Data collection has become a common practice in an era where technology seamlessly integrates into our daily lives. The amount and type of data collected vary across different technologies, from smartphones to smart homes. One area that has seen significant technological advancement is the automotive industry, with cars becoming increasingly sophisticated. However, a report by Mozilla sheds light on a concerning trend; cars are collecting more data than necessary for their basic functionality.

Adam Molnar, Assistant Professor in the Department of Sociology and Legal Studies and a member of the Cybersecurity and Privacy Institute (CPI) at the University of Waterloo, expressed concern over the privacy risks with cars collecting vast amounts of data. "The alarming findings from this research about the pervasive data collection in cars is a stark reminder of the urgent need for robust privacy protections in the automotive industry”.

"The alarming findings from this research about the pervasive data collection in cars is a stark reminder of the urgent need for robust privacy protections in the automotive industry”.

Adam Molnar, CPI Member & UWaterloo Professor Sociology and Legal Studies

The interplay between extensive data collection and dismal security measures in modern cars, as highlighted in the report, creates a perfect storm for privacy breaches. Molnar emphasizes that this not only exposes individuals to potential misuse of their personal information but also raises significant security concerns that can impact the safety and security of everyone.

Molnar further critiques the current consent model in the automotive sector, describing it as fundamentally flawed and operating under the pretence of choice while effectively cornering consumers into surrendering their privacy. "This is not consent; it's coercion under the guise of compliance".

The Mozilla report underscores the risk of mission creep or access creep, where seemingly innocent data collection for an 'enhanced user experience' could morph into invasive surveillance blurring lines between vehicle functionality and data exploitation.


Charles Eagan, Chief Technology Officer at BlackBerry, understands that modern connected vehicles have intricate software-defined capabilities that can “amplify concerns surrounding data privacy, as the potential for unintended data collection and exposure multiplies and raises critical questions about who manages and protects this data”. Indeed, as the complexity of software in vehicles increases, there must be transparency in data handling and a strong focus on cybersecurity. Eagan reasons that “we must tap into the wealth of knowledge and established best practices in [cybersecurity and privacy]. We’re on this journey together, and the complexity of software-defined vehicles should never mean complexity in the user experience”.

“We must tap into the wealth of knowledge and established best practices in [cybersecurity and privacy]. We’re on this journey together, and the complexity of software-defined vehicles should never mean complexity in the user experience”.

Charles Eagan, Chief Technology Officer at BlackBerry

While acknowledging that a certain amount of data collection in cars is expected, the report highlights that the current practices go beyond what is reasonable; collecting data related to sexual activity, for example. There is a need for a balanced approach that respects and upholds consumers' privacy rights while still allowing for necessary data collection that manufacturers can use to improve their automobiles. This report is a wake-up call. It underscores the need for a paradigm shift in how car companies view and handle data privacy. The industry must pivot from its current data-hungry model to one that respects and upholds the privacy rights of its consumers.