Connected Cars, Hidden Data: How Could We Rebuild Trust on the Road?

Cars have become computers on wheels. Every trip now generates a steady stream of telemetry, location, voice, and behavioural data, with most manufacturers saying that they might sell this data to third parties.

The rules governing that data have not kept pace. Mozilla Foundation audit found that none of the 25 major car brands it reviewed met basic privacy and security standards. Many collect sensitive data, including biometrics, location history, and inferred personal traits, while offering users little transparency or control.

The automotive industry is a microcosm of the wider data-governance challenge: technology advancing faster than the protections designed to regulate it. The question is no longer whether cars collect data, but how responsibly they handle it — and what we can do about it.

What Modern Vehicles Actually Collect

The scope of the collection goes well beyond navigation. Modern connected vehicles gather precise GPS coordinates, biometric signals from driver monitoring cameras, behavioural patterns like acceleration and braking, audio recordings from voice systems, and data pulled from connected mobile apps, including contacts, calendars, and browsing history.

It doesn't stop there. Mozilla found that car brands create inferences about drivers from collected data, and many purchase additional information from third-party brokers — including financial information and genetic data. Six of the 25 brands examined had privacy policies reserving the right to collect genetic information, while multiple brands, including Nissan and Kia, explicitly mentioned collecting data about drivers' sexual activity.

The volumes are staggering. BMW processes more than 110 terabytes of data every day across its connected fleet of over 20 million vehicles. Tesla's 5 million FSD-equipped vehicles drive an estimated 50 billion miles per year, generating a relentless stream of real-world training data for its autonomous driving stack.

The Security Failures 

Volume alone wouldn't be concerning if manufacturers were good stewards of this data. They largely aren't. Mozilla found that 68% of the brands surveyed had recent data breaches or security incidents. 

The breaches aren't small or isolated. Volkswagen and Audi exposed data on 3.3 million customers and prospective buyers, including contact details, vehicle information, and in tens of thousands of cases, sensitive personal data, including driver's license numbers and Social Security numbers.

Toyota exposed the vehicle data of 2.15 million users in Japan, almost its entire cloud service customer base, for nearly a decade. A single human error in 2013 set a cloud system to public instead of private, and the company had no mechanism in place to detect it until 2023.

What makes these breaches concerning isn't just their scale. It's the context and the reach. A leaked driver's license number tied to a vehicle, a location, and a behavioural profile is categorically more sensitive than most retail data leaks. And the risk doesn't stay inside the manufacturer's walls. It travels with every vendor, supplier, and data broker that touches the pipeline.

Real-world hacking incidents make the stakes concrete. In 2015, security researchers demonstrated a remote takeover of a Tesla Model S—building a backdoor that allowed them to stop the car while it was driving. When Fiat Chrysler faced a similar hack of the Jeep Cherokee that same year, they had to physically recall 1.4 million vehicles. Tesla, with over-the-air update capability, patched the vulnerability fleet-wide within days.

The Data Business

But security failures are only part of the problem. The bigger issue is deliberate data sharing.

Mozilla found that 76% of car brands can sell personal data to third parties, using deliberately vague policy language to avoid full disclosure. Fifty-two percent share data with government and law enforcement on informal request.

The commercial incentive is significant. The emerging automotive ‘infotainment’ market, the ecosystem of connected services, subscriptions, and data-driven features built on top of vehicle data, is projected to reach $14 billion by 2030. For manufacturers, the data their vehicles collect isn't just a byproduct of connectivity. It's a revenue stream.

The Governance Gap

The regulatory landscape for automotive data privacy is fragmented. GDPR provides some protections in Europe. The UN ECE R155/R156 standards for cybersecurity, also adopted in Europe, represent progress. Mercedes-Benz and BMW both offer opt-out options under these frameworks. But compliance varies dramatically, and most manufacturers fall well short.

Responses to Senator Ed Markey's 2024 inquiry into automaker privacy practices confirmed the picture: across dozens of manufacturers, commitments to data minimisation and user consent were either inconsistent or absent.

The structural problem is that automotive regulation evolved around physical safety, such as crash tests, emissions, and braking distances. Privacy was an afterthought. It still is, for most of the industry.

