Australia’s privacy regulator has opened formal investigations into two Asia-based smart-car manufacturers amid fears connected vehicles are harvesting and misusing drivers’ personal data.
The Office of the Australian Information Commissioner (OAIC) confirmed during Senate Estimates hearings this week it is examining whether the companies are collecting excessive personal information and handling it improperly.
Australian Privacy Commissioner Carly Kind told senators the watchdog currently has two active probes, while abandoning two others due to the low likelihood of securing enforcement action.
“We have open investigations against two separate entities,” Kind said.
“We conducted further preliminary inquiries against two separate entities, but did not decide to take them further.”
Pressed by Nationals Senator Bridget McKenzie on whether the firms were Chinese, Kind declined to identify them but confirmed they are based in Asia.
‘Shocking breach of privacy’
Connected vehicles — effectively computers on wheels — have long-raised concerns because of the breadth of data they can gather and share with third parties.
Some models collect location histories, voice recordings, images from internal and external cameras and detailed driving behaviour data.
McKenzie said the revelations would alarm motorists, warning foreign-owned manufacturers could be capturing far more than navigation information.
“Australians will be shocked to learn that their connected vehicles are being used to collect personal information beyond destinations by foreign-owned car companies,” McKenzie said.
“It’s not just about listening to conversations, these vehicles are able to collect information from smartphones, and that is a shocking breach of privacy.”
OAIC has previously flagged that connected cars were on its radar.
In a speech last year, Kind said such vehicles come with "significant privacy risks that carry the potential for harm”, and that these cars hoover up a range of personal information from their owners.
“This can include some very personal and even sensitive data, and it can paint an intricate picture of our lives and movements,” Kind said in May last year.
“It is an area of increasing public interest and concern, and while the Australian connected car market is not as advanced as overseas markets, we have seen significant privacy issues in other jurisdictions, including instances where driver data is used to build risk profiles about individuals, and in some circumstances, sold to insurance brokers.”
Kind said that often car owners are opted in automatically to the connected car features when they purchase the vehicle or download the accompanying app, and that opting out of these can be difficult or impossible.
Growing global scrutiny
Late last year, the US government moved to ban Chinese software and hardware from cars in the country because of cyber and national security concerns.
In early 2024 it was revealed by consumer organisation Choice that connected cars were collecting “extensive customer data” about driving habits, and that this could be sold to insurance and finance companies.
The Choice investigation singled out Toyota for its collection of data about vehicle locations, driving information, fuel levels, phone numbers and email addresses.
It has also been revealed that Tesla collects “short video clips and images captured from the camera inside the vehicle” and that some data is shared with third parties.
Other connected cars have also been found to share data from voice recognition services with third parties.
