Why Your Car Is a Privacy Nightmare in 2026 (And How to Opt Out in the EU)
Modern cars are essentially smartphones on wheels, collecting vast amounts of data. Here is what they track and how to use GDPR to fight back.
If you’ve bought a new car in the last five years, you didn't just buy a vehicle. You bought a two-ton smartphone that tracks everywhere you go, how fast you get there, and what you listen to along the way.
We've spent a lot of time locking down our phones and browsers, but most of us don't think twice before syncing our contacts to a rental car or agreeing to a 50-page Terms of Service screen on our dashboard.
Let’s talk about what your car actually knows about you, why automakers are so desperate for this data, and how you can use EU privacy laws to shut it down.
Your Car is a Data Broker's Dream
Automakers have quietly transitioned from selling metal to selling data. And the scope of what they collect is staggering.
Here is what the average connected car is logging right now:
- Location data: Every trip, every stop, every parking spot.
- Driving habits: How hard you brake, how fast you accelerate, and whether you speed. (Insurance companies love this).
- Biometrics and Cabin Data: Weight sensors in the seats, microphones listening for voice commands, and cameras watching your eye movement.
- Synced Phone Data: Contacts, call logs, and sometimes even messages.
In Europe, GDPR is supposed to protect us from the worst of this. But automakers often hide behind "legitimate interest" or bury consent in agreements you have to sign to use basic features like remote start.
The Insurance Hustle
Why do they want this data? Money. Automakers sell "driving behavior" data to data brokers, who then sell it to insurance companies.
If you've noticed your premiums creeping up despite not having an accident, your car might be snitching on you for braking too hard at roundabouts.
How to Take Back Control (The European Way)
If you live in the EU or UK, you have a massive advantage: the GDPR. You don't have to just accept this surveillance. Here is your action plan.
1. The GDPR Delete Request
You have the right to know exactly what your car manufacturer has on you, and the right to tell them to wipe it.
Send an email to the Data Protection Officer (DPO) of your car brand. You can usually find their address in the privacy policy on their website.
Use a template like this:
"Under Article 15 of the GDPR, I am requesting a copy of all personal data collected by [Car Brand] linked to my VIN [Your VIN] and my account. Furthermore, under Article 17, I request the deletion of all telematics, location, and driving behavior data not strictly necessary for the immediate safety operation of the vehicle."
2. Disconnect the App
Do you really need to start your car from your phone? If the answer is no, delete the manufacturer's app from your phone and revoke its permissions.
3. Opt-Out in the Dashboard
Spend 10 minutes digging through your car’s infotainment settings. Look for menus labeled "Privacy," "Data Sharing," or "Connected Services." Turn off everything related to "product improvement," "third-party sharing," or "insurance discounts."
4. Stop Syncing Contacts
When you connect your phone via Bluetooth, the car will ask to sync your contacts and call history. Hit No. You can still play music and take calls without handing over your entire address book. If you're using a rental car, never sync your contacts, and always delete your phone from the Bluetooth menu before returning it.
The Bottom Line
Your car should get you from point A to point B, not serve as a data-harvesting node for insurance companies. By taking a few minutes to opt out and exercising your GDPR rights, you can cut off the data tap.
Take back your privacy. It's your car, not theirs.