Ad-free. Influence-free. Powered by consumers.

Skip to Main Content

Suggested Searches

Recent Searches

Clear History

Suggested Searches

Product Ratings

Resources

CHAT WITH AskCR

Resources

All Products A-Z
Your membership has expired

The payment for your account couldn't be processed or you've canceled your account with us.

Re-activate
Favorites
Donate

Save products you love, products you own and much more!

Save products icon
Become a Member Upgrade

Other Membership Benefits:

Savings icon Exclusive Deals for Members Best time to buy icon Best Time to Buy Products Recall tracker icon Recall & Safety Alerts TV screen optimizer icon TV Screen Optimizer and more
Savings icon Exclusive Deals for Members Best time to buy icon Best Time to Buy Products Recall tracker icon Recall & Safety Alerts TV screen optimizer icon TV Screen Optimizer and more
Become a Member Upgrade
Cars Home & Garden Appliances Electronics Babies Digital Security Deals Money Travel Health & Wellness Kids Pet Products News Bill Negotiator All Products A-Z
 
Sign In
Become a Member
Explore categories

Cars

Car Research

Ratings & Reviews
SUVs Hybrids/EVs Luxury Cars & SUVs Sedans & Hatchbacks Minivans & 3-Row SUVs Pickup Trucks Used Cars Electric Bikes Bike Racks Car Insurance
All Car Research
All Car Research
Buying Advice & Tools
10 Most Satisfying Cars 10 Most Reliable Cars Best Cars for Short or Tall Drivers Best Cars for Teen Drivers Best Used Cars Interactive Car Finder
2025 Top Picks

CARS

2025 Top Picks

Car Buying & Pricing

Best Car Deals Now
Best SUVs Under $30K Best Deals on SUVs Best Deals on Fuel-Efficient Cars Leasing vs. Buying Car Loan Advice How to Buy a New Car Now
All Car Buying & Pricing
All Car Buying & Pricing
Member Savings & Tools
Car Buying Guide Build & Buy Car Buying Service Trade-in Estimator Used Car Marketplace
Which Car Brands Make the Best Vehicles?

Which Car Brands Make the Best Vehicles?

Tires, Maintenance & Repair

Ratings & Reviews
Tires Tire Retailers Car Batteries Car Repair Shops Car Seats
All Tires, Maintenance & Repair
All Tires, Maintenance & Repair
Ownership Advice
Find Car Recalls Make Your Car Run Longer Inspect Belts and Hoses Car Repair Assistant Find the Best Car Insurance
Car Reliability Guide

Car Reliability Guide

Key Topics & News

Car Safety
Car Recalls Car Seats Car Safety Guide Safety System Glossary
All Key Topics & News
All Key Topics & News
Fuel Efficiency
Should You Go Hybrid/EV? Save Money at the Pump Most Fuel-Efficient Cars EV Incentives Fuel Efficiency Guide
Listen to the Talking Cars Podcast

CAR NEWS

Listen to the Talking Cars Podcast

All Cars
All Cars

Home & Garden

Bed & Bath

Ratings & Reviews
Mattresses Sheets Pillows Toilets Bidet Seats Curling Irons Hair Dryers
All Bed & Bath
All Bed & Bath
Ownership Advice
Cleaning Your Mattress Organize Your Linen Closet Under-the-Bed Storage
Best Mattresses

Top Picks From CR

Best Mattresses

Lawn & Garden

Ratings & Reviews
Lawn Mowers & Tractors Charcoal & Gas Grills Leaf Blowers Pressure Washers String Trimmers Floodlight Cameras Chainsaws Snow Blowers
All Lawn & Garden
All Lawn & Garden
Ownership Advice
Best Charcoal Grills Fix Hidden Dangers in Your Home 5 Expert Tips for Staining a Deck
Best Lawn Mowers and Tractors

TOP PICKS FROM CR

Best Leaf Blowers

Home Improvement

Ratings & Reviews
Decking Door Locks Flooring Generators Paints Security Cameras Security Systems Wood Stains Windows
All Home Improvement
All Home Improvement
Ownership Advice
Protect Your Biggest Investment Best Smart Lightbulbs How to Improve Indoor Air Quality
Best Whole-House Generators

Rated and Reviewed

Best Whole-House Generators

Home Safety & Security

Ratings & Reviews
Door Locks & Smart Locks Home Security Cameras Home Security Systems Smoke & CO Detectors
All Home Safety & Security
All Home Safety & Security
Safety Advice
Storm & Emergency Guide Generator Safety Tips Protect Against Indoor Air Pollution
Best DIY Home Security Systems

