Is your car spying on you? Here's how to check

At least eight carmakers in the U.S. have admitted they would backtrack on a voluntary privacy agreement and turn over personal customer data to government and police, prompting calls for an investigation.

Automotive News reports 19 carmakers had voluntarily signed up for the Consumer Privacy Protection Principles in 2014 — standards that would require U.S government agencies (including police) to obtain a warrant or court order to access customer location data.

However, eight automakers misled customers about giving driver data to police, and now U.S. lawmakers are raising questions about whether automakers can be held to account for departing from promises made about user privacy.

So who is giving your information to others? Toyota, Nissan, Subaru, Volkswagen, BMW, Mazda, Mercedes-Benz, and Kia would turn over the data if a subpoena was produced — in violation of the standards they signed up for. More smoke and mirrors when it comes to your privacy.

These car companies are following the agreement they signed: General Motors, Honda, Ford, Stellantis, and Tesla require a warrant for location data, unless it is an emergency or customer consent was provided. Tesla is also the only brand to notify its customers of legal demands.

This has not only raised concerns about what other privacy promises carmakers have made that they won’t keep but has led two U.S. senators to call for the companies to be investigated by the Federal Trade Commission.

“Automakers have not only kept consumers in the dark regarding their actual practices, but multiple companies misled consumers for over a decade by failing to honor the industry’s own voluntary privacy principles,” said Senators Ron Wyden (D-Ore.) and Edward Markey (D-Mass.) in a letter to the FTC.

“Vehicle location data can be used to identify Americans who have travelled to seek an abortion in another state, attended protests, support groups for alcohol, drug, and other types of addiction, or identify those of particular faiths, as revealed through trips to places of worship.”

Mercedes-Benz, Toyota, and Kia all defended their practices, while the Alliance for Automotive Innovation — a lobby group for the car industry — claimed government agencies only request location information when there is clear danger to an individual.

“Vehicle location information is only provided to law enforcement under specific and limited circumstances, such as when the automaker is provided a warrant or court order or in situations where there is an imminent threat of serious bodily harm or death to an individual,” an AAI spokesperson told Automotive News.

The calls for an investigation into the data-sharing habits of carmakers comes after General Motors ended its partnerships with two major data brokers, following accusations of sharing information on drivers without their consent.

In March, the New York Times published an in-depth investigation about a Chevrolet Bolt owner who had been quoted a significantly higher insurance renewal premium, later discovering his driving data was being sold to insurance firms by data broker LexisNexis.

This was followed by a second report, detailing a proposed class action lawsuit put forward by a Cadillac XT6 owner who claimed he was denied insurance by seven companies on account of his LexisNexis driving report provided to the firms without his knowledge.

Both of the vehicles were equipped with OnStar, GM’s connected services brand, which gathered data used by LexisNexis.

In the wake of the reports, General Motors subsequently ended its partnership with both LexisNexis and Verisk, a similar company that also sold driving data to insurance companies.

According to the New York Times, an internal document circulated within General Motors showed more than 8 million vehicles were actively supplying data through OnStar’s Smart Driver program as of 2022.

Here's how to find out what your car is revealing about you:

• See the data your car is capable of collecting with this tool.
• Check your connected car app, if you use one, to see if you are enrolled in one of these programs.
• Do an online search for “privacy request form” alongside the name of your vehicle’s manufacturer. There should be instructions on how to request information your car company has about you.
• Request your LexisNexis report.
• Request your Verisk report.

Remember, you own your data, not these companies. Just because they make the software doesn’t mean they get to control what happens to your information. The problem is that you sign away your ownership when you use the systems. Keep an eye out for opt-out options and support government bills that protect your privacy.