Anyone who has purchased a car in the past decade is familiar with the dazzling wave of technology that greets them: giant touchscreens, voice controls, remote start apps. But behind the gleaming infotainment systems and driver-assist cameras, a subtler, more powerful feature has crept into the modern automobile, the ability to observe, record, and report on virtually every aspect of its use and its users.

For years, consumers have worried about smartphone privacy, Alexa eavesdropping, or social media tracking. However, while attention was directed elsewhere, auto manufacturers quietly built an ecosystem that rivals Big Tech in its reach, and, according to a blistering Mozilla Foundation study reported by AP News, completely fails at protecting consumer privacy. Not even one of the 25 major car brands reviewed earned a passing grade.

Why? Because car companies aren’t just making money off vehicle sales anymore. They’re monetizing your data, and the information they scoop up goes well beyond GPS locations or your driving speed. Think:

  • Biological metrics: Weight, heart rate, even facial expressions via sensors and cameras;
  • Personal details: Information from your tethered phone, call logs, text messages, sometimes even biometric or demographic data; and
  • Highly sensitive information: According to some vehicle manufacturers’ own policies, data on “sexual activity” and “intelligence” can be collected.

Unlike a smartphone app, which must explicitly ask for permissions, car makers hide their consent models deep in paperwork signed under pressure in a dealership. Few read these documents and even fewer realize that 84% of cars reviewed by Mozilla share personal data with brokers and service providers, and 76% claim the right to sell your data.

This has transformed cars into ongoing surveillance devices whose output is not for your benefit, but to be shopped around in a shadowy secondary data market, sold to insurers, marketers, and sometimes even government agencies.

What was once private (e.g., how you drive, where you go, who rides with you) can now raise your costs or be used for purposes you never anticipated. The auto industry claims this is about safety or innovation. While crash detection or predictive maintenance require some data, that argument fails when it comes to collecting genetic or intimate personal information.

In the United States, where state-level rules like the California Consumer Privacy Act are only just beginning to probe this problem, most drivers are exposed by default. Federal lawmakers are only now starting to see the domestic, and even national security dangers. Issues range from stalkers misusing connected apps to fears of foreign adversaries accessing U.S. driver data. But for now, self-regulation prevails—and as Mozilla’s findings make clear, it doesn’t work. Consent screens for cars, buried in sales documents and 50-page privacy policies, simply don’t provide real choice or transparency, particularly when a car is used by multiple drivers or passengers.

In an age when car sensors can identify individual drivers, or capture pedestrians in external footage, the question of whose privacy is being violated gets murky. Passengers (who never agreed to anything), can have their images, voices, and even biometrics swept up by default, an uncharted legal territory, with serious implications for consent and wiretapping laws.

The Alliance for Automotive Innovation touts voluntary, non-binding “consumer privacy principles.” In practice, opting out often means disabling mission-critical functions or navigating a maze of settings and customer service calls—hardly a meaningful choice, and often creating a “take it or leave it” arrangement where convenience trumps privacy.

As cars increasingly become platforms for subscriptions and software updates, the industry must realize that trust is everything. Already, lawsuits are hitting data-sharing arrangements. If automakers don’t fix their practices, a harsh regulatory reckoning is inevitable—one that could curtail the very innovation they celebrate.

Today’s car dealerships are not just selling you a car, they’re enrolling you, and everyone who travels with you, into a sprawling, often poorly regulated data marketplace. As drivers and passengers wake up to this reality, demands for transparency, meaningful consent, and real privacy choices will only grow. The road to the future, it turns out, is paved with data. The question is, do we still control the dashboard, or has the car quietly taken the wheel?