We think of privacy as something that Apple reminds us of on our phone when browsing and when we go to a website using the Captain Compliance Consent banner but we can forgive ourselves that we may forget that our car might be the ultimate snitch on wheels. Modern vehicles aren’t just transportation; they’re rolling data farms, harvesting everything from your location history to your driving habits, often without a whisper of consent. A new report from Privacy4Cars shines a glaring headlight on a sliver of hope: automakers’ websites and customer portals, those digital gateways to your vehicle’s soul, are finally showing signs of privacy improvement—thanks largely to the sting of regulation.
Privacy4Cars evaluated 44 car brands on a 0-5 scale, focusing on how easy it is for consumers to protect their data through websites and portals. The criteria? Things like seamless opt-out requests to halt data sales, straightforward data deletion processes, and effective cookie blocking—basics that should be as standard as seatbelts. Yet, the median score across the board? A dismal 1.7. That’s barely a passing grade in privacy kindergarten. Most brands flunked, scoring below 60% on the 12-point checklist. Subaru led the pack among the unchanged with a 3.8, while Polestar and Rivian tied at 3.3. But the real hero—or reformed villain—is American Honda Motor Co., which skyrocketed from a pitiful 0.8 to a near-perfect 4.6 after a regulatory action that we covered and put them in the spotlight before being on their best behavior.
What sparked Honda’s turnaround? A hefty $632,500 fine from California’s privacy enforcers for violating the California Consumer Privacy Act (CCPA). The automaker was dinged for forcing customers to share excessive personal info with third parties without proper disclosures or opt-out options. Post-fine, Honda revamped its practices in just eight weeks, implementing new procedures that make asserting privacy rights as simple as starting the engine. Andrea Amico, Privacy4Cars’ founder and CEO, nails the bigger picture: “When companies make changes and those changes benefit consumers, they should get credit in this way. Privacy is taken out of the fog, and it becomes something that companies can compete on — and if they do that, I think that this is going to be an innovation flywheel that keeps improving over time.” It’s a refreshing take: Turn privacy into a competitive edge, like crash-test ratings, and watch the industry race toward better standards.
Honda isn’t alone in the fast lane. Ford, Polestar, Rivian, and Volvo—all initially low scorers—made swift upgrades within three weeks after Privacy4Cars shared the findings. Ford’s spokesperson affirmed, “Privacy is a priority at Ford. We comply fully with all consumer privacy laws and extend key rights, such as the ability to access and request deletion of personal information, to all our customers in the U.S., regardless of their state’s specific laws.” Volvo echoed the sentiment: “It is and always will be about safety, including the protection of data. All data is processed in accordance with applicable law.” Yet, the Alliance for Automotive Innovation, the industry’s lobbying arm, pushed back, questioning the methodology: “We still have major questions about Privacy4Cars’ methodology and business practices. The criteria this group used to grade automakers doesn’t reflect the industry’s privacy policies or compliance with California’s privacy law.” And emphatically: “Automakers are committed to protecting consumer privacy and vehicle data. Full stop.” Fair critique or deflection? Time—and more reports—will tell.
Key Takeaways from the Privacy4Cars Report
- The median privacy score for automakers’ websites and portals is a low 1.7 out of 5, highlighting widespread deficiencies in user data controls.
- Honda’s dramatic improvement from 0.8 to 4.6 demonstrates the direct impact of regulatory fines on privacy practices.
- Brands like Subaru (3.8), Polestar, and Rivian (both 3.3) show that some automakers are ahead without enforcement, but most lag behind.
- Quick fixes by Ford, Polestar, Rivian, and Volvo post-report underscore that change is feasible when pressure is applied.
- Privacy could become a competitive differentiator, fostering innovation in data protection across the industry.
This isn’t isolated progress; it’s part of a mounting wave of scrutiny on automakers’ data gluttony. Take General Motors (GM), slapped by the Federal Trade Commission (FTC) in January 2025 for sharing drivers’ precise location and driving behavior data without proper consent. The FTC’s order bans such practices and mandates robust privacy programs, with potential civil penalties up to $51,744 per violation if ignored. GM’s woes echo a broader FTC warning: Car manufacturers must halt unlawful data collection and use, or face the regulatory hammer. And lawsuits are piling up—GM faces class actions over data-sharing in connected vehicles, signaling that consumers are revving up for justice.
Honda’s case isn’t the first CCPA rodeo, either. The California Privacy Protection Agency (CPPA) has been aggressive, with fines up to $2,500 per violation ($7,500 if intentional), as seen in their enforcement against Honda for mishandling 153 cases alone. Experts warn this is just the tip of the exhaust pipe: Connected cars, with their always-on sensors, pose massive risks in an increasingly litigious landscape. Remember, these violations aren’t abstract—they mean your commute data could end up in marketers’ hands, insurers’ algorithms, or worse, cybercriminals’ clutches.
Steps Consumers Can Take to Protect Their Car Data
- Review your automaker’s privacy portal: Check for opt-out options for data sharing and sales, as highlighted in the Privacy4Cars criteria.
- Submit data deletion requests: Use the website tools to erase personal information, especially location and driving history.
- Disable unnecessary connected features: Turn off apps or services that track you without clear benefits, like remote diagnostics if not needed.
- Monitor for updates: After reports like this, revisit portals for improvements and exercise new rights promptly.
- Support stronger regulations: Advocate for nationwide privacy laws by contacting lawmakers or joining consumer groups to extend CCPA-like protections.
As privacy advocates, we must applaud these nudges but demand more. Regulation works, as Honda’s leap proves, but voluntary compliance is a myth without teeth. Automakers: Ditch the data-hoarding default and build privacy by design. Consumers: Scrutinize those portals, file those opt-outs, and support stronger laws like expansions of CCPA nationwide. If we turn privacy into a selling point—imagine ads boasting “Zero Data Leaks Guaranteed”—we could transform cars from surveillance machines into secure sanctuaries. The road ahead is bumpy, but with reports like this lighting the way, we’re finally shifting gears toward a privacy-positive future. Buckle up; the drive for data rights is accelerating.
