Is your car spying on you?

Ged Bulmer19/05/2026
Car Updates
Connected Vehicles can be seen as a godsend of enhanced convenience, functionality and safety, or as advanced surveillance devices on wheels. It’s possible they could be both. 
Graphic showing icons indicating a connected car.

When Australians buy a new car today, they’re buying much more than a powered machine that can move them from point A to point B in a high degree of comfort and safety. They’re also buying something that can rightly be described as a computer on wheels.

The increasing complexity of modern vehicles

Cars have long been known as one of the most complex mass-manufactured products on the planet, but the degree of complexity in modern automobiles is changing rapidly as consumers expect the same levels of connectivity they have at home and at work to be available in their vehicles.

The rise of connected vehicles

Car makers are responding with vehicles that have the ability to connect to the internet, sync with smartphones and mirror on infotainment screens the apps, websites and other internet-enabled services used when not in the car.

These so-called connected vehicles are also quietly collecting data in the background, something that has raised concerns with privacy advocates, politicians and the military.

National attention on connected vehicle security

Last November, the topic became the focus of national attention when reports emerged of thousands of Chinese‑made connected cars being stored near RAAF Base Amberley in South East Queensland.

Most, if not all of these vehicles would have been equipped with multiple cameras which are an integral part of modern driver assistance systems, as well a microphone array that provides listening capability for their voice control systems, automatic speech recognition software, and internet connectivity via 4G, 5G or Wi-Fi.

China doesn’t have a monopoly on connected vehicles, of course, but given the complex and sometimes difficult relationship Australia has with its largest trading partner it’s understandable why a car park full of internet-enabled Chinese vehicles near our largest operational air base might cause concern.

Defence officials said there was no evidence of wrongdoing but the episode sharpened a broader debate about how much data connected vehicles collect, where is it stored, and what risks come with trading privacy for convenience?

Growth of connected vehicles in Australia

Austroads is the peak organisation of Australasian Road transport and traffic authorities. In a 2021 report the organisation estimated there were 1.2 million connected vehicles on our roads, forecasting that figure to rise to 93% of all new vehicles by 2031. 

Benefits of connected vehicle technology

Andrew Kirk headshot

Leaving aside the negative aspects of a connected vehicle having the potential to spy on us, the technology has been developed primarily to introduce convenience features likely to be viewed positively by drivers.

These include Over the Air (OTA) updating of vehicle systems; smartphone access including locking, unlocking and starting; advanced infotainment including real-time monitoring of weather, traffic and maintenance; and potential lifesaving features such as automatic accident detection and alerts.

RACQ Principal Technical Researcher Andrew Kirk, pictured, said connected vehicle technology can also deliver tangible cost‑saving and reliability benefits for motorists.

“Telematics systems can continuously monitor critical vehicle health indicators such as 12‑volt battery voltage, giving drivers early warning of a failing battery. Many connected vehicles can also track tyre pressures and indicators of wheel misalignment, helping identify issues that can accelerate tyre wear.”

Lower insurance premiums are another potential advantage of telematics for drivers willing to share limited driving‑behaviour data with insurers who reward smooth, safe driving, Mr Kirk said.

“Used responsibly, these diagnostic and maintenance features have the potential to improve vehicle reliability, extend component life and reduce overall ownership costs for consumers.”

Privacy risks and concerns

While these are all undeniably convenient aspects of connected vehicles, there remain potential downsides including privacy concerns.

The Australian Signals Directorate (ASD) is the key Australian Government intelligence agency within the Defence portfolio responsible for foreign signals intelligence, cyber security, and offensive cyber operations.

Its website offers a range of information about connected vehicles (CV) noting that “the data a CV collects can be stored by the manufacturer overseas, where Australian data protection laws will not apply.”

The ASD bulletin goes on to state that this data may be attractive to cybercriminals, referencing several large and high-profile data breaches of manufacturers in recent years.

While not mentioned specifically, automotive brands that have been involved in major data breaches overseas include Hyundai, Kia, Volkswagen, Nissan, and Toyota.

Cybersecurity risks and real-world incidents

One of the most alarming data breaches was a well-publicised 2015 hack by US security researchers of a Jeep Cherokee. The hack, which was perpetrated over the internet by researchers located hundreds of miles from where the vehicle was being driven, allowed the hackers to remotely take control of the vehicle’s brakes, steering, and transmission.

That incident led to the recall of 1.4 million vehicles and a growing awareness among manufacturers of the software vulnerabilities accompanying the rise of connected vehicles.

Car makers are increasingly focused on preventing malicious hackers from using cellular networks, Wi-Fi, and hardline connections to exploit them. But hackers are adept at finding and exploiting vulnerabilities.

Woman connecting mobile phone to car.

What data connected vehicles collect

A modern connected vehicle infotainment system collects data from any device connected to the vehicle, which in most instances is your smartphone. Examples of the type of data that can be collected and transmitted to car makers and third-party providers include smartphone call logs, SMS logs, contacts and calendar events, external and internal image or video captures, real-time GPS locations, navigation entries, and more.

According to the ASD, this data may be extracted from devices connected to the vehicle and can, in some cases, be stored long‑term by manufacturers. The data can also be recovered using specialist tools, in some cases without having physical access to the vehicle.

Research into privacy practices

Given this, you would want to have confidence that your connected vehicle is doing the right thing with your data. But a 2025 report by Dr Katharine Kemp, Associate Professor at the Faculty of Law & Justice, UNSW Sydney, found “serious privacy flaws in the data practices of new internet connected cars in Australia”.

