You’re Being Watched—And Your Car Is The Snitch

Don’t get caught in the illusion of convenience: Your car is a data harvesting machine.

Modern vehicles are no longer just transportation machines—they are networked data terminals on wheels. The rise of software-defined vehicles (SDVs) has transformed automobiles from mechanical marvels into always-connected data collection platforms, constantly feeding telemetry back to manufacturers, insurers, and third-party data brokers. 

What began as incremental digitization—OBD-II ports, infotainment systems, and GPS navigation—has exploded into a full-scale surveillance apparatus, where every acceleration, braking event, and even cabin conversation can be logged, analyzed, and monetized. 

The automotive industry insists these advancements are purely for safety, convenience, and performance optimization. But beneath the glossy marketing of over-the-air (OTA) updates and "smart features" lies an uncomfortable truth: your car knows more about you than your smartphone, and automakers have no intention of letting you opt out. 

See also: 

My BMW Threw A Tantrum Because Of A Speck Of Dust—Bring Back The ‘90s 

The Anatomy Of A Spy: What Your Car Tracks (And Who Gets It)

From the moment you press the start button, your vehicle begins logging data. Basic metrics like speed, throttle position, and fuel economy are just the beginning. 

Advanced driver-assistance systems (ADAS) rely on cameras, radar, and LiDAR to monitor surroundings, but these sensors also capture footage of pedestrians, other vehicles, and even private property—raising questions about who owns that data. 

Infotainment systems sync with smartphones, scraping contact lists, text messages (often via unencrypted SMS backups), and location history. Some vehicles, like certain GM models, employ in-cabin cameras to monitor driver attentiveness, while Tesla’s "Sentry Mode" records 360-degree video of parking lots, blurring the line between security feature and mass surveillance.

GM's Super Cruise system includes a driver attention system with a small camera on the steering column and infrared LEDs to track the driver’s head and eye position when hands-free driving is engaged. If the driver appears distracted, the system issues alerts to re-engage their focus. 

In fact, GM has expanded its Driver Attention Assist feature to models like the 2025 Cadillac Escalade IQ and 2025 Chevrolet Tahoe. 

Then there’s the black box. 

Modern event data recorders (EDRs), mandated in the U.S. since 2014, capture pre- and post-crash information, including steering angle, brake application, and seatbelt status. While useful for accident reconstruction, this data is increasingly accessible to insurers and law enforcement—often without a warrant. 

While some states require owner consent or a court order, others allow law enforcement and insurers to retrieve EDR data under certain circumstances.

The most alarming trend, however, is the normalization of real-time telemetry streaming. Companies like Tesla, BMW, and Ford transmit vehicle data continuously to corporate servers under the guise of "diagnostics" or "service optimization." 

In reality, this data is a goldmine for behavioral profiling. Hard braking? Your insurance rates might rise. Frequent late-night drives to fast-food restaurants? Expect targeted ads for heartburn medication. 

Over-the-Air Updates: The Trojan Horse Of Control

OTA updates were initially marketed as a consumer-friendly alternative to dealership visits—no more recalls for software patches. But this convenience comes at a cost: absolute manufacturer control. 

Tesla has repeatedly demonstrated this power, remotely disabling features, altering battery performance, and even restricting vehicle functionality for owners who attempted independent repairs. In 2022, a German court ruled that Tesla’s practice of throttling Supercharging speeds via OTA updates without customer consent was illegal. Yet automakers continue to push the envelope. 

BMW now offers "subscription-based" features like heated seats, where hardware already installed in the car is locked behind a paywall—enforced by remote software. While the German marque discontinued this practice due to customer backlash, the company has now pivoted to driver assistance and parking features software-based subscriptions. 

Worse, OTA systems create new attack surfaces for hackers. Researchers have demonstrated exploits that allow remote hijacking of steering and braking systems in connected vehicles. 

For example, cybersecurity experts have demonstrated how hackers can exploit vulnerabilities in infotainment systems, digital radio signals, and vehicle networks to gain control over critical functions like braking and steering. One well-known case involved researchers remotely taking control of a Jeep Cherokee, forcing it off the road by manipulating its brakes and steering. 