Survey Results

Best Homeowners Insurance Companies

All Home & Garden
All Home & Garden

Appliances

Kitchen

Ratings & Reviews
Cooktops Countertops Dishwashers Freezers Microwave Ovens Wall Ovens Ranges Refrigerators
All Kitchen
All Kitchen
Ownership Advice
Tips for Doing Laundry Organizing Your Kitchen Make Your Dishwasher Last
Most and Least Reliable Refrigerators

SURVEY RESULTS

Most and Least Reliable Refrigerators

Small Appliances

Ratings & Reviews
Air Fryers Blenders Breadmakers Coffee Makers Electric Kettles Food Steamers Food Processors Rice Cookers Knives
All Small Appliances
All Small Appliances
Cooking Advice
Small Kitchen Essentials Cleaning Cast Iron Kitchen Appliances for $100 or Less
Best Coffee Makers

TOP PICKS FROM CR

Best Coffee Makers

Laundry & Cleaning

Ratings & Reviews
Air Purifiers Vacuums Robotic Vacuums Washing Machines Clothes Dryers Washer/Dryer Pairs Pressure Washers Steam Mops Laundry Detergents
All Laundry & Cleaning
All Laundry & Cleaning
Laundry & Cleaning Advice
Don't Use Vinegar Here Cleaning a Dirty Oven How to Reduce Indoor Allergens Repair or Replace: Washer
Best Washing Machines

Top Picks From CR

Best Washing Machines

Heating, Cooling & Air

Ratings & Reviews
Air Conditioners Air Filters Air Purifiers Central Air Conditioners Dehumidifiers Thermostats Water Heaters Space Heaters
All Heating, Cooling & Air
All Heating, Cooling & Air
Ownership Advice
Are Smart Thermostats Worth It? 4 Reasons to Consider a Heat Pump Protect Against Indoor Air Pollution
Best Air Purifiers

TOP PICKS FROM CR

Best Air Purifiers

All Appliances
All Appliances

Electronics

Home Entertainment

Ratings & Reviews
TVs Wireless & Bluetooth Speakers Soundbars Streaming Media Players Headphones
All Home Entertainment
All Home Entertainment
Media Advice
Streaming Services Guide Best Streaming Music How to Clean Your Flat-Screen TV
Best TVs

FIND YOUR NEW TV

Best TVs

Home Office

Ratings & Reviews
Laptops Desktop Computers Printers Computer Monitors Tablets Wireless Routers
All Home Office
All Home Office
Set Up Advice
Organize Your Home Office Choosing a Standing Desk Best Office Chairs
Best Printers From CR's Tests

Rated and Reviewed

Best Printers From CR's Tests

Smartphones & Wearables

Ratings & Reviews
Smartphones Smartwatches Headphones Cameras
All Smartphones & Wearables
All Smartphones & Wearables
Tech Advice
Choosing a Cell Phone Mount Filter Social Media Apps Pre-Owned Tech: Yes or No?
Best Workout Earbuds for Your Fitness Routine

Top Picks From CR

Best Workout Earbuds for Your Fitness Routine

All Electronics
All Electronics
Babies

Digital Security

Digital Security & Privacy

Ratings & Reviews
Antivirus Software Crypto Wallets Password Managers Wireless Routers Home Security Cameras Home Security Systems
All Digital Security & Privacy
All Digital Security & Privacy
Safety Advice
Google Privacy Settings 30-Second Privacy Fixes What Is Smishing? Identity Theft Advice Permission Slip App Security Planner
One app to take back control of your data

CR PERMISSION SLIP APP

One app to take back control of your data

All Digital Security
All Digital Security
Deals

More

Money Travel Health & Wellness Kids Pet Products News Bill Negotiator All Products A-Z
All Products A-Z
About Us
Our Mission

Take Action

Get involved
Volunteer With Us Add Your Voice Join a Research Project Attend an Event
Issues we work on
Food Safety Car Safety & Efficiency Data Privacy Financial Fairness
Donate

    Your Car May Be Spying On You. Here’s How to Get It to Stop.

    General Motors was reprimanded by the federal government for collecting customers’ driving data and sharing it with other companies. Yet the practice continues among other big automakers.
    Illustration of watchful eyes glowing out of a car's dashboard with a person's hands on the steering wheel. Illustration: Lacey Browne/Consumer Reports, Getty Images

    If you drive a car made in the past five years, chances are it’s collecting reams of data about your driving—things like how quickly you accelerate, how hard you hit the brakes, and how fast you turn corners. 

