Modern vehicles collect intimate data about drivers without clear consent

Computadores on wheels equipped with dozens of sensors track location, behavior and physical characteristics of drivers while large corporations profit from this information without adequate transparency. The practice, admitted by the automakers themselves in their privacy policies, exposes sensitive data to insurers, data intermediaries and potentially law enforcement authorities.

Escala monitoring surprises experts

Modern cars capture information that goes far beyond where you drive. Câmeras infrared monitors facial expressions, sensors analyze weight and age, systems track every sudden braking, every speed above the limit and every movement of the steering wheel. A 2023 Mozilla study evaluated 25 manufacturers and found that none met the minimum privacy standards deemed adequate by the organization.

Automakers’ privacy policies reserve comprehensive collection rights. Kia, for example, lists in its terms the ability to collect data on drivers’ “sex lives” and general health, although the company claims to have never implemented these practices. Darrell West, senior researcher at Center for Technology Innovation at Brookings Institute, claims that most consumers are completely unaware of the scope of this surveillance. “Basically, this means that your life can be rebuilt almost second by second,” he warned.

Venda of data already generates financial consequences

Dezenove of the 25 brands analyzed by Mozilla claim to be able to sell user data, a practice that already occurs regularly. General Motors has been penalized by US federal and state agencies for selling location information without consent. A driver discovered that data intermediary company LexisNexis had 130 pages of details about his trips over six months, information that led to a 21% increase in his insurance premium.

Insurers use this data to increase premiums for drivers considered at risk, deny coverage or classify consumers into different categories. Michael DeLong, researcher at Consumer Federation of America, explains that insurance companies accumulate enormous volumes of information about driving habits with the specific aim of charging higher amounts. The FTC banned GM from selling data for five years, but other automakers continue to trade information through agreements with insurers and data brokers.

American Legislação should expand collection further

A US federal law will require automakers to install infrared biometric cameras and body language analysis systems in new vehicles to detect drivers who are drunk or too tired to drive. The objective is legitimate — to reduce deaths caused by drink-driving — but the legislation does not provide for any safeguards on the future use of this biometric and behavioral data.

Jen Caltrider, the privacy analyst who led Mozilla’s research, expresses specific concern about this regulatory gap. “Many of the advances in data collection in cars are presented under the argument of safety,” she said. The data generated by these systems will be equivalent to medical information, experts warn, but without adequate protections. The implementation of the law will probably be delayed because the technology is not yet ready, but privacy concerns are already mobilizing researchers.

Leia Tambem

Conmebol confirms Libertadores 2026 round of 16 with Corinthians x Rosario Central and Cruzeiro x Flamengo

Meta launches Plus subscription packages for Instagram, Facebook and WhatsApp in the global market

Amazon Brazil releases advance reservation of the Star Fox game for Nintendo Switch 2 for R$ 353.30

Apparent Consentimento Masks Lack of Real Choice

Automakers claim to obtain authorization from drivers before monitoring them, usually through privacy forms presented during the configuration of the vehicle’s multimedia system. On some models, these warnings appear every time the driver starts the car, but studies indicate that very few people actually read these terms. The process is considered a form of de facto consent, although experts question whether it constitutes a true informed choice when the alternative is not to use the vehicle’s basic functions.

Automakers also track users when they connect smartphones to the multimedia system or use applications connected to the car. Alguns drivers voluntarily opt into insurance company telemetry programs that track driving behavior in exchange for discounts that are not guaranteed. An analysis of Estado by Maryland showed that only 31% of drivers reduced premiums, while 24% started paying more.

Proteções differ significantly by region

Nos Estados Unidos There is no comprehensive federal law on automotive data privacy. The protections adopted by some states are fragmented and, according to experts, insufficient. The situation is better in Europa and Reino Unido, where there are specific rules for sensitive data and consumers have rights such as accessing personal information and requesting deletion. Mesmo thus, Caltrider states that Europeans remain subordinate to privacy policies and need to rely on compliance with rules that are not always adequately monitored in the automotive sector.

No Brasil, Lei Geral of Proteção of Dados (LGPD) establishes rules on sharing personal data. Consumidores in some jurisdictions may request copies of the data collected and prevent sale or sharing of this information, as well as require deletion of the data. Algumas automakers offer privacy settings that limit collection and sharing, generally available in the multimedia system and connected applications.

What drivers can do now

• Não participate in insurance company telemetry programs, the risks of which outweigh uncertain discounts
• Verificar privacy settings in the car’s multimedia system and applications
• Solicitar copies of personal data collected by car manufacturers when possible
• Solicitar deletion of information in jurisdictions that allow this practice
• Ler privacy policies before accepting terms during new vehicle configuration
• Não connect smartphones unnecessarily to multimedia systems

Caltrider argues that individual measures are insufficient until the rules fundamentally change. “As long as the data is not actually ours and companies do not have to ask for explicit authorization to use it, this problem will only get worse and worse,” said the analyst. The situation represents a growing regulatory challenge as vehicle connectivity increases — consultancy McKinsey estimated that 95% of cars on the road will have an internet connection by 2030, compared to 50% in 2021.