All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
Did you know your car might be tracking your browsing history? As high-tech features and services become more prevalent in modern vehicles, auto manufacturers collect more detailed customer data than ever.
While car companies disclose what data they collect and how it is gathered, it can be difficult to understand. Privacy policies are often hard to find and filled with legalese and dense language. Some manufacturers even collect sensitive data such as medical and biometric information and details about the sex lives of their customers.
Our team at All About Cookies evaluated the official privacy policies of 15 major automotive brands to determine which companies have the most and least accessible data collection disclosures. We analyzed the length, reading level, and data points each manufacturer collects on their drivers.
Automotive privacy policies tend to cover many of the same general topics, with particular attention paid to outlining the kinds of data each car maker collects, how they collect it, and how they use it. However, the number of words each company uses and the complexity of language they employ to convey that information varies from company to company.
/images/2024/01/23/graphic-1-hd-privacy-policy.png)
On average, the 15 policies included in this analysis require a 12th-grade education to understand and came in at just over 7,500 words in length. The average American reads at a 7th- to 8th-grade level, meaning understanding these policies requires reading abilities significantly higher than the average customer’s.
Mazda’s privacy policy is easiest to understand, requiring an 8th-grade comprehension. It is also the shortest, clocking in at around 2,200 words. Mercedes-Benz has the second-easiest policy to read, requiring a 10th-grade education to read its approximately 2,500 words.
Jeep’s privacy policy is the hardest to read despite being the third-shortest, at roughly 3,700 words. Fully comprehending the Jeep policy requires the reader to have the education level of a collegiate postgraduate student. Tesla’s policy is the next hardest to read, on par with the materials taught in a 300-level college course.
Three different car companies employ privacy policies over 10,000 words, led by the 14,000 words in Kia’s policy. Both BMW and Subaru have policies that clock in at under 11,000 words each. Combined, those three privacy policies total nearly 36,000 words, more than 5,000 words longer than John Steinbeck’s famous novel Of Mice and Men.
Much of the information car companies collect is the same no matter what you drive, as just about every company collects and tracks things like demographic data, driving habits, and repairs and maintenance. Some companies collect more unusual pieces of data than others, however, including some that customers might find surprising for car companies.
We wanted to highlight which companies include these kinds of notable and unexpected pieces of information in their privacy policies, covering sensitive subjects such as customers’ sex lives, genetic information, philosophical beliefs, and more.
/images/2024/01/23/graphic-2-hd-car-data.png)
While collecting information on customers from public social media posts is the only interesting inclusion Toyota and Mazda have written into their privacy policies, both Kia and Subaru indicate they track information relating to the sex lives and sexual orientation of customers, as well as tracking religious and philosophical beliefs (including membership in a professional union) and genetic or biometric data, among other data points.
Senior Fellow at the Center on Law and Information Policy
Fordham Law School
Privacy policies are undoubtedly commonly long and complex and often contain vague or ambiguous language, which on one hand, creates flexibility and minimizes risks for the entity who has the policy. However, it makes it difficult for consumers to comprehend and rely on to develop an understanding of what happens with their information.
As lengthy as privacy policies generally are, consumers should review them upfront to understand what information is being collected, how it will be used, and who it will be shared with.
Users should not automatically click “yes” when asked to consent to the use of their information but rather consider whether the convenience and other benefits of whatever service is being offered outweigh the loss of their privacy.
Drivers should consult their car’s privacy policy to understand what information the car will seek to collect, use, and share, and whether and how they can opt out of providing certain information. Privacy-conscious users should refrain from downloading their car’s app, which may collect data even when a user is not in the car, and refrain from enabling Apple’s Car Play or Android Auto Play.
Privacy-conscious users who pair their devices with their car through Bluetooth should decline consent if asked to share their address book or other information. All drivers should delete their data when they turn in a car at the end of a lease or rental. Users should also be sure to delete any apps and terminate their accounts at the end of a lease.
Are there strategies companies use to have consumers consent to more surveillance/data collection when crafting privacy policies?
Some car companies put in their privacy policies that by merely operating a car and/or using associated services, the user is deemed to have consented to the collection of their personal information.
Answers have been edited for clarity and brevity.
The official privacy policies for each car brand were copied and pasted into the Hemingway Editor App, which evaluated them for readability and length. Evaluations were performed in January 2024, using each policy’s most recently released version as of January 2, 2024. Each privacy policy’s “Data we collect” portion (or a similarly-named portion containing the same information) was also manually read and reviewed to find and spotlight any notable data elements collected by different automakers.
Excellent identity theft protection service
Includes a password manager and VPN
Robust tools for children’s security
/images/2023/06/09/aura-review.png)
/images/2023/05/18/deleteme_review-1.jpg)
/images/2024/11/14/norton_privacy_monitor_review.png)
/images/2024/10/31/magnifying_glass_highlighting_digital_profile.png)
/images/2024/10/24/onerep_review..png)
/images/2024/10/24/a_close-up_of_a_hand_holding_a_smartphone_displaying_a_digital_shield__2eLNAOe.png)
/images/2024/10/21/skull_of_death_on_smartphone_screen._hacked_mobile_phone_on_laptop_computer.png)
/authors/josh-koebert_all-about-cookies_writer.png){kind=small}
/images/2023/05/25/logo-aura.png){kind=logo}
/authors/josh-koebert_all-about-cookies_writer.png)