Your car knows more about you than most apps on your phone. Modern connected vehicles continuously collect GPS coordinates, driving behavior, voice commands, contact lists, biometric data, and more — then transmit it to manufacturers, insurance companies, data brokers, and advertisers. The car has become one of the most powerful surveillance devices in daily life, and most drivers have no idea how much data is leaving their vehicle or where it ends up.
What Connected Cars Actually Collect
A connected car is any vehicle with internet connectivity, which in 2026 includes virtually every new car sold in the United States. These vehicles are equipped with dozens of sensors, onboard computers, and cellular connections that generate a continuous stream of data far beyond what is needed to operate the vehicle.
Here is what a typical connected car collects:
- GPS location data — precise coordinates recorded every few seconds, creating a complete map of everywhere you drive, park, and stop
- Driving behavior — speed, acceleration, hard braking, cornering, lane changes, and seatbelt usage
- Voice commands — everything spoken to the vehicle's voice assistant, and in some cases ambient audio captured by always-on microphones
- Contact lists and call logs — synced automatically when you pair your phone via Bluetooth
- Biometric data — some vehicles now track driver attention through interior cameras, monitoring eye movement, head position, and facial expressions
- Infotainment activity — what music you play, what stations you listen to, what destinations you search for
- Diagnostic data — engine performance, battery status, tire pressure, and maintenance records
- Cabin environment — climate settings, seat positions, and even weight sensors that detect passenger count
Individually, each data point might seem harmless. Combined, they create a remarkably detailed portrait of your daily life — where you go, who you visit, how you drive, what you say, and who is in the car with you.
Driver Scores Are Being Sold to Insurance Companies
Multiple automakers have been caught generating "driver scores" based on hard braking, rapid acceleration, speeding, and phone use — then selling those scores through data brokers to auto insurance companies. Drivers have reported premium increases of 20% or more without ever consenting to data sharing. A recent settlement resulted in a five-year ban on disclosing geolocation and driver behavior data to consumer reporting agencies, but the broader practice of scoring and selling driving data continues across the industry.
Who Gets Your Vehicle Data
The data your car collects does not stay with the car. It flows through a complex ecosystem of companies and agencies:
- Vehicle manufacturers — collect the broadest range of data and store it on their own servers, often indefinitely
- Data brokers — purchase aggregated and individual-level driving data to build consumer profiles and resell them
- Insurance companies — use driving behavior data to adjust premiums, sometimes without the driver's knowledge
- Advertisers — target ads based on location patterns, travel habits, and in-vehicle behavior
- Law enforcement — request location and driving data through warrants, subpoenas, or in some cases voluntary manufacturer cooperation
- App developers — third-party apps connected to vehicle platforms may access driving data, location history, and vehicle diagnostics
The automotive data industry is entering a new era where vehicle data is increasingly treated as highly sensitive consumer information — but enforcement and transparency have not caught up with the scale of collection.
The Cybersecurity Dimension
Connected cars are not just privacy risks — they are cybersecurity targets. Nearly 500 publicly reported automotive cybersecurity incidents occurred in 2025 alone, spanning remote vehicle access exploits, data breaches exposing millions of driver records, and vulnerabilities in telematics systems that could allow attackers to track or even control vehicles remotely.
When your car is always online, it is always a potential entry point. The same cellular connection that enables navigation updates and remote start also creates an attack surface that did not exist a decade ago.
Regulatory Landscape: What Is Changing
Regulators are beginning to address the connected car privacy gap. The most significant development is the US Bureau of Industry and Security (BIS) Connected Vehicles Rule, which became effective on March 17, 2025. This rule addresses national security risks from foreign-origin technology in connected vehicles, specifically targeting components and software from countries of concern.
While the BIS rule focuses on national security rather than individual consumer privacy, it signals a broader recognition that vehicle data collection poses serious risks. Several state privacy laws — including those in California, Virginia, and Maryland — also apply to vehicle data, giving consumers the right to know what is collected and to request deletion.
However, there is no comprehensive federal law specifically governing automotive data privacy. The industry largely self-regulates, and manufacturer privacy policies are often buried in lengthy terms of service that few drivers read before clicking "accept" on their dashboard.
How to Protect Your Privacy in a Connected Car
1. Review Your Vehicle's Privacy Settings
Most connected cars have privacy or data-sharing settings buried in the infotainment system menus. Look for options related to location sharing, data collection, and connected services. Disable anything you do not actively use. This is the single most impactful step you can take.
2. Opt Out of Data Sharing Programs
Many manufacturers enroll you in data sharing by default. Check your manufacturer's app and website for opt-out options. Look for programs labeled "connected services," "vehicle health," "driver feedback," or "usage-based insurance." Opt out of all of them unless you have a specific reason to stay enrolled.
3. Be Careful When Connecting Your Phone
When you pair your phone via Bluetooth or USB, many vehicles automatically download your full contact list, recent call history, and text messages. If you sell or return a leased vehicle, this data may remain on the car's system. Only sync your phone when necessary, and always perform a factory reset of the infotainment system before transferring a vehicle to anyone else.
4. Disable Telematics If Possible
Some vehicles allow you to disable the cellular telematics module entirely, though manufacturers make this difficult because many connected services depend on it. Check your owner's manual or contact customer service to find out what options are available. Be aware that disabling telematics may affect features like remote start, emergency calls, and over-the-air updates.
5. Review the Manufacturer's Privacy Policy
Before purchasing or leasing a vehicle, read the manufacturer's privacy policy. Look specifically for what data is collected, who it is shared with, how long it is retained, and whether you can request deletion. Some manufacturers are more transparent than others — and this should be a factor in your purchasing decision.
Factory Reset Before Selling or Returning a Vehicle
Before you sell, trade in, or return a leased vehicle, delete all paired phones, erase saved addresses, clear your navigation history, remove any stored Wi-Fi credentials, and perform a full factory reset of the infotainment system. Your personal data should not go home with the next driver.
6. Limit In-Car Voice Assistants
Built-in voice assistants process your commands through cloud servers, creating logs of your requests. If you do not use the voice assistant regularly, disable it. If you do use it, periodically review and delete your voice history through the manufacturer's app or website.
7. Monitor Your Data Broker Exposure
Vehicle data is most dangerous when combined with the personal information data brokers already hold about you — your home address, workplace, family members, financial details, and daily routines. When a broker links your driving patterns to your identity, they can build a profile that reveals virtually everything about your daily life.
PrivacyOn removes your personal information from over 100 data broker sites and continuously monitors for re-listings. By cutting off the data broker pipeline, you reduce the ability of third parties to connect your vehicle data to your identity. Combined with dark web monitoring, PrivacyOn helps ensure that driving data leaks and automotive breaches do not become full-blown identity exposure.
The Road Ahead
Connected cars are not going away — if anything, the volume of data they collect will only increase as vehicles gain more sensors, more connectivity, and more autonomous capabilities. The industry is slowly moving toward treating vehicle data as highly sensitive consumer information, but progress is uneven and enforcement is limited.
The best defense is awareness combined with action. Review your vehicle's settings today, opt out of data sharing programs you did not choose, and use a service like PrivacyOn to keep your personal information out of the broker ecosystem where vehicle data goes to be matched, enriched, and resold. Your car should take you where you want to go — not broadcast your life to the highest bidder.