Kaspersky has released a new survey report showing that 72 percent of drivers are uncomfortable with the idea of automakers sharing their data with third parties. The report, “Is my car spying on me?” captures drivers’ thoughts about automakers’ use of personal data gleaned from connected cars. Eighty-seven percent of survey participants said automakers should be required to delete their data upon request, and only 28% said they have some idea what kind of data their car collects.
Modern automobiles are equipped with so much technology that they’ve repeatedly been referred to as “computers on wheels,” luring customers with comfort and convenience enabled by various sensors, apps and infotainment systems. Some car manufacturers are even setting up subscription services, based on in-car tech features, to create new, multi-billion dollar lines of revenue.
The ability of these features and services to collect reams of personal data has raised privacy alarms. A recent Mozilla report gave the entire auto industry poor ratings for privacy, while highlighting that most car companies’ data policies reserve the right to share consumer data with third parties. This creates a security risk as well, with consumer data being stored in more and more places where it could be leaked or stolen, completely beyond the consumer’s control. Another recent Kaspersky study underscored this risk, finding that 64% of automotive executives believe the automotive supply chain is currently vulnerable to cyberattack.
To find out more about drivers’ level of awareness and concern about these issues, Kaspersky surveyed 2,000 U.S. drivers in November 2023. The results show drivers may be ready to accept some level of data collection, but have limits when it comes to what companies might do with their personal data, and how poorly it might be secured.
Seventy-two percent of respondents said they are uncomfortable with the idea of an automaker sharing their data with third parties, with 37% saying they are “very uncomfortable.” Eighty-seven percent said that auto manufacturers should be required to delete their data upon request. Strikingly, 71% of drivers even said they would consider buying an older car or one with less technology, in order to protect their privacy and security.
More than three-quarters of drivers (76%) expressed concern when presented with research findings showing that zero out of 25 car brands Mozilla researched met its minimum security criteria.
The study also captured data about how drivers are using tech in their cars, with most pairing their phone with their car in some way. Forty-eight percent said they use either Android Auto or Apple CarPlay, while 33% don’t have it, and only 19% have it but choose not to use it. Privacy experts say avoiding these services is one way to prevent data collection. Meanwhile, only 20% of drivers said they don’t use Bluetooth in the car. Forty-two percent of those who do use Bluetooth said they choose not to share their phone’s address book with their car, another move recommended by privacy experts.
When asked why they think automakers might be collecting data about them (without being limited to a single answer) half (49.5%) said they think it’s to sell it to advertisers or other third parties, while 40% think it’s to share with insurance companies, 30% think it is for safety, and 27% think it is to provide better customer service. Twelve percent said they don’t know and just 8% said they don’t think automakers are collecting their data.
While drivers worried about how their data is handled, only 42% of respondents said they’re worried about the car collecting their personal data in the first place. The level of concern was greatest among 18-24 year-olds (52%), compared to just 33% among those 55 and over. Young drivers were also the most likely (81%) to say they would consider buying and older car or one with less technology, in order to protect their privacy.
“It’s easy to take for granted how much your car knows about you,” said Kurt Baumgartner, principal security researcher at Kaspersky’s Global Research and Analysis Team. “A connected vehicle knows where you go, how fast you get there and what you listen to on the way – even potentially what your kids are doing in the backseat. And the data collection policies of many automakers go far beyond that, allowing them to track and share things like users’ marital status and other surprisingly personal information that gets connected through their phone.
“The bounds of property rights and ownership are clearly being bent, and people appear to be getting denied the level of control over their personal data that they expect. Our data is highly valuable, as is our privacy. As drivers, we need to advocate for privacy safeguards and common sense ownership agreements where we can enjoy the convenience of tech-enabled cars without having to give it all up.”
The full report is available here.
In order to protect your car-connected data, Kaspersky recommends:
- Don’t install your car’s mobile app on your phone.
- Don’t activate Apple’s CarPlay or Android Auto pairing functions.
- When you pair your phone via Bluetooth, don’t allow the car to access your address book or give it other permissions.
- Buy an older car or a car with a minimal set of “smart” sensors and/or no communication module.
- Ask about the manufacturer’s privacy policy when you purchase a new car.
- Use security solutions to protect your phone and other primary devices. Kaspersky’s consumer portfolio helps protect your private data and accounts.
The full report is available here.