    But many people don’t know that this data is being amassed—much less where it goes or how it’s used. General Motors was penalized in January for allegedly using its Smart Driver program to collect and sell its customers’ driving data without their knowledge or permission. The Federal Trade Commission ordered the automaker to not sell driver data for five years to consumer reporting agencies (or credit bureaus) such as Experian, Equifax, and TransUnion. But a Consumer Reports investigation finds that nearly every automaker that sells cars in the U.S. is similarly collecting and sharing so-called “driver behavior data” with other companies and continues to do so.

    The end result is that your driving data often winds up in the hands of multiple companies and can be used to influence the insurance premiums and auto loan terms you’re offered online.

    In this article Arrow link
    More on Car Insurance and Privacy
    Letting Your Car Insurance Company Monitor Your Driving With Telematics Can Save You Money but Raises Privacy Concerns
    How to Clear Your Personal Data From a Car
    How to Lower Your Car Insurance Rates
    Best Car Insurance Companies
    CR's Car Insurance Ratings & Buying Guide

    To determine this, CR dug through thousands of pages of automakers’ privacy policies and asked questions of 15 different automakers—BMW, Ford, General Motors, Honda, Hyundai, Kia, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Stellantis, Subaru, Tesla, Toyota, and Volkswagen. We also reviewed corporate, regulatory, and legal filings from data brokers operating in the “insurtech” industry—the technology companies and data brokers that help insurance companies set their rates. And we spoke to several car privacy experts, who, at industry conferences and in market reports, have described the profit potential of individual driving data as the “new oil.”

    We found that while some automakers may obtain your “permission” to collect your driving data, you may agree without knowing you’ve done so. For example, after buying a new car, when you first turn on the infotainment system—the onboard display that can allow you to control heat and AC, GPS navigation, music, and more—you are usually shown a series of consent forms, including ones about privacy policies. Those forms can also pop up on a connected mobile app. Many of us simply accept their terms without reading through them.

    “Data about how and where you drive your car is very personal and sensitive, and companies should only be collecting and sharing that data when it’s necessary for a service a consumer has requested,” says Justin Brookman, CR’s director of technology policy. “Burying something in a legal agreement or where they’re not likely to notice isn’t real consent and automakers should knock it off.”

    The companies on the receiving end of your data, our investigation has found, include car insurers and lenders that are partners in “telematics data exchanges,” which compile driving data on millions of drivers, thousands of data brokers that create personalized risk scores, companies selling infotainment and WiFi hotspot products, and even local and state government agencies working on planning, traffic, and safety initiatives.

    For example, Mitsubishi’s roadside assistance app, Road Assist+, partners with authorized towing companies but was developed in collaboration with LexisNexis Risk Solutions, one of the nation’s largest data brokers. LexisNexis takes the app data, which includes hard braking, nighttime driving, and highway and local “speeding events,” and puts it on its telematics exchange that counts dozens of car insurance companies as paying partners. Mitsubishi itself never sees the road assistance data.

    LexisNexis Risk Solutions said in a statement that it helps drivers obtain “personalized” car insurance rates at a time when premiums are rising. Tracking driving data also has the added benefit of encouraging people to drive more safely, the company said. “We agree consumers need to better understand what data is being collected and how it can be used,” LexisNexis said in the statement. “When it comes to insurance, many consumers surveyed say they are willing to share their driving data with the understanding that doing so may lead to reduced insurance premiums.” (Consumers who are interested in what driving data has been collected about them can request their LexisNexis reports.)

    Toyota says it doesn’t directly sell driver data to third-party companies but acknowledges it has an “affiliate” company—Connected Analytic Services—that, as a consumer reporting agency, is legally allowed to sell driving data to insurers with a customer’s consent through a feature on Toyota’s mobile app. CAS, the Toyota affiliate, has also partnered with Arity, a data aggregator that was started by Allstate Insurance, to embed its mobile tracking software in a handful of popular driving and gas price apps.

    “There’s just a sea of data floating around and there are very few safeguards about how and where it’s shared,” says Michael DeLong, a researcher on telematics with the Consumer Federation of America.

    In response to questions from CR about their privacy policies, many of the 15 automakers said they oftentimes share “deidentified” driving data—without names, addresses, and Social Security numbers—to limit the amount of personal information being sent, seek consent before sharing driving data with third-party companies, and, in most cases, limit sharing to just their company affiliates and service providers. But almost every automaker declined to name the specific companies they share driving data with.

    Here’s a peek into what driving data is collected, shared, sold, and used, and how you can opt out and delete it from your car and connected mobile device.

