back to top
HomeTechYour Car Knows More About You Than You Think. Insurance Companies Are...

Your Car Knows More About You Than You Think. Insurance Companies Are Using That Data

- Advertisement -

According to BBC reporting, there’s a man who got a copy of his driving data from a company called LexisNexis. It was 130 pages long. Six months of every trip he and his wife took, logged, packaged, and sold without them knowing. Shortly after, his insurance costs jumped 21%. An insurance agent confirmed the data was a factor.

He hadn’t signed anything that felt like permission. He’d just set up his car’s infotainment system.

That’s where we are with car privacy in 2026. Modern vehicles are collecting your location, your speed, how hard you brake, who’s sitting next to you, and in some cases your weight, age, facial expressions, and driving patterns. Mozilla examined 25 car brands and found every single one failed its privacy and security standards. Cars, Mozilla concluded, were the worst product category it had ever reviewed for privacy. And most people have no idea any of this is happening.

What your car already knows about you

Location data is the obvious one. Your car knows everywhere you go, how often, and at what time. But modern vehicles go further. Sensors in the seats, dashboard, steering wheel, and cabin cameras can capture your weight, your age, your facial expressions, whether you’re wearing a seatbelt, and how you react behind the wheel. Kia’s privacy policy at one point listed “sex life” among the categories of data the company may collect, something a spokesperson later attributed to California’s legal definition of sensitive data rather than actual collection, though the company declined to specify what it does collect.

General Motors sold driver location data to LexisNexis, a data broker that packages and resells consumer information. Both federal and state agencies took action. GM is now barred from selling vehicle data for five years but faces no permanent prohibition and can resume the practice afterward with consent requirements attached. LexisNexis is still buying data from other manufacturers and apps.

Mozilla found 19 of the 25 car brands it studied said they might sell your data. That’s not a loophole. That’s the business model.

The permission structure that enables all of this is the privacy policy you clicked through when you set up your infotainment system. Or the terms you agreed to when you downloaded the companion app. Or the insurance telematics program you enrolled in hoping for a discount. A Maryland analysis found 31% of drivers who enrolled in telematics saw their rates drop. Prices went up for 24% and 45% saw no change. The data collection happened for everyone regardless of outcome.

The law

A federal mandate is coming that will require car manufacturers to install advanced impaired driving prevention technology in new passenger vehicles. The intent is legitimate, keeping drunk and drowsy drivers off the road using infrared cameras and biometric sensors that monitor eye movement, body language, and other behavioral signals.

The problem is the law includes zero provisions addressing what happens to the data these systems create.

Privacy advocates are not arguing against keeping impaired drivers off the road. The argument is harder to dismiss. You are about to have biometric health data, infrared scans of your body and behavior, collected every time you sit behind the wheel, with no rules limiting what automakers can do with it, who they can sell it to, or how long they can keep it.

The National Highway Traffic Safety Administration said it is committed to reducing impaired driving fatalities and continues to address privacy concerns. That’s not a framework. That’s a statement of intent with no enforcement mechanism attached.

Jen Caltrider, who led Mozilla’s car research, put it directly: “So many of the data collecting advances we see in cars are done under the guise of safety.” The impaired driving mandate is the clearest example of that pattern yet. A legitimate safety goal becomes the mechanism for expanding the data collection empire with legal cover and no corresponding protections.

Implementation will likely be delayed because the technology isn’t fully ready. That delay is not a solution. It’s a countdown.

You May Like: DuckDuckGo Installs Jumped 30% as Frustration With Google’s AI Search Grew

Where your data ends up and why that should bother you

Jen Caltrider, who led Mozilla’s car research, describes it this way. Companies take everything they collect and use it to build a picture of who you are, how intelligent you are, what your psychological profile looks like, what your political beliefs might be. That’s what data brokers do with behavioral data at scale.

And once it leaves your dashboard there’s essentially no trail you can follow. There’s no national privacy law in the US that covers this. Individual state protections exist but they’re inconsistent and enforcement is spotty even where rules do exist. Car companies are legally required to disclose their practices in privacy policies but not required to make those policies readable or prominently placed. The consent you gave when you tapped through the setup screen on your infotainment system covered all of it.

Law enforcement can buy this data when they can’t get a search warrant. Employers could factor it into hiring decisions. Advertisers are already using it. The GM and LexisNexis situation became public because a driver got curious and requested his data. Most people never do that. Most people don’t know they can.