Automakers have since worked to improve cybersecurity measures, but connected vehicles remain potential targets for cyberattacks. While manufacturers claim their systems are secure, the rush to monetize vehicle data has consistently outpaced cybersecurity investments. 

Who Owns Your Data? (Spoiler: Not You)

Legally, the answer is murky. In the U.S., the 2015 Driver Privacy Act nominally grants ownership of EDR data to the vehicle owner, but loopholes allow manufacturers to share aggregated data with third parties. 

Privacy policies buried in infotainment terms of service often grant sweeping permissions—Toyota’s policy, for example, admits to sharing location data with "service providers, law enforcement, and other third parties." 

See also: 

If You’re Going To Have An Accident, It Might As Well Be In These Five States 

The European Union’s GDPR imposes stricter consent requirements, but enforcement is inconsistent. A 2023 study by the Mozilla Foundation found that cars are the worst category of products for privacy, with manufacturers like Nissan openly admitting they collect "sexual activity, health diagnosis, and genetic data" from connected vehicles. 

The study also found that 84% of car brands share or sell personal data, and more than half will provide data to law enforcement upon request. Meanwhile, data brokers like LexisNexis and Verisk have built lucrative businesses repackaging driving behavior for insurers. 

A 2024 Reuters investigation revealed that GM shared detailed trip data (including hard acceleration and speeding) with these firms without explicit driver consent. Specifically, GM was found to have shared driver behavior data with LexisNexis and Verisk, which repackaged it for insurers. 

Reports indicate that some drivers were unknowingly enrolled in GM’s OnStar Smart Driver program, which collected data on mileage, braking, acceleration, and speed. This data was then sold to insurance companies, leading to higher premiums for some drivers. Following public backlash, GM ended its data-sharing practices with LexisNexis and Verisk in March 2024. 

The Myth Of Anonymization

Automakers often claim collected data is "anonymized," but this is a fiction. A 2021 study by the University of Washington demonstrated that even coarse location data—such as a vehicle’s nightly parking location—can uniquely identify individuals with 90% accuracy when cross-referenced with public records. 

Geographic Information Systems (GIS) play a significant role in mapping and analyzing spatial data, but they also raise privacy concerns, and research has shown even anonymized location data can be used to infer personal identities when cross-referenced with other datasets. 

People typically follow unique movement patterns—regularly traveling between home and work, making it possible to identify them based on location history. By combining GIS data with public records, social media check-ins, or mobile phone metadata, personal details can be uncovered. 

Researchers have liked even coarse location data, like a vehicle’s nightly parking spot, to specific individuals with remarkable accuracy. 

Another concern is third-party data sharing. Many companies collect and make location data accessible to advertisers, insurers, and law enforcement. Studies have found that just a few location points can be enough to re-identify individuals. This raises important ethical and legal questions about data privacy. 

More insidiously, "personalized" services like voice assistants and navigation require linking data to specific users. Tesla’s AI-powered "Full Self-Driving" system uploads video snippets to train its neural networks, raising ethical questions about bystander consent. 

Is Privacy-Centric Driving Possible?

Technically, yes—but manufacturers are making it deliberately difficult. Disabling connectivity often cripples functionality: BMW’s ConnectedDrive, for instance, blocks remote lock/unlock and real-time traffic without a subscription. 

Tesla’s diagnostic tools are walled behind proprietary interfaces, while third-party solutions like "dongle hacking" risk voiding warranties. Legislative efforts like the Right-to-Repair movement and proposed U.S. data privacy laws could force transparency, but automakers are lobbying fiercely against them. 

For now, the only surefire way to opt out is to drive a pre-2010 vehicle—a choice increasingly at odds with emissions regulations pushing older cars off the road. 

The High Cost Of ‘Smart’ Cars

The trade-offs are clear: in exchange for marginally improved convenience, drivers surrender unprecedented levels of privacy and autonomy. The automotive industry, emboldened by lax regulation and insatiable data markets, has turned vehicles into the ultimate surveillance tool—one that reports your every move back to corporate masters. 

Until consumers demand ownership of their data—and lawmakers enforce it—the "connected car" will remain a privacy dystopia on wheels. The question isn’t whether your car is watching you. It’s who else is watching, and what they plan to do with it.