What Happens to Your Data When You Sell a Connected Car?
You’ve cleaned it, photographed it, found a buyer. You hand over the keys, pocket the cash, wave goodbye. But here’s the thing nobody mentions at the handover: your old car still knows where you live.
Modern connected vehicles are, in every meaningful sense, smartphones on wheels. They collect and store extraordinary amounts of personal data over years of ownership, and the average seller does almost nothing to wipe it before passing the keys to a stranger. Most people don’t even know they should.
What your car actually knows
The data profile built up inside a connected car is more intimate than most owners realise. Location history is the obvious one: home address, workplace, the Saturday morning coffee run you never miss. But it goes much further than GPS logs.
Your infotainment system has probably been syncing with your phone for years. That means call logs, text message previews, your entire contacts list, saved Wi-Fi passwords, paired Bluetooth devices, voice command history, music preferences. Vehicles with driver-assist or insurance telematics features add behavioural data on top of that: how hard you brake, how fast you corner, how many kilometres you do in a week.
Dashcams with local storage may still hold footage. And in cars connected to a manufacturer’s cloud platform, which now covers most new vehicles sold in Australia, the data trail doesn’t stop at the car itself. It runs through an account that can remain linked to the vehicle’s VIN long after you’ve signed the transfer papers.
The factory reset problem
Everyone knows to wipe their phone before selling it. Almost nobody thinks to do the same with their car, and the process is considerably less obvious.
Yes, the infotainment head unit usually has a factory reset buried somewhere in the settings. Running it clears the locally stored data: contacts, call logs, paired devices, saved networks. That much is straightforward, if you know to look for it.
What it doesn’t do is remove the car from your connected app account. It doesn’t cancel telematics arrangements. It doesn’t touch anything held on the manufacturer’s servers. So you can factory reset the screen and still, technically, be able to track the car, unlock the doors remotely, or check the battery level on an EV, because the vehicle is still registered under your profile.
This isn’t a hypothetical edge case. It’s a documented issue across multiple brands. Previous owners retaining remote access after a sale is a known and recurring problem, and it happens simply because nobody updated the account.
Manufacturers are not exactly helping
The car industry has quietly become a data industry. A 2023 Mozilla Foundation investigation into connected vehicle privacy found that major manufacturers collected far more data than their products needed, routinely shared it with third parties including insurers and data brokers, and gave consumers very little real ability to opt out. Connected cars ranked as the worst product category Mozilla had ever reviewed for privacy. Worse than smart speakers. Worse than fitness trackers.
What happens to that data when you sell the car is largely left to the manufacturer’s discretion, and their policies vary considerably. Some tie data to the VIN rather than the owner’s account, so collection continues regardless of who’s driving. Others retain historical data from previous ownership periods even after an account transfer. A few offer genuine deletion requests, but exercising that right typically means navigating a customer service process clearly not designed to be convenient.
Australian Privacy Act obligations technically apply here, including requirements around data retention and deletion. Enforcement, though, is limited, and in practice most of this falls on consumers to sort out themselves.
What to do before you sell
The full handover process takes maybe twenty minutes. Almost nobody does it.
Run a factory reset on the infotainment system. This is non-negotiable and should be the first thing on your checklist. The location varies between manufacturers, so check the manual if needed.
Remove the vehicle from your connected app account before the sale, not after. Tesla, BMW, Hyundai Bluelink, Toyota Connected, Mazda Connect and every other platform with a smartphone integration have a process for unlinking a vehicle from your profile. Do it while you still control the account.
If you’ve had usage-based or telematics-linked insurance, contact your insurer and confirm the service has been properly decommissioned, not just paused.
Submit a data deletion request to the manufacturer. Almost no one does this, but it’s increasingly available. Find it in the privacy policy, start the process before or at the time of sale.
Pull the dashcam SD card or wipe the internal drive before handover.
And if you’re buying
You have no way to verify how thoroughly the previous owner cleared their data, or whether they’ve unlinked the car from their accounts. So do it yourself anyway.
Run a factory reset after purchase. Register the vehicle under your own account through the manufacturer’s platform. And before you finalise the deal, just ask: have you removed the car from your connected app? It’s a reasonable question. A seller who takes it seriously will have done it already.
This is going to get more complicated
The data footprint of a connected vehicle is expanding, not shrinking. Over-the-air updates, advanced driver assistance systems, deeper