Australia’s privacy watchdog – The Office of the Australian Information Commissioner (OAIC) – has opened an official investigation into two Asian-based ‘smart car’ manufacturers, citing concerns about the types, and levels, of personal data connected cars are harvesting.

Speaking to Senate Estimates hearings in Canberra this week, Australian Privacy Commissioner Carly Kind told Senators that her office is investigating “two separate entities” to assess whether the automakers are collecting excessive personal information and what they are then doing with that harvested data. She also confirmed her office had conducted preliminary investigations into two other car companies.

“We have open investigations against two separate entities,” Kind told Senate Estimates. “We conducted further preliminary inquiries against two separate entities, but did not decide to take them further.”

1

Kind declined to name the car makers under investigation and when pressed by Nationals Senator, Bridget McKenzie, who asked if she could confirm the two automakers were state-owned entities from China, replied only that they were based in Asia.

Most new cars on the Australian market today are equipped with built-in modems – or can connect to owners’ smartphones – to provide a range of connected services such as satellite navigation and streaming services. However, some vehicles collect a wealth of personal data including location histories, driving behaviours, voice recordings and images from both internal and external cameras, “a shocking breach of privacy,” according to Senator McKenzie.

1

It’s not the first time Kind has flagged privacy concerns around automakers.

“It is an area of increasing public interest and concern, and while the Australian connected car market is not as advanced as overseas markets, we have seen significant privacy issues in other jurisdictions, including instances where driver data is used to build risk profiles about individuals, and in some circumstances, sold to insurance brokers,” she said in a speech at the University of NSW last May. “This can include some very personal and even sensitive data, and it can paint an intricate picture of our lives and movements.

“By collecting so many data points, connected cars provide as many opportunities for malicious or rogue actors to access and misuse that information.”

Pirelli Connesso App
1

The issue of data security is gathering steam globally. In 2024, the US banned the sale of software and hardware from Chinese- and Russian-made cars amid concerns surrounding not only privacy, but also potential national security breaches.

That same year, Australian consumer advocacy group, Choice, conducted an investigation into Australia’s 10 biggest car brands which found that many of them collected personal information with some brands confirming that data was then sold on to third parties.

The Office of the Australian Information Commissioner’s investigation is expected to take around 18 months.