8 hours ago
6
Australia’s privacy watchdog is currently in the middle of an investigation into two car makers based in Asia, claiming they collected personal driver information through internet-connected cars.
In February 2026, Australia’s Privacy Commissioner, Carly Kind, spoke at a Senate Hearing, where she confirmed that the Office of the Australian Information Commissioner (OAIC) had launched two official inquiries, while a further two investigations were dropped.
A spokesperson for the OAIC told Drive that its investigations into the two Asia-based manufacturers are about the car makers' collection practices, including “whether they collect more personal information than is reasonably necessary for their functions and features”.
Additionally, the OAIC is looking into whether the two car makers obtained valid consent and whether they have used or disclosed this information “for secondary purposes without consent or a valid exception”.
As per a 2024 Drive report, some car makers in the US were allegedly collecting personal driver information and passing it on to external data brokers, who in turn sold the data to insurance companies.
“Overcollection and unnecessary retention of personal information creates risk to personal security and privacy,” an OAIC spokesperson told Drive.
“Location data in particular, which connected vehicles have the potential to easily collect, is a specific category of data that presents clear privacy concerns,” they said.
The OAIC could not provide an update and did not disclose which manufacturers were under investigation, but said it aimed to complete its report within 18 months.
While driver location is a major concern among regulators, experts have said connected cars can harvest other private information.
Australian cybersecurity and intelligence specialist Simon Smith told Drive: “Modern connected vehicles collect far more than most drivers realise, and GPS is only a small part of it. Many infotainment systems will also ingest contacts, call logs, and message metadata the moment a phone is paired".
“The real concern is the creation of a highly detailed behavioural fingerprint of an individual – where they go, how they drive, who they interact with, and at what times.
"In some vehicles, it also includes audio and camera inputs. Tesla is a useful real-world example, with multiple external cameras that continuously capture footage around the vehicle and an internal cabin camera used for driver monitoring and feature development," he explained.
Smith, who’s spent over two decades in cybercrime forensics, said the category of personal data being collected by some connected cars is also used in other serious criminal proceedings, such as murder or kidnapping, where this kind of data is "used to reconstruct a person’s movements with remarkable precision”.
“When that level of data is harvested at a scale and not properly governed, the risks are misuse, unauthorised access, and breaches involving deeply sensitive location and lifestyle information,” he said.
At a 2025 University of New South Wales (UNSW) workshop, Privacy Commissioner Carly Kind said the issue is further compounded by the fact that the onus to delete private driver data lies with individuals rather than the manufacturer.
“Where a car has a shared use or has been sold, it is often left to the past users to delete their accounts to prevent any unauthorised access – future users might be able to access data about the past user, such as information on the dashboard obtained from pairing a smartphone, previous ‘home’ addresses or past trips,” she said.
“There have also been cases where alleged perpetrators of domestic violence have used connected services to track their former partners.”
‘Take the time to research’
While most drivers feel like they have no proper control over their own private data, an OAIC spokesperson advised motorists to do their due diligence before buying a connected vehicle.
“It’s important for Australians to take the time to research the security and private credentials, or to seek trusted reviews of items and services they intend to purchase,” they told Drive.
“Connected vehicle manufacturers are required to outline how they collect, retain and share personal information in their privacy policy.”
While Smith acknowledged drivers cannot eliminate their data entirely, there are meaningful ways to reduce exposure.
"The practical steps I would suggest are to work through the vehicle's privacy settings carefully, disable any data sharing or telemetry that is not essential to the safe operation of the car, avoid syncing contacts or unnecessary apps, and remove any old paired devices that are no longer in use," he told Drive.
Ethan Cardinal graduated with a Journalism degree in 2020 from La Trobe University and has been working in the fashion industry as a freelance writer prior to joining Drive in 2023. Ethan greatly enjoys investigating and reporting on the cross sections between automotive, lifestyle and culture. Ethan relishes the opportunity to explore how deep cars are intertwined within different industries and how they could affect both casual readers and car enthusiasts.
