Modern vehicles act as data hubs, streaming location, speed, seatbelt use and facial expressions to manufacturers and third parties. A 2021 McKinsey study reported half of cars online, projected to reach 95% by 2030. Data streams travel over cellular links, bypassing driver awareness and often lacking opt‑out mechanisms. This surveillance fuels insurance pricing and broader commercial exploitation.

Automakers openly list sensitive categories—age, weight, race, health metrics—in privacy policies. Kia’s terms mention possible collection of “sex life” data, though a spokesperson claims it never occurs and cites California’s definition of sensitive information. Mozilla’s 2023 review rated brands below its standards, labeling cars “the worst product category for privacy.” Such disclosures give insurers granular risk models, but consumers rarely see how profiles are built.

Regulators are preparing mandates that would require infrared biometric cameras and driver‑monitoring systems, expanding the data pipeline to health and behavior signals without usage limits. Past breaches, such as GM selling location logs to LexisNexis, triggered FTC penalties but left a path for sales with consent. Drivers must audit settings to curb tracking. Without limits, data brokers can resell streams to marketers, raising privacy risks.