Data privacy in the automobile industry is terrible, reveals a recent study by the Mozilla Foundation. The study reveals that cars have poor data privacy, with many major manufacturers admitting they may be selling personal information collected from their vehicles. What’s even more alarming is that half of these manufacturers are willing to share this data with government or law enforcement agencies without requiring a court order.

With more and more sensors in modern cars, vehicles have become into massive data-collection hubs. Consumers have little control over the personal data their cars gather, leading to privacy vulnerabilities. The lack of clear security standards is particularly concerning, given the automotive industry’s history of susceptibility to hacking.

Cars ranked the lowest for privacy among various product categories studied by Mozilla, including fitness trackers, smart speakers, and connected home appliances. None of the 25 car brands reviewed met Mozilla’s minimum privacy standards. Nineteen automakers admitted they could sell personal data, and only two offered the option to delete collected data.

Experts have expressed concerns about the invasive nature of transforming cars into corporate surveillance spaces. A trade group representing car manufacturers called for a federal privacy law to address these issues, citing the confusion caused by varying state privacy laws.

One surprising finding was that Japan-based Nissan provided a detailed breakdown of data collection in its privacy notice, including collecting sensitive personal information such as driver’s license numbers, race, sexual orientation, and health diagnoses. Nissan also indicated that it could collect “genetic information” and “genetic characteristics” from its vehicles, raising further concerns.

Tesla’s privacy notice was noted for its potential impact on vehicle functionality if owners opted out of data collection, potentially affecting real-time issue notifications.

The study underscores the urgent need for enhanced data privacy regulations and standards in the automotive industry, as well as greater transparency and control for consumers over their personal data collected by vehicles. It also highlights the role of existing privacy laws, such as the European Union’s General Data Protection Regulation and California’s Consumer Privacy Act, in raising awareness and driving change in the industry.