now listing over 600 million cars in the US and Europe – and recently adding millions more, from 25 major car makers selling in Australia – Amico designed the project “to rip the Band-Aid and remove the thin veil that kept this away from the eyes of the public.”

Exposing this information has so far been the domain of consumer rights groups like Choice, which recently named Kia, Hyundai, and Tesla as Australia’s worst privacy offenders – but Amico hopes that greater visibility will shame car makers into improving.

Older cars appear to be safer from a privacy perspective. Source: Privacy4Cars

“Awareness within the industry is changing real fast” as privacy laws change, he said, but with data brokers continuing to tap car makers for data that can be sold for purposes such as training AI models, it’s an ongoing challenge.

“A lot of people talk about privacy controls and consent,” he explained, “but if you start asking from a place of darkness where people have no idea what data is being collected, you’ll get answers that are partial at best – and completely wrong at worst.”

As a privacy advisor to car companies, Amico often tells clients that “consumers are demanding this, and you’re giving them not just something else, but the opposite of what they’re asking for.”

“But this is a highly competitive market.

“Eventually, somebody will figure out that if they do less – and they do build that Volvo of privacy – things will change very quickly.

“Getting the first one to move is pretty hard, but it’s my life’s mission, so I’m dedicated to it.”