Hidden Behind the Wheel: The Alarming State of Data Privacy in New Vehicles | Nordgren Law: Automotive Litigation and Lemon Law

In an era of advanced technology, where cars are becoming more connected and intelligent than ever, data privacy is often overlooked. Recent revelations suggest that cars are veering off course, earning them an alarming “F” rating in data privacy. In fact, they rank as the lowest-performing category when compared to tech products like fitness trackers and smart speakers, according to a study conducted by the nonprofit Mozilla Foundation.

From Vehicle to Data Gathering Hub

The modern vehicle, with its proliferation of sensors and advanced technologies, has transformed into a data-collection hub. Telematics, digital control systems, and various sensors allow cars to collect an abundance of data. However, despite involving some of our most personal information, vehicle owners have little to no control over the data collected, which raises serious privacy implications.

The investigation by the Mozilla Foundation not only revealed the extent of data collection but also raised concerns about vague security standards in the automotive sector. The automotive industry has a historical vulnerability to cyberattacks, and this lack of standardized security protocols leaves vehicle owners unnecessarily at risk.

Perhaps the most concerning finding is that none of the 25 car brands reviewed met Mozilla’s minimum privacy standards. This stands in stark contrast to other tech categories, emphasizing the urgent need for improved data privacy practices in the automotive industry.

The Ford Privacy Class Action Lawsuit

To illustrate the real-world implications of data privacy in vehicles, a recent class action lawsuit focused on Ford’s infotainment systems, designed to facilitate hands-free phone usage. However, the lawsuit alleged that these systems were doing more than just aiding phone calls.

According to the complaint, Ford’s infotainment systems were capable of downloading, copying, and indefinitely storing call logs and text messages from connected cell phones. Even if users deleted this data from their phones, it remained stored on the vehicle’s onboard memory, inaccessible and unerasable by vehicle owners.

Plaintiffs Mark Jones and Michael McKee argued that their private communications were unlawfully recorded and stored on their Ford vehicles, violating the Washington Privacy Act. While Ford claimed it did not directly access this data, the lawsuit alleged that a third-party company, Berla Corporation, had the capability to extract and store text messages and call logs from the vehicle’s onboard memory.

Despite these allegations, the Ford privacy class action lawsuit faced dismissal, as the plaintiffs failed to establish injury to their “person,” “business,” or “reputation” as required by the Washington Privacy Act. Nevertheless, the legal battle underscores the complexity of data privacy issues within vehicles and the need for clearer standards to protect the rights and privacy of not only vehicle owners but passengers as well.


Data privacy in new vehicles is a pressing concern that cannot be ignored. As cars continue to evolve into data-collection hubs, the need for transparency and control over personal data becomes paramount. The willingness of car manufacturers to share data with government agencies without court orders raises significant legal and civil liberties concerns.

The Ford privacy class action lawsuit demonstrates that real-world challenges exist, but it also highlights the need for well-defined standards and regulations to protect the data privacy of vehicle owners. As we continue to embrace connected and smart vehicles, we must ensure that privacy rights are not left in the rearview mirror.