Privacy-Enhancing Technologies: A Technical Solution

While waiting for regulation to catch up, privacy-enhancing technologies can offer solutions. A comprehensive 2022 study by BMW Group researchers, the Technical University of Munich, and the University of Potsdam, mapped PETs to eight key automotive application domains. Here's where the strongest cases lie.

Differential Privacy adds calibrated noise to statistics, ensuring individual records can't be identified while preserving statistical utility. In automotive contexts, this enables fleet-wide predictive maintenance analytics, aggregate traffic pattern analysis, and machine learning trained on driving behaviour, all without exposing individual vehicle data. Google, Apple, and the US Census Bureau already deploy it at scale.

Federated Learning trains models across distributed devices without centralising raw data. Instead of uploading raw sensor feeds, vehicle data stays local and only model updates are shared. This makes it viable for improving the algorithms behind advanced driver assistance features, such as automatic braking, lane detection, and collision warnings, across millions of vehicles, or training driver attentiveness detection without ever storing biometric data in the cloud.

Homomorphic Encryption enables computation on encrypted data — a third party can process vehicle information and return results without ever seeing plaintext. The computational overhead is significant, but for high-value use cases like outsourced diagnostics or usage-based insurance calculations, it might be viable.

Secure Multi-Party Computation allows multiple parties to jointly compute on private data without revealing inputs to each other. In automotive supply chains, this enables cross-manufacturer safety benchmarking and industry-wide analytics without exposing proprietary data.

Trusted Execution Environments create hardware-isolated secure regions for processing sensitive data.TEEs are increasingly embedded in automotive systems, enabling in-vehicle biometric processing in isolated enclaves and cryptographic proof that data was handled in a verified, secure environment. 

BMW has already deployed this in practice: as part of migrating its identity and access management systems to Azure Confidential VMs, the company used TEEs to keep employee credentials, passwords, and authentication data encrypted even during processing, eliminating attack paths while maintaining performance and supporting a broader shift to Zero Trust architecture.

Synthetic Data Generation creates artificial datasets that preserve statistical properties of real data while containing no actual personal information. This can be useful for training autonomous systems, sharing datasets with third-party developers, and testing across conditions that can't be captured in real-world collection.

No single PET solves everything. The right approach depends on what you're computing, how many parties are involved, whether authenticity needs to be verified, and what the data volume looks like. Often, the most robust implementations combine several. Together, these tools shift the industry from trust-based governance to proof-based protection—where compliance can be verified rather than assumed.

Signs of Change

Some manufacturers are moving. BMW's work with GAIA-X, the European initiative to build a federated, secure data infrastructure, reflects a broader commitment to building privacy into its data architecture rather than relying on contractual assurances alone.

That work has extended into Catena-X, a broader data ecosystem that networks the entire automotive value chain. It connects suppliers, manufacturers, and technology partners on a shared, standardised platform built with data sovereignty and GDPR compliance as design requirements. It's an early but meaningful example of what industry-wide privacy-by-design can look like in practice.

Mercedes-Benz's "Mercedes me connect" app represents progress at the consumer end. It provides clear information about what each service requires and how data is processed, with genuine opt-out options.

These are still exceptions. The gap between best practice and common practice remains significant, and as software-defined vehicles become standard, it will widen without deliberate intervention.

Bottom Line: Privacy by Architecture, Not Policy

Connected vehicles present a unique privacy challenge: they collect deeply personal data at a massive scale, in contexts where people have limited alternatives, with governance structures designed for a pre-digital era. Privacy-enhancing technologies offer a different approach: build privacy into the technical architecture. 

The automotive industry faces a choice. Continue current practices and face inevitable regulatory backlash, security breaches, and consumer pushback. Or proactively adopt PETs, differentiating on privacy protection while maintaining the data analytics capabilities modern vehicles require.

For enterprise decision-makers evaluating automotive data partnerships, the risks are clear. Third-party access to vehicle data creates liability exposure, regulatory risk, and reputational concerns. 

The technology exists. The use cases are mapped. The only question is whether the industry will adopt PETs proactively or wait for regulation and breaches to force their hand.

Oblivious provides enterprise-grade privacy-enhancing technology solutions that implement differential privacy and confidential computing. Contact us to discuss how PETs can protect your automotive data workflows while maintaining analytical capabilities.