Dr Kemp’s research analysed the privacy terms from 15 of the most popular new car brands selling connected vehicles here, uncovering what she described as “enormous obstacles for consumers who want to find and understand the privacy terms”.

Her research also found that some brands make “inaccurate claims that certain information is not ‘personal information’, implying the Privacy Act doesn’t apply to that data.”

Similar concerns were raised in a 2022 discussion paper on connected cars and Big Data by the Australian Automotive Dealers Association (AADA).

“The software defined connected car is here, transmitting data, sending and receiving, storing information in the cloud and vehicle owners do not have access to the data, and Dealers do not have access either.”

Calls for reform and consumer control

The peak organisation representing Australia's motoring clubs, the Australian Automobile Association (AAA), is urging the Federal Government to give consumers the right to choose the third parties their data is shared with. By unlocking vehicle-generated data, the AAA believes it can boost productivity, drive competition, and deliver better value for motorists.

Balancing convenience and privacy

Much as we’ve grown accustomed to the internet being equal parts blessing and curse, the same may be true of connected vehicles. For some people this may be seen as merely the cost of convenience, with the assumption being that if you are using a smartphone or internet-enabled vehicle, then your data is fair game.

For others who are more concerned about data privacy, ways to reduce your risk of data breaches include reviewing the privacy and data collection policies of the manufacturer before buying a vehicle, and considering the data laws of the country in which the manufacturer will store the data.

Connected vehicles: What you need to know

Many new cars are now connected to the internet through a built‑in SIM or a paired smartphone. These connected vehicles can send and receive data in real time.

What they can do

  • Update software remotely
  • Lock, unlock or start the car via an app
  • Pre‑heat or cool the cabin
  • Provide live traffic, weather and maintenance updates
  • Detect crashes and send alerts
  • Show vehicle location and system status
  • In some models, allow viewing through external or internal cameras.

What data they can collect

  • Location and navigation history
  • Driving behaviour and vehicle performance
  • Camera images and in‑car audio
  • Infotainment use
  • Data from connected phones, such as call and text logs.

How to reduce privacy risks

  • Read the manufacturer’s privacy policy before buying
  • Check where vehicle data is stored and under which country’s laws
  • Turn off data‑sharing features where possible
  • Be cautious connecting devices, especially in rental cars
  • Factory‑reset vehicles when buying or selling.

Sources: UNSW, Australian Signals Directorate

New carsRoad AheadThe Road Ahead Mobility

repco everyday discount

CarBuying_MREC-30June2026

More articles

Back to The Road Ahead

Related topics

Things to note

The information in this article has been prepared for general information purposes only and is not intended as legal advice or specific advice to any particular person. Any advice contained in the document is general advice, not intended as legal advice or professional advice and does not take into account any person’s particular circumstances. Before acting on anything based on this advice you should consider its appropriateness to you, having regard to your objectives and needs.

Insurance Products (excluding Travel Insurance) are issued by RACQ Insurance Limited ABN 50 009 704 152 (RACQI) and arranged by RACQ Distribution Services Pty Ltd (RDS) ABN 35 116 361 650, AFSL 567130 and RDS' authorised representatives (including RACQ Operations Pty Ltd ABN 80 009 663 414, AR No. 234978 (RACQO)). Conditions, limits and exclusions apply.

Any advice provided by RDS and RACQO is general advice only and does not take into account your personal objectives, financial situation or needs and you will need to consider whether the advice is appropriate for you. Read the Product Disclosure Statement (PDS) before making a purchase decision on the product. You can also access our Target Market Determinations on this website.

RDS receives a commission from RACQI for the policies it arranges. RACQO receives fees paid for services it provides to RDS. Further details about remuneration are available on request prior to purchasing.

Banking and loan products issued by Members Banking Group Limited ABN 83 087 651 054 AFSL/Australian credit licence 241195 trading as RACQ Bank. Terms, conditions, fees, charges and lending policies apply. This is general advice only and may not be right for you. This information does not take your personal objectives, circumstances or needs into account. Read the disclosure documents for your selected product or service, including the Financial Services Guide and the Terms and Conditions, and consider if appropriate for you before deciding.

Except for RACQ Bank, any RACQ entity referred to on this page is not an authorised deposit-taking institution for the purposes of the Banking Act 1959 (Cth). That entity’s obligations do not represent deposits or other liabilities of RACQ Bank. RACQ Bank does not guarantee or otherwise provide assurance in respect of the obligations of that entity, unless noted otherwise.

RACQ Bank subscribes to the Customer Owned Banking Code of Practice which establishes higher standards than the law requires. The Code reflects modern consumer expectations and developments in approaches to issues such as consumer vulnerability, guarantors, and supporting customers through financial hardship. Please read our Customer Owned Banking Code of Practice page for more information.

RACQ Operations Pty Ltd (ABN 80 009 663 414 AR 000234978) and Members Travel Group Pty Ltd (ABN 45 144 538 803 AR 000432492) are acting as an Authorised Representative of the issuer of the insurance, Tokio Marine & Nichido Fire Insurance Co., Ltd. (ABN 80 000 438 291 AFSL 246 548). Any advice set out above is general in nature only, and does not take into account your objectives, financial situation or needs. Before purchasing any travel products, please consider the RACQ Travel Insurance Product Disclosure Statement (PDS) and the Target Market Determinations (TMDs) that apply to these products. Whilst the PDS outlines the Terms and Conditions of these products, the TMDs outline the intended class of customers that comprise the target market for these travel products. This will allow you to consider which products best suit your objectives, financial situation and needs and consider the products appropriateness to your personal circumstances. TMDs also outline matters involving the distribution and the review of these products. The PDS, Supplementary PDS and TMDs for each travel product can be found here.