Australia’s Privacy Commissioner is actively investigating two car manufacturers amid growing concerns about how automakers collect, use, and potentially misuse driver data. This action comes after previous investigations were closed due to insufficient evidence for prosecution. The investigations highlight a global debate over the privacy implications of “connected cars” – vehicles equipped with internet access and extensive data collection capabilities.
Rising Global Scrutiny of Automotive Data Practices
The investigations were revealed during a Senate estimates hearing, where Commissioner Carly Kind confirmed the existence of ongoing inquiries into two Asian-based automakers. This follows broader international skepticism towards vehicle data security. The US, for example, banned certain software and hardware from Chinese and Russian manufacturers in 2024, effectively restricting Chinese brands from the lucrative American market. Australia previously took a similar stance in 2018, barring Huawei from 5G infrastructure rollout over national security fears.
Canada’s Ontario premier, Doug Ford, recently warned against the influx of Chinese vehicles, referring to them as “spy cars,” further illustrating the global tension around data security in automobiles. These moves signal a growing trend: governments are increasingly wary of foreign-made vehicles due to the potential for data exploitation.
The Scale of Data Collection and Privacy Risks
Connected cars collect an alarming amount of personal information, including location data, voice recordings, driving behavior, and more. In 2025, Commissioner Kind warned that overcollection of this data poses “significant privacy risks.” The sheer volume of data makes vehicles attractive targets for malicious actors who could misuse it for surveillance, tracking, or financial gain.
A 2024 investigation by Australian consumer advocacy group CHOICE found that some car companies openly sell driver data – including sensitive information – to third parties, including advertisers and even AI firms in the United States. Dr. Vanessa Teague, a privacy expert, described these practices as “totally unacceptable” and argued for stronger regulations or enforcement of existing privacy laws.
The Need for Clearer Regulations
Currently, many connected car features operate on an “opt-out” basis, meaning drivers must actively disable data collection rather than explicitly consent to it. Privacy advocates argue this is insufficient, calling for mandatory “opt-in” requirements for data-intensive features and outright bans on certain practices. The lack of clear legal frameworks allows automakers to exploit loopholes, leaving consumers vulnerable to unchecked data harvesting.
The ongoing investigations in Australia reflect a wider recognition that the current regulatory landscape is failing to keep pace with the rapid evolution of connected car technology. Without stronger safeguards, drivers risk having their personal data commodified without their knowledge or consent.
