Privacy4Cars Study Reveals How 49 Auto Brands Handle Consumer Data Rights
The first-ever report sheds light on how well auto manufacturers offer vehicle owners access to their vehicle data.

Fleet vehicles are now rolling computers with multiple connected systems onboard that drive the need to manage the security and privacy of constant data activity.
Photo: Tima Miroshnichenko / Pexels
A new call to action has empowered vehicle owners seeking to control their data access and privacy.
It compels automakers to be more forthcoming and cooperate with vehicle buyers in protecting their data.
Privacy4Cars recently released the first quantitative benchmark of interfaces consumers use to make privacy choices online, titled “Privacy UX Crash Test: How 49 Auto Brands Handle California Consumer Data Rights, Gaps, & How to Improve.”
The new resource furthers the global B2B privacy-tech firm’s focus on solving privacy and data security issues and questions in the automotive industry.
Agency Lays Groundwork For Report
The report spans over 1,800 pages, and required over 1,000 hours of research, quantitative analysis, and editing conducted as a joint effort between Privacy4Cars’ network of in-house counsel and privacy experts.
This first-of-its-kind report, inspired by the March 2025 California Privacy Protection Agency's settlement with American Honda Motor Company, numerically scored auto brands by making unbiased measurements of their actual practices between April and July.
Privacy4Cars identified and established an industry set of best practices across 12 areas and scored each auto brand based on how many of those UX best practices they implemented and made available to consumers.
[An Online UX (User Experience) Interface refers to the visual elements and interactive components of a website or application that users connect with directly. It encompasses everything a user sees and touches, like buttons, icons, menus, and the overall layout, aiming to create a positive and intuitive experience].
Vehicle Owners Get Results
For vehicle owners, the risks of exposure and misuse of their personal information are multiplying. Data accumulated in a vehicle can be traced back to individuals and households via cookies and trackers, including geolocations, financial transactions, and biometrics. Companies collect data online through the car and via data brokers. It's the same concept as not wanting to be tracked, hacked, or subjected to advertisements on a desktop computer.
By offering this standardized consumer privacy UX scorecard, Privacy4Cars aims to spur more transparency and create a blueprint that benefits everyone, including consumers, automotive brands and manufacturers, and privacy tech providers, privacy professionals, the broader industry (automotive and non-automotive), regulators, and lawmakers in California and beyond.
“The Honda settlement is about the controls that they give to vehicle owners to decide about their data and privacy,” Privacy4Cars founder and CEO Andrea Amico said in an interview with Automotive Fleet. “The California regulatory body is like a mini-Federal Trade Commission. Its interfaces and processes for Honda were not compliant and they were fined $632,500. This is a watershed because it is the first enforcement decision in the U.S. where a regulator spells out principles of consumer and vehicle owner violations.”
The California Privacy Protection Agency victory sets a precedent easy to apply because it centers on practices, Amico said. “We took those principles, came up with criteria, and applied them as closely as we could to everybody else.”
How The Benchmarks Work
The benchmarking study evaluated the processes offered by auto brands to California consumers requesting to make privacy-related choices, including request accessibility, identity verification, agent authorization, opt-out mechanisms, and cookie controls.
A total of 49 auto brands are included in the groundbreaking report: Acura (pre and post changes driven by enforcement), Afeela, Alfa Romeo, Audi, Bentley, BMW, Buick, Cadillac, Chevrolet, Chrysler, Dodge, Ferrari, Fiat, Ford, Genesis, GMC, Honda (pre and post changes driven by enforcement), Hyundai, INEOS, Infiniti, Jaguar, Jeep, Karma, KIA, Lamborghini, Land Rover, Lexus, Lincoln, Lucid, Maserati, Mazda, Mercedes-Benz, Mini, Mitsubishi, Nissan, Polaris, Polestar, Porsche, RAM, Rivian, Rolls Royce, Scout, Smart, Subaru, Tesla, Toyota, Vinfast, Volkswagen, and Volvo.
“During the last three weeks, we talked to manufacturers representing brands and rescored those companies,” Amico said. “We decided to make changes. It’s not a static score. It’s inspired by the settlement, and every year the technology improves and becomes safer.”
Privacy4Cars also examined how brands build privacy-related processes and compared outcomes between in-house tools versus using one or more of the six external vendors it could identify: Evidon, Ketch, OneTrust, Salesforce, TrustArc, and Usercentrics.
Privacy4Cars scored each brand by using 12 criteria and corresponding best practices already adopted by industry members: Six for evaluating the UX of the privacy portals consumers and agents may use to file privacy requests, such as how many fields of data they require consumers to submit when they file a privacy request, and six for evaluating the UX of brands’ consumer-facing websites, such as how many clicks it takes to accept versus reject cookies and adoption of Global Privacy Control.
Common Uses Of Privacy Report
The 86-page benchmark summary includes a score and ranking table by brand and is available for free download.
