Modern vehicles do more than just transport drivers from Point A to Point B. Many new cars now come equipped with internet connectivity, integrated data systems, and technology that communicates with the world giving a whole new meaning to “mobility”.
To be clear, this article is not about telematics added to a vehicle as part of a commercial agreement; it’s about inbuilt functionality from the vehicle manufacturer.
These connected cars are often lauded for their promise of improving safety, enhancing comfort, and providing a more convenient experience for the driver. Features like GPS navigation, remote functionalities, safety sensors, and automated heating/cooling systems are becoming the norm for cars.
But the very system that makes these convenient features possible is also opening up drivers to privacy risks.
These connected vehicles are turning into powerful surveillance tools that collect and transmit data on a vehicle’s operation as well as detailed personal information about drivers their passengers, and their day-to-day lives.
More Than Just Vehicle Data
A study, called Driving Blind: The Unexamined Privacy Risks of Connected Cars, published in November 2024 by Dr Katharine Kemp from the University of New South Wales revealed the true cost of convenience when it comes to these connected vehicles.
Often, drivers are able to remotely heat, cool, lock, or unlock their car, locate where it is parked, check fuel levels and tyre pressure, and even use its internal and external cameras to view its surroundings and interior.
But these cars don’t just monitor engine performance and battery life, they also capture location data, driving behaviours, voice recordings, facial expressions, and even details about who travels in a car.
The research highlights how Australian car brands offering connected services frequently:
- fail to clearly explain what data is collected,
- make it difficult for consumers to understand or compare privacy terms,
- and in many cases, don’t meet their obligations under the Privacy Act 1988.
Some brands even reserve the right to collect additional personal information from third parties. They may also share your data with law enforcement or insurance providers, sometimes without your knowledge or consent.
The Risks Go Beyond Marketing
Connected vehicles can collect a wide range of direct data, including real-time location, routes, and travel time. They can also gather internal audio, images or video, and voice or text communications. In addition, they may collect biometrics like heart rate, facial arrays, iris scans, and head or eye movements.
If improperly accessed, this direct data can be used to infer information that violates the privacy of the driver and their family and friends.
For example, personal information like where a person lives or works, or where their children go to school, may be inferred from this data. Even details like their family status, political beliefs, or religious affiliations could be uncovered.
Vehicle speed and known traffic rules at certain locations can point to possible traffic infringements, while crash data may be used to assess fault or criminal behavior prior to an incident.
Meanwhile, internal audio recordings can capture conversations, revealing identities, personal relationships, or private plans.
Even other devices used in the car, like phones or tablets, can provide information about the driver and passengers. These devices can reveal details about their movements, habits, and personal lives.
While much of this data collection is marketed as a way to personalise the driving experience and to improve safety, potential misuse can be alarming. Some serious risks include:
- Domestic violence and stalking: Abusers could exploit vehicle data to track victims.
- Theft and blackmail: Hackers could intercept sensitive data or manipulate vehicle functions.
- State surveillance: Law enforcement could access vehicle data without a warrant.
- National security threats: Foreign governments might gain access to personal and location data stored overseas.
A Need for Reform
Dr Kemp’s report calls for urgent privacy law reform in Australia, including:
- A clearer definition of “personal information” to cover all data that reasonably identifies someone.
- Stronger requirements for genuine consent, not buried in fine print.
- A “fair and reasonable” test to prevent harmful or excessive data collection.
Until these legal reforms are in place, drivers remain vulnerable. Dr. Kemp also stresses that privacy protections must be built into the design of vehicles. There must also be clear options for users to opt out of non-essential data sharing.
Connected cars are here to stay, and they’ll only become more sophisticated. But just as drivers have embraced vehicle safety, sustainability, and efficiency, privacy must become part of the conversation.
The question is no longer whether cars collect data; it’s whether we’re doing enough to protect the people behind the wheel.
Did you find this article interesting? Click the ‘heart’ button above to give it a ‘like’!
