Here’s How Educated You Need To Be To Understand the Privacy Policies of Different Car Companies

With the value of personal data at an all-time high, All About Cookies evaluated the privacy policies of major car brands to see how hard they make it to understand what information they collect about their customers.
We may receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

Did you know your car might be tracking your browsing history? As high-tech features and services become more prevalent in modern vehicles, auto manufacturers collect more detailed customer data than ever.

While car companies disclose what data they collect and how it is gathered, it can be difficult to understand. Privacy policies are often hard to find and filled with legalese and dense language. Some manufacturers even collect sensitive data such as medical and biometric information and details about the sex lives of their customers.

Our team at All About Cookies evaluated the official privacy policies of 15 major automotive brands to determine which companies have the most and least accessible data collection disclosures. We analyzed the length, reading level, and data points each manufacturer collects on their drivers.

In this article
Key findings
Car brand privacy policy ranked by readability
The data different car brands are collecting about you
Advice from our experts
Tips for keeping your personal data safe on and off the road:
Methodology

Key findings

  • Jeep has the hardest-to-understand privacy disclosures of any major manufacturer. You need to read at a postgraduate level (above a bachelor’s degree) to understand Jeep’s privacy policy.
  • At just over 14,000 words, Kia’s privacy policy is the lengthiest of any major brand.
  • The average number of words in a car privacy policy is 7,505.
  • The average automotive privacy policy requires a 12th-grade (High school senior) education to understand.
  • Mazda’s privacy policy is the easiest to read, requiring an 8th-grade education to understand.

Car brand privacy policy ranked by readability

Automotive privacy policies tend to cover many of the same general topics, with particular attention paid to outlining the kinds of data each car maker collects, how they collect it, and how they use it. However, the number of words each company uses and the complexity of language they employ to convey that information varies from company to company.

privacy policies of car companies

On average, the 15 policies included in this analysis require a 12th-grade education to understand and came in at just over 7,500 words in length. The average American reads at a 7th- to 8th-grade level, meaning understanding these policies requires reading abilities significantly higher than the average customer’s.

Mazda’s privacy policy is easiest to understand, requiring an 8th-grade comprehension. It is also the shortest, clocking in at around 2,200 words. Mercedes-Benz has the second-easiest policy to read, requiring a 10th-grade education to read its approximately 2,500 words.

Jeep’s privacy policy is the hardest to read despite being the third-shortest, at roughly 3,700 words. Fully comprehending the Jeep policy requires the reader to have the education level of a collegiate postgraduate student. Tesla’s policy is the next hardest to read, on par with the materials taught in a 300-level college course.

Three different car companies employ privacy policies over 10,000 words, led by the 14,000 words in Kia’s policy. Both BMW and Subaru have policies that clock in at under 11,000 words each. Combined, those three privacy policies total nearly 36,000 words, more than 5,000 words longer than John Steinbeck’s famous novel Of Mice and Men.

The data different car brands are collecting about you

Much of the information car companies collect is the same no matter what you drive, as just about every company collects and tracks things like demographic data, driving habits, and repairs and maintenance. Some companies collect more unusual pieces of data than others, however, including some that customers might find surprising for car companies.

We wanted to highlight which companies include these kinds of notable and unexpected pieces of information in their privacy policies, covering sensitive subjects such as customers’ sex lives, genetic information, philosophical beliefs, and more.

data car companies collect

While collecting information on customers from public social media posts is the only interesting inclusion Toyota and Mazda have written into their privacy policies, both Kia and Subaru indicate they track information relating to the sex lives and sexual orientation of customers, as well as tracking religious and philosophical beliefs (including membership in a professional union) and genetic or biometric data, among other data points.

Advice from our experts


+

Andrea Flink

Senior Fellow at the Center on Law and Information Policy

Fordham Law School

How common is an intentionally complex/long privacy policy?

Privacy policies are undoubtedly commonly long and complex and often contain vague or ambiguous language, which on one hand, creates flexibility and minimizes risks for the entity who has the policy. However, it makes it difficult for consumers to comprehend and rely on to develop an understanding of what happens with their information.

How can people be more aware of what is being collected from them?

As lengthy as privacy policies generally are, consumers should review them upfront to understand what information is being collected, how it will be used, and who it will be shared with. 

Users should not automatically click “yes” when asked to consent to the use of their information but rather consider whether the convenience and other benefits of whatever service is being offered outweigh the loss of their privacy.

How can consumers take their privacy into their own hands and stay safe while being able to enjoy the convenience of smart vehicles?

Drivers should consult their car’s privacy policy to understand what information the car will seek to collect, use, and share, and whether and how they can opt out of providing certain information. Privacy-conscious users should refrain from downloading their car’s app, which may collect data even when a user is not in the car, and refrain from enabling Apple’s Car Play or Android Auto Play.

Privacy-conscious users who pair their devices with their car through Bluetooth should decline consent if asked to share their address book or other information. All drivers should delete their data when they turn in a car at the end of a lease or rental. Users should also be sure to delete any apps and terminate their accounts at the end of a lease.

Are there strategies companies use to have consumers consent to more surveillance/data collection when crafting privacy policies?

Some car companies put in their privacy policies that by merely operating a car and/or using associated services, the user is deemed to have consented to the collection of their personal information.

Answers have been edited for clarity and brevity.

Tips for keeping your personal data safe on and off the road:

  • Make sure your identity is safe no matter where you are. Identity thieves are constantly finding new ways to steal personal data and information. With ever-evolving threats to your identity lurking online, using one of the best identity theft protection services is a crucial step towards staying safe online.
  • Get proactive about what you share with websites. A great way to feel safe and secure online is to take an active role in determining what pieces of information are and are not shared with different websites. Make sure you know how to change your privacy settings online and take control of the information available on different sites.
  • Protect yourself and your computer. The internet is teeming with all kinds of threats to your privacy and digital information, with new ones emerging all the time. Using one of the best VPN services is a good way to keep your data secure online.

Methodology

The official privacy policies for each car brand were copied and pasted into the Hemingway Editor App, which evaluated them for readability and length. Evaluations were performed in January 2024, using each policy’s most recently released version as of January 2, 2024. Each privacy policy’s “Data we collect” portion (or a similarly-named portion containing the same information) was also manually read and reviewed to find and spotlight any notable data elements collected by different automakers.

4.9
Editorial Rating
Learn More
On Aura Identity Theft's website
Aura Identity Theft
  • Excellent identity theft protection service
  • Includes a password manager and VPN
  • Robust tools for children’s security
  • Provides VantageScore and not FICO score updates
Author Details
Josh Koebert is an experienced content marketer that loves exploring how tech overlaps with topics such as sports, food, pop culture, and more. His work has been featured on sites such as CNN, ESPN, Business Insider, and Lifehacker.