    How Your Car Data Becomes a Treasure Trove

    For years, some car insurers have offered their customers the option of getting a discount on their premiums for agreeing to share their driving data. To collect it, insurance companies would typically have you install a plug-in device on your car dashboard or download a smartphone app that tracked your location and speed. 

    By the 2020s, these telematics programs were becoming outdated. Vehicle internet-connected onboard computer systems now allowed automakers to more easily collect even more detailed driver behavior data—precise measurements of how fast you drive or how hard you hit the brakes or the accelerator pedal, among hundreds of other behaviors.

    Automakers can use this data to understand how crashes happen and improve car safety features. But for them, collecting it also came to make sense from a business perspective. For example, at a 2023 industry conference in Detroit, a Hyundai executive said that customers who had the company’s Bluelink app were more likely to spend money to get their cars repaired at Hyundai dealerships and stay loyal to the brand. “We have seen that our current connected customers, on average, spend a certain percentage more with our company,” said the executive, Vijay Rao.

    Both automakers and car insurance companies, in turn, use the aggregated data to create driver scores, which can be likened to credit scores. They “paint a picture about how risky a consumer is,” says Andrea Amico, who started Privacy4Cars in 2014 to allow people to find out what data has been collected about them by their car company. 

    Low driver scores can result in higher costs. The Consumer Federation of America, which researches car insurance telematics programs, says driver scores could, for example, unfairly increase rates for lower-income workers who work night shifts—a phenomenon that often disproportionately affects Black and Latino consumers. Similarly, data about the neighborhood you live in and where you drive can also be used against you. Just a few states—California, North Carolina, and Rhode Island—prohibit the use of most or all driver data to raise drivers’ insurance premiums.

    Many drivers know little about the data brokers, or “vehicle data hubs,” that store their driving data. Most data brokers rarely broadcast who they are or what they do.

    “The fact that there are so many companies interacting with private data that the car owner has no relationship with is exactly why car companies sharing with third parties is a problem,” says Thorin Klosowski, who researches digital privacy issues for the nonprofit Electronic Frontier Foundation. “Your driving data goes to a half a dozen companies you’ve never even heard of for reasons you’d perhaps never agree to if asked directly.”

    LexisNexis Risk Solutions has partnerships with car companies like Kia and Mitsubishi, and has had one with Subaru. But it likely has a much bigger share of the driving data market than what’s publicly known. In a 2023 annual report, LexisNexis Risk Solutions said 86 percent of new U.S. auto insurance policies issued that year benefited from its products. Its revenue has climbed to more than $3 billion in 2023, with just under 40 percent of its business attributed to insurance clients. 

    Data brokers are being newly scrutinized, prompted, in part, by investigations by The New York Times, The Markup, and nonprofit groups into what driving data is being quietly collected, with little in the way of warnings or requests to consent to that data being shared. In January, the Texas Attorney General’s office sued Allstate and one of its subsidiaries, Arity, for allegedly collecting, using, and selling driving data of roughly 45 million Americans through embedded software on smartphone apps, which regulators say wasn’t properly disclosed to users. The apps that Allstate contracted with include Life360, billed as a family location safety app, and GasBuddy, which helps users find prices and discounts at gas pumps.

    Yet many telematics programs and apps are still shrouded in secrecy even as driving data is bought, shared, and sold at dizzying rates. After the state of Oregon passed a new privacy law that went into effect in July 2024, allowing its residents to request a list of all companies that their personal data is shared with and sold to, nearly 400 Oregon residents asked Privacy4Cars to file such requests with carmakers last year.

    Not a single automaker responded to Privacy4Cars with a list of companies, despite multiple requests.

    In the future, some automakers could be forced to disclose more info about where your driving data is going. As part of its settlement with the FTC, General Motors is banned from selling driving data to consumer reporting agencies and will soon publish an online, regularly updated list of all other third-party companies it is sharing driver data with. GM, which discontinued Smart Driver before its government settlement was announced, said the new disclosures and other changes should give “customers more transparency and control.”

    But GM’s ban and published list might not do much to reduce the sharing and selling of driving data or help drivers’ insurance premiums. Even the Consumer Data Industry Association, an industry trade group that supports data brokers, thinks so. In a letter sent this month to the FTC, the CDIA said, “Driving behavior data will still be used [emphasis theirs] in the marketplace, and it will still impact consumers’ insurance premiums.” The letter continued, “While consumers will know that they gave consent to GM to share data with insurers, they will not know if this data was even considered, if that data had an adverse effect, or even if GM was the source of that data.”