Europe is marginally better. GDPR gives drivers some rights to access and delete their data and creates real penalties for violations. But Caltrider is clear that even European drivers are still largely at the mercy of privacy policies and enforcement that doesn’t always happen. The gap between the rule existing and the rule being followed is wide enough to drive a data-loaded truck through.

You May Like: Microsoft and Uber Are Running Into an AI Cost Problem

What you can actually do about it

The clearest win is the insurance telematics program. Don’t enroll unless you’ve done the math and accepted the risk. The discount isn’t guaranteed. The data collection is. A significant chunk of drivers who enroll see no rate change or actually pay more. The program exists because it makes insurance companies money, not because it saves drivers money.

If you’re in the UK, EU, or certain US states you can request a copy of the data your car manufacturer holds on you and demand they delete it. You can opt out of having it sold. Most people don’t know this is an option and car companies aren’t exactly advertising it. Links to manufacturer privacy tools exist and are worth finding for your specific brand.

Some cars offer privacy settings buried in the infotainment system or companion app that limit certain types of data sharing. They’re worth checking. They won’t solve the problem but they narrow it.

Beyond that the options thin out quickly. You can avoid connecting your phone to the infotainment system. You can read the privacy policy before agreeing to it, though that’s an unfair ask given how deliberately unreadable most of them are. You can buy an older car without an internet connection, which is increasingly difficult as connected vehicles become the default.

The uncomfortable truth is that individual action only goes so far when the entire system is designed around extraction. Caltrider said it plainly. Until people own their data and companies have to ask permission to use it rather than bury consent in forty pages of legal text, this problem gets worse not better. The federal mandate on impaired driving technology is arriving soon. The data protections that should come with it are not.

Your car knows a lot about you. Right now the only people who seem to care about that are the ones buying the data.

Don’t miss any Tech Story

Subscribe To Firethering NewsLetter

You Can Unsubscribe Anytime! Read more in our privacy policy

LEAVE A REPLY

Please enter your comment!
Please enter your name here

YOU MAY ALSO LIKE
Anthropic Secretly Tracked Claude Code Users. Then Called It an Experiment

Anthropic Secretly Tracked Claude Code Users. Then Called It an “Experiment.”

0
There's a version of this story where Anthropic was trying to protect itself from large-scale model theft. There's another where one of the AI industry's biggest privacy advocates quietly crossed a line its own users never expected. What makes this headline important isn't just that hidden tracking code existed. It's that the company behind it was Anthropic. Just months ago, Anthropic publicly refused to let the Trump administration use Claude to surveil American users. The company defended that position in court, arguing that AI companies shouldn't become tools for government surveillance. That stance became part of Anthropic's identity. Then came a very different decision. In March, Anthropic quietly added hidden tracking markers to Claude Code that flagged users' timezones, proxy connections, and potential ties to Chinese AI labs. The code remained unnoticed until security researcher Thereallo discovered it last week. After the discovery went public, an Anthropic engineer confirmed it on X, described it as an "experiment" intended to combat account abuse and model distillation, and said the company had already planned to remove it. The tracker was taken down shortly afterward. The bigger question isn't whether Anthropic had a reason. It's whether a company that built its reputation on privacy can afford to hide surveillance from the very developers it asks to trust its tools.
Leanstral AI

Leanstral 1.5: Mistral’s AI Built to Prove Math Ended Up Finding Real Software Bugs

0
Mistral built Leanstral to do something most AI models don't attempt, write formal mathematical proofs that a compiler can verify as correct. Not "pretty sure this is right" correct. Mechanically, provably, no-exceptions correct. That's a narrow use case, and the audience for it is small. What nobody expected was that a model trained on IMO-level math problems and abstract algebra benchmarks would end up running against open-source codebases and finding bugs that testing and fuzzing had both missed. Five of them previously unreported on GitHub.
Open Source AI Coding Agents That Don't Need a Subscription

7 Open Source AI Coding Agents That Don’t Need a Subscription

0
Open almost any "best AI coding tools" list and you'll see the same names: Cursor, GitHub Copilot, Claude Code. They're good tools but they're also closed source and paid. What's changed over the past year isn't the quality of those products, it's how quickly the open-source alternatives have caught up. Some can orchestrate multiple agents, remember your projects across sessions, and automate complex development workflows. Many let you bring your own model, whether that's a local LLM, OpenRouter, OpenAI, GLM-5.2, Ornith, DeepSeek, or something else entirely. More importantly, you're in control. You decide where your code runs, which model powers it, and how your workflow evolves without being locked into a single company's ecosystem. If you've only looked at the paid options, these are the open-source AI coding tools worth knowing about.