Your Car Is Watching You: The Scary Truth About Automotive Data Privacy
by AutoExpert | 17 March, 2025
Think your car is just a way to get from A to B? Think again. Modern vehicles are basically computers on wheels, and they're collecting mountains of personal data while you cruise along, blissfully unaware.
A recent Uswitch study dropped some jaw-dropping stats about how clueless most drivers are when it comes to what their cars know about them. Get this: 72% of motorists had no idea their cars were tracking how and when they drive. Two-thirds didn't realize their GPS and infotainment usage was being monitored. Over half were shocked to learn their speed was being recorded, and 53% had no clue their route history was accessible.
Perhaps most alarming? Nearly half of drivers don't realize their current location can be tracked and stored at any time.
But wait, it gets worse. When you connect your phone to your car, you're potentially handing over call records, messages, location histories, and more—often completely unencrypted. Combine that with a thriving marketplace for personal data, and even the most tech-oblivious driver can see how this could go sideways fast.
Your Car Is Basically a Snitch on Wheels
Andrea Amico, CEO of Privacy4Cars, a company tackling these very issues, puts it bluntly: "Stop thinking of a car as a mechanical thing. It's a super-powered laptop."
Recent horror stories prove his point. Earlier this year, Wired reported how a researcher hacked his mother's Subaru Impreza through one of the company's web portals. He didn't just gain remote access to the car's functions—he uncovered an entire year's worth of her location history.
As the researcher, Sam Curry, explained: "Whether somebody's cheating on their wife or getting an abortion, or part of some political group, there are a million scenarios where you could weaponize this data against someone."
In another high-profile case, General Motors found itself banned from selling geolocation and driver behavior data for five years after the Federal Trade Commission discovered its OnStar service had been quietly passing customer driving habits to third-party brokers and insurers.
One furious consumer told GM: "When I signed up for this, it was so OnStar could track me. They said nothing about reporting it to a third party. Nothing. You guys are affecting our bottom line. I pay you, now you're making me pay more to my insurance company."
The Data Nightmares You Never Imagined
Privacy4Cars recently published a white paper highlighting equally disturbing data breaches happening in everyday situations:
- A pharmaceutical rep's company car still contained the names and addresses of cancer patients after being passed on
- A luxury car for sale held the address and phone numbers of a female celebrity
- A military contractor's ex-fleet vehicle retained smartphone data revealing locations of classified sites with restricted access
Most drivers would be horrified if any of these scenarios happened to them. So what's the solution?
According to Amico, everyone in the automotive ecosystem—manufacturers, dealers, fleet operators, rental firms, insurers, and finance companies—needs to start taking privacy seriously.
"The problem is with the individuals at the companies who make decisions on how to use the data," he explains. "Privacy is about choice. Companies need to explain the data a car collects, and the way they plan to use it."
Finding Out What Your Car Knows About You
While companies technically cover this information in their privacy notices, many feel these documents are too complex and buried to be effective. Curious about what info your car holds? Privacy4Cars has created a free tool at vehicleprivacyreport.com—just input your registration number for a summary.
Amico compares the current situation to the lack of transparency on car safety before global NCAP organizations emerged. What's common practice today will become unthinkable tomorrow.
"I think privacy is going to become more visible and the current problems will become less acceptable," he says. "Companies will figure it out—it will probably not be of their own volition, but they will be pushed into it by the fact that consumers and regulators are upset."
Who's Actually Responsible for Deleting Your Data?
Here's something you might not know: under the General Data Protection Regulation (GDPR), it's not actually your responsibility to wipe your data when you're done with a vehicle. Instead, it falls to the "Controller"—whether that's a dealer, leasing company, fleet management company, or other relevant business.
Jon Butler, a partner specializing in automotive at law firm Geldards, confirms: "This is very much a live issue, but the Controllers don't know or much care that they have this data."
They should care, though. The consequences could be massive. Butler explains: "When you're talking about franchised dealers selling tens, if not hundreds of thousands of units a year, then if most of those vehicles have got personal data on them, that could be a huge problem. The fines available to the Information Commissioner's Office for breaching GDPR are typically the higher of four percent of global turnover or £17.5 million. So that's big."
The notion that "most" cars contain leftover data isn't far-fetched—research from Privacy4Cars found that four in five customers discovered personal data in cars sold at retailers across the UK, Italy, and Germany.
Butler believes selling a car with the previous user's data could even allow buyers to sue dealers for providing vehicles of unsatisfactory quality due to regulatory non-compliance.
His advice to motorists is straightforward: "When your time with the car comes to an end, ask for confirmation from the Controller that steps have been—or will be—taken to irretrievably remove your data."
When Your Helpful Car Assistant Becomes Big Brother
As vehicles become more automated, they're transforming into extensions of our offices and homes. That friendly AI-generated in-car assistant might suggest your favorite pop star's upcoming tour because you recently listened to them on Spotify, or recommend a nearby Mexican restaurant because you ordered refried beans in your last supermarket shop.
Seems helpful on the surface—but meanwhile, it's building a comprehensive profile of you that needs proper handling when you're done with the vehicle.
Even more concerning is how accessible this real-time data is before deletion. Tesla demonstrated this vividly by the amount of information it provided to US authorities about the Cybertruck that exploded in Las Vegas on New Year's Day in what was initially suspected to be a terrorist attack.
While few would argue against helping such investigations, it highlighted just how much some manufacturers know about their vehicles' activities.
The Global Data Wars Hit Your Driveway
The concern about car data spying extends beyond individual privacy to national security. One of the Biden administration's final acts was banning cars with Chinese and Russian-developed software linked to connectivity and autonomous driving from US roads.
National Economic Advisor Lael Brainard explained this was necessary to prevent Americans from being exposed to "risks of misuse of their sensitive data or interference by malicious actors."
The software ban takes effect for 2027 models, with real consequences for companies like Polestar—part of Chinese-owned Geely—despite building cars in South Carolina. "We will have to find solutions," CEO Michael Lohscheller admitted. Combined with hefty EV tariffs, the ban will likely halt any significant expansion of Chinese vehicles in the American market.