Among its features:
Privacy professionals, auto businesses, and other companies with a large California customer base can purchase the full report, the most detailed document of its kind, which includes in-depth, criterion-by-criterion screenshots, analyses, and explanations of what was scored and how it was evaluated.
Each brand’s detailed analysis offers actionable insights on how to rapidly improve. The full report also details the effects and lessons from using in-house versus external privacy-tech vendors.
Qualified members of government, media, non-profits, and academia may request a complimentary version of the full report.
Both the summary and full report are available for download here.
Report Spurs Potential Improvements
“While only five brands scored 3.0 or above on our 5.0-point scale, i.e. adopted at least 60% of the 12 best practices we identified, we have three reasons to be optimistic,” Amico said in an Aug. 6 news release.
Those reasons:
First, Acura and Honda introduced changes after their settlement with CPPA in just 6-8 weeks and achieve the industry’s top score at 4.6 out of 5 by adopting 11 out of 12 market best practices
Second, all the necessary best practices are already in the market — simply nobody classified, identified, consolidated, and recognized them until this research was conducted.
Third, after meeting with the privacy teams of six auto manufacturers representing 12 brands included in the benchmark, some indicated they are making changes. “In fact, some already have an improved score, recognizing progress these brands already made in less than three weeks,” Amico said.
Amico told Automotive Fleet that Privacy4Cars is not committed to a schedule in updating the scoring criteria and benchmarks. The report would be revised based on the precedents of more decisions from regulatory bodies. Other states set their own sets of rules, with owners having fewer controls than in California.
How Privacy Findings Affect Fleets
Amico advised that fleet operators, as owners of vehicles, can influence decisions about data generated about and from their fleet vehicles. “Most fleet managers do not understand that they can improve the management of data about their vehicles. An important lesson. Laying down what controls consumers in California have can provide and important lesson and broader implications for fleets.”
Privacy4Cars is building new tools to help fleets make data more accessible and how to do that in a friendly manner, Amico said. “This study proved it’s not very friendly. There are some good practices out there, but it’s not as easy as it should be, and it’s even harder for businesses because the laws are written to protect consumers but not a local fleet.”
Fleets also should be able to protect their vehicle data as owners of those vehicles, he added.
“Companies purchase the metal but are losing more control over software and data. If you are a fleet manager, you are mini CISO (chief information security officer in your fleet. The job is changing. It used to be more about mechanical things and management of physical assets. Now we have rolling computers on the road and need to manage the security and privacy of any data generated. It’s an asset to your company.”
More Operations

Commercial Fleet Sales Contribute To June, YTD Gains
The fleet sector has boosted its vehicle purchases at a reliable pace in the first half of this year compared with 1H 2025.
Read More →What Fleet Managers Really Want From Vendors
From customer service frustrations and technology breakdowns to RFQs, change management, and the growing impact of turnover across the industry, this conversation pulls back the curtain on the real operational challenges fleet managers are navigating every day.
Read More →Fleet Safety Masterclass: Industry Leaders on Storytelling, Strategy & Innovation
In this special masterclass episode, industry leaders break down what it really takes to build safer fleets in today’s increasingly distracted and data-driven world.
Read More →Integrating Legacy Fleet Systems and Historical Data
In this episode, we bring together fleet and technology leaders to unpack the realities of data integration, system migrations, and the evolving role of AI in fleet management.
Read More →From Resistance to Results: Change Management Strategies for Fleets
From new technologies and safety programs to evolving regulations, fleets are under constant pressure to adapt. But as Dr. Betz explains, success isn’t about the system you implement—it’s about whether your people actually use it.
Read More →Where We're Headed: A Practical Look at AI in Fleet
Discover how AI is actually being deployed in fleets, not just marketed, including practical use cases and emerging risks.
Read More →
How Coca-Cola United Protects Its Fleet from Growing Legal Risk
Growing legal exposure can put fleets at risk. Here's one company's approach.
Read More →
Fleet Managers Think They Understand Their Costs. The Data Says Otherwise.
Most fleet managers say they have a strong handle on their costs, but new research from Bobit Business Media tells a different story. A 2026 survey of 190 fleet professionals reveals a widespread "confidence gap" where fragmented systems, disconnected data, and delayed reporting are leaving major blind spots hidden beneath the surface. Find out what the data actually shows.
Read More →
Cameras, Safety and Insurance: From Reactive Claims to Real-Time Prevention (Part 2 of 2)
Part Two: Commercial auto remains one of the most challenging and costly lines of coverage for fleet operators and insurers alike. Continue learning more about how to effectively address these issues from Onur Aksan, Enterprise Business Development Executive, Geotab
Read More →
New Trucks, AI & Summer Downtime | AF News Recap
From new truck updates to AI-powered driver coaching and summer maintenance tips, this week's fleet headlines are all about keeping things moving.
Read More →

