Cars are growing ever-more complex, with their computerized infotainment and connected apps. There’s really no limit to the wonders modern cars can now perform: They can be remote-started from your cell phone, remember your favorite navigation destinations, and collect shocking amounts of data.
Mozilla recently reviewed the privacy practiced of 25 car companies, and all 25 flunked their tests. Tesla’s data practices were industry-worst, but no one in the field seems to have much interest in securing or protecting all that precious information they take from you — and, yes, they’re taking a lot. But Nissan and Kia stood out among the crowd for a unique data set mentioned in their privacy policy: Information on how you bone down.
In their privacy policies, Nissan and Kia state they may collect information about your “sexual activity” and “sex life” respectively. Worse still, Mozilla says both companies seem to be able to sell that data to whoever’s willing to pay. From Mozilla’s review of Kia:
One other thing that Kia does seem to do with your data is sell it. Yuck! We really hate that because they collect so much data and then say they can sell it to make more money. Nearly all the car companies we reviewed did this as well, and it sucks with everyone. They also share it with a lot of the same places they collect your data from. That list includes (once again) “affiliates,” “partners,” “service providers,” “advertising and social networks,” as well as “data analytics, data enhancement, and market research providers.” Kia might also comply with “governmental requests” for your data. Ugh, that word! At Mozilla, we believe your personal information should only be shared with the government and law enforcement when there is a legal obligation to do it. And, even then, as minimally as possible. Kia, please help yourself to our verbiage and do better. Governments shouldn’t simply be able to “request” people’s precise location data and information about their “sex life”.
And from its review of Nissan:
Well, not to be crude, but it would probably really suck have Nissan drawn inferences about you that lead them to believe you are a not so smart, sexually promiscuous, depressed alcoholic who likes to drive really fast on Fridays and Sundays and then sell those inferences to goodness knows who for targeted marketing purposes. We’re not even sure what that targeted marketing would look like and we also really don’t want to know.
In case you were wondering why cyberpunk dystopias feel so relevant right now, it’s because we live in one. Your car may well be collecting information about your sex habits, then turning around and selling that data to corporations so they can feed you more ads for collars, chains, and latex. If we’re going to live in Neuromancer, can we at least all get cool hacker aliases?
UPDATE — Nissan has reached out with the following statements:
In accordance with certain state privacy laws, Nissan discloses both consumer and employee data privacy details in the same report. Our privacy policy is written as broadly as possible to comply with federal and state laws, as well as to provide consumers and employees a full picture of data privacy at Nissan.
To the question of “sexual orientation and sexual activity”: Nissan does not knowingly collect or disclose consumer information on sexual activity or sexual orientation. Some state laws require us to account for inadvertent data collection or information that could be inferred from other data, such as geolocation.
We have clear methods for consumers to opt out of data collection and disclosure, which can be found here.
Statement on Mozilla’s report generally: “Nissan takes privacy and data protection for our consumers and employees very seriously. When we do collect or share personal data, we comply with all applicable laws and provide the utmost transparency. Nissan North America’s Privacy Policy incorporates a broad definition of Personal Information and Sensitive Personal Information, as expressly listed in the growing patchwork of evolving state privacy laws in the U.S., and is inclusive of types of data it may receive through incidental means.”