Cars today collect more than 200 different data points. Most of these data points are not only interesting to car manufacturers themselves. Research done by McKinsey shows a potential $450 billion to $750 billion industry for automotive data by 2030.
In fact, some car companies are already selling data to third parties and governments. Otonomo, an Israeli startup, collects and sells the anonymized location data of cars all over the world (which journalists have easily been able to de-anonymize ).
Since I am in the market for a new car, I don't want to buy a car from a manufacturer that profits from selling my personal data. I visited the websites of different brands to find how my potential new car treats my personal data. For each brand, I documented that process and how long it took. You would think that car companies inform their customers about how they treat their data but the results are shocking.
The first contender for my next car is the Volkswagen Golf. I start my timer and visit volkswagen.co.uk. First, I navigate to the specific page for the Golf. This page is incredibly long and contains all the features, specs, versions, and more. I expect to find some information under the technology section but each feature has only a little explanatory text.
I keep on searching for a while but after 21 minutes, I decide to open a chat on the website and ask if the customer service agent can point me in the right direction. In the meantime, I keep searching. The only results related to privacy and Volkswagen are news articles with negative customer stories about how personal data is being managed by Volkswagen.
These are features that are not available in the other countries so it made me think about whether the car collects data at all? If it doesn't, it would have been great to mention that somewhere. But judging by features like Parking Position, Area Alert, and other connected services that rely on sensor data, I can't believe that Volkswagen does not collect and process personal data outside of the US and Germany.
In the meantime, I receive regular updates from the customer service agent, stating that my case is under investigation. After more than two weeks I finally receive an answer: "I have contacted our internal Brand Support Team who have now received a response from Product. Unfortunately Volkswagen UK would be unable to comment on this query."
Incredible. Volkswagen, a manufacturer that sells more than 10 million vehicles per year, either can't or won't tell me what personal data its products collect.
I have more hope for Mercedes, as an expensive, innovative brand, I expect them to be further ahead. Mercedes is mentioned as one of the partners on a slide deck of Otonomo, so I expect them to be transparent about how they share my data with third parties. Unfortunately, my story is not too different from Volkswagen's.
After 11 minutes, I ask a customer service agent in the chat and it takes him 9 minutes to send me a link to the marketing page I already found. He then refers me to the customer service email address so I sent an email.
After 2 weeks of waiting, I receive a reply with a link to the Mercedes Me Privacy Portal. Where I can't log in. Because I am not a customer. sigh
Much like Mercedes and Volkswagen, Toyota only has very basic information on their website explaining the tech features of their cars. Similar to Mercedes and Volkswagen, there is no trace of any information related to data privacy on the UK website.
Again, after more than half an hour I give up. But this time, I can't even find a customer service department to reach out to as everything goes via the dealership network at Toyota. I also try the Dutch, German, and Belgian websites but without success.
In the list, I find 'Audi Connect Terms and Conditions'. Finally! Unfortunately, it only relates to the customer accounts on the website and not the vehicle. Furthermore, multiple privacy statements and pages on the website mention data privacy, and all refer to login.audi.com. It seems that, just like with Mercedes, you need to be a customer before you can find out how Audi treats your personal data.
If you know where to look, it is available from the home page with two clicks. However, it only concerns the ConnectedDrive services. I don't know if there are other products or services inside the car that collect my data. Contrary to Audi, BMW has a short document that is easier to read and navigate. But like Audi, it does not go into specifics.
Next up is Volvo. My hopes were high for Volvo as in my mind, it is the most user-centric and friendly brand on my list. With its focus on safety, I somehow also expect Volvo to be transparent about data privacy.
Like with the other brands, I start browsing the pages of the specific model for some time without luck. I quite quickly give up and after 3 minutes, I click on 'privacy' in the footer.
Audi is only slightly better but finding the hard-to-read policy was too difficult. BMW was the first brand for which I felt some kind of willingness to share information. But Volvo and Tesla were the two brands with the best policies. But it does not mean that the others should follow their example. It should not have to take minutes to read through a boring, long document to find out how a company is treating your personal data.
It would be so much better if the privacy information is located on the model page of a car and not in a general footer. And if it is placed there, why not make it specific to that particular model.
To make these changes, car companies don't have to reinvent the wheel. A great example of a company that does this right is Apple. Recently, they introduced a dedicated, standardized privacy section in their app stores. It shows in clear language what data is collected and for what purposes.
Imagine a similar section, but on the specific page of a model, relating to the car as a whole and in clear language. If the car industry will indeed pursue the business model of selling customer data, it will have to make some big changes to set the right expectations for its customers.