    Numerous cars seen on a highway at night.

    Photo: David McNew/Getty Images Photo: David McNew/Getty Images

    How to Opt Out of Sharing and Delete Your Driver Behavior Data

    In 2020, California became the first state to require companies to let their customers opt out of having their data collected, shared, and sold. Since then, 15 other states have followed California’s lead, enacting similar privacy laws and three more have laws set to go into effect in 2026. (For a state-by-state breakdown of your privacy rights, check out this guide from the International Association of Privacy Professionals.

    As a result of those state laws, some companies, including a number of automakers, allow consumers across the U.S. to submit requests to limit the use of, opt out of sharing, and delete their personal data. Other automakers limit these requests to states with applicable privacy laws.

    Consumer Reports is working to pass stronger privacy laws and petition automakers not to sell your data. Meanwhile, to limit the use of, opt out of sharing, and delete your data, there are three separate requests you can submit with your car company. They are often referred to by the following names: “Right to Opt Out,” “Right to Limit the Use and Disclosure of My Sensitive Personal Information,” and “Right to be Deleted” requests. (There are other requests you can make to simply review the data that they have already collected about you to correct potentially inaccurate information.) 

    Each automaker has a slightly different way for you to submit these requests—usually by filling out an online form or changing your privacy settings through a mobile app connected to your vehicle. There is almost always a trade-off when you opt out of sharing your data with your car company, including losing access to features like roadside assistance or crash detection or the ability to remotely lock your doors from your smartphone.

    The three types of requests and how you can submit them:

    Right to Limit the Use and Disclosure of My Sensitive Personal Information
    This is a request to limit the use of your sensitive personal information—say, your driver’s license number, precise geolocation data, and biometric data, such as fingerprints and iris eye scans, to name a few—only in “necessary” or “reasonably expected” situations—for example, in response to a search warrant or subpoena from a law enforcement agency.

    Right to Opt Out
    This is a request to stop selling or sharing your personal info and data with any third-party company. This request covers both the initial recipient of your data—the automaker—and companies they share and sell the data to, including data brokers and insurance companies.

    Right to Delete
    This is a request to have your personal info and data “permanently and completely” deleted by the automaker, any service provider, third-party companies, and contractors. There are a few exemptions under federal and state laws, such as tax records and ownership info. 

    There are two good ways to go about filling out and submitting these requests:

    Fill out an online form. Each automaker has its own privacy pages to submit these requests, and they differ slightly. We’ll use Subaru’s online privacy portal as an example. After filling out the required fields for name, home address, email address, and phone number, and an optional field for your car’s 17-digit VIN number, you select the specific privacy request(s) you want to make. You can read the description of each request type by clicking on the box on the left.

    Change your privacy settings through a connected mobile app. Many digitally connected vehicles have synced mobile apps that control a customer’s data privacy settings. For example, Toyota and Lexus customers can log into the mobile app, select the person icon in the top right corner, select “Account,” select “Data Privacy Portal,” and select the vehicle for which they would like to change the settings.

    This allows you to opt out of your data being collected and shared but it doesn’t delete the data. Other mobile apps allow you to turn off location sharing. For example, the Mitsubishi’s RoadAssist+ app, users go to the app’s settings menu and turn off the toggle switch for “Trip Recording.”

    Editor’s Note: Our work on privacy, security, AI, and financial technology issues is made possible by the vision and support of the Ford Foundation, Omidyar NetworkCraig Newmark Philanthropies, and the Alfred P. Sloan Foundation.

    Derek Kravitz, Deputy, Special Projects at Consumer Reports

    Derek Kravitz

    Derek Kravitz is an investigative journalist on the special projects team at Consumer Reports. He joined CR in 2024, covering the digital marketplace. He has worked as a reporter and editor for more than 15 years and teaches at Columbia University. Three projects he has worked on, for The Washington Post and ProPublica, have been finalists for the Pulitzer Prize. Send him tips or feedback at [email protected] or via Signal: @derek_kravitz.31

    Trending in Personal Information

    How to Wipe a Computer Clean of Personal Data

    Computer with sponge wiping screen clean

    Should You Use Passkeys Instead of Passwords?

    Passkey logo with lock and key against a computer browser.

    How to Remove Your Contact Info From Online People-Search Sites

    Ominous illustration depicts many eyes peering at sensitive documents

    Services That Delete Your Data From People-Search Sites Don’t Work Very Well, Study Finds

    photo illustration of finger pointing to screen with green check mark and light shining from screen, two screens with red x marks on either side