When you buy a new car today, you’re not just buying a vehicle. You’re signing up for something closer to a subscription surveillance service, except you don’t get a discount for participating, and nobody asks for your permission.

The comparison to smart TVs isn’t a stretch. Before Walmart completed its acquisition of the company, Vizio’s financial reports revealed that the majority of its gross profit came from selling viewer data and advertising, not from selling physical televisions.

New vehicles now operate on a similar model, and most drivers have no idea it’s happening. Like TVs, the hardware (i.e., your car) is one thing, but your driving habits might be the actual product.

What your car is collecting

“Privacy nightmare on wheels”

Modern connected vehicles are packed with sensors, cameras, microphones, GPS systems, and onboard computers. Many of these systems are twofold: they keep the vehicle in a safe working condition and serve the driver on a daily commute, but they can also serve the manufacturer and its end goals.

Your car can log where you go, when you leave, how hard you brake, how often you speed, and whether you drive during the day or night. Some systems go further. Cameras monitor facial expressions to detect drowsy or distracted driving, issuing a warning when you look away from the road for too long. Always-on microphones capture audio inside the cabin. When you connect your smartphone, the vehicle can pull your contact list, call history, and text messages, linking them back to your account with the manufacturer.

A Mozilla Foundation report, titled *Privacy Not Included, found that none of the 25 major automakers it assessed met basic standards for data transparency, user control, or security. The researchers found that 84% of those brands share or sell driver data, and 92% give drivers little to no control over what is collected. The data your car generates is not just sitting on a server somewhere. It is being packaged, sold, and used in ways most car buyers never anticipate.

“Many people think of their car as a private space—somewhere to call your doctor, have a personal conversation with your kid on the way to school, cry your eyes out over a break-up, or drive places you might not want the world to know about,” said Jen Caltrider, Program Director of the *Privacy Not Included report. “But that perception no longer matches reality. All new cars today are privacy nightmares on wheels that collect huge amounts of personal information.”

Where your data goes

Many drivers are simply unaware

Credit: Chevrolet

GM previously used its OnStar Smart Driver feature to track driver behavior, including instances of hard braking, late-night driving, and speeding, as often as every three seconds. That data was sold to consumer reporting agencies, which passed it along to insurance companies. Drivers found out only when their premiums went up, or their coverage was denied.

As one consumer stated in an FTC complaint after confronting a GM customer service representative: “When I signed up for this, it was so OnStar could track me. They said nothing about reporting it to a third party. Nothing. […] You guys are affecting our bottom line. I pay you, now you’re making me pay more to my insurance company.”

The Federal Trade Commission filed a complaint against GM and OnStar and eventually finalized a settlement order. GM now faces a five-year ban on sharing geolocation and driver-behavior data with consumer reporting agencies, alongside a 20-year consent order requiring explicit permission before collecting or sharing connected-vehicle data. California followed with a separate $12.75 million civil penalty under its consumer privacy law, the largest ever under the California Consumer Privacy Act.

For context, however, GM reportedly earned roughly $20 million from data sales over a four-year period, meaning the fine still falls short of what it made from selling drivers’ information in the first place. Furthermore, the FTC settlement carries no financial penalty at the federal level, a stark reminder for some that federal consumer protection in this space still lacks real teeth.

GM is not the only example either. The Texas attorney general sued Allstate and its subsidiary Arity for allegedly collecting and selling the driving data of more than 45 million people without consent.

Meanwhile, Connecticut’s attorney general issued dozens of violation notices in 2025 under the state’s data privacy law, with connected vehicles and location data listed as a specific enforcement focus. Likewise, Oregon updated its privacy law in September 2025 to cover all automakers operating in the state, regardless of size, closing a loophole that had allowed smaller manufacturers to avoid compliance.

The value exchange that isn’t

New vehicles are more expensive than ever

Credit: drazenphoto | Envato Elements

When you stream content on a smart TV and the manufacturer sells your viewing data, at least you can argue the hardware was cheaper because of it. You may not love the arrangement, but there is a beneficial trade-off.

With cars, there is no such trade-off. The average new-vehicle transaction price is hovering at or near $50,000 today, the highest it has ever been in the automotive industry. It seems the days of ultra-affordable cars have passed, and even a six-figure salary may not leave enough margin when factoring in the total cost of vehicle ownership.

You may also pay a monthly subscription for the connected services that collect the data in the end. And then the automaker profits from selling your data on top of that.

Opting out is not exactly straightforward either. For example, Tesla warns in its privacy notice that disabling data collection “may result in your vehicle suffering from reduced functionality, serious damage, or inoperability.” In essence, the features that make a car worth buying are the same ones that mine your data.

What you can do

GM vehicle owners have some recourse

Credit: mstandret | Envato Elements

The options for protecting your data are limited, but they exist:

• Scour the settings: Start with your vehicle’s privacy settings, which are typically buried in the infotainment system or the manufacturer’s connected app. Look for data-sharing toggles, telematics settings, and anything tied to insurance or third-party services. Turn off what you can.

• Check the policy: Read the privacy policy before activating any connected feature. This is tedious, for sure, but any data-sharing disclosures are hidden in the fine print.

• Call back your data: If you own a GM vehicle and used OnStar Smart Driver, you can request a copy of your data or ask for it to be deleted through GM’s consumer privacy portal. The FTC order requires GM to make that option available to all U.S. consumers.

Both a privacy and a safety concern

The auto industry has operated with little oversight on data collection, although that is changing. The FTC has signaled that vehicle-generated data is now treated as sensitive consumer information rather than a byproduct of innovation. State-level enforcement is accelerating, with multiple states taking legal action.

But regulation moves more slowly than technology, and automakers still hold pools of collected data that no consent order can reach retroactively. Just like your television knows what you watch, your car knows where you live, where you work, when you leave, and how you get there. That data, in the wrong hands, is not just a privacy issue. It’s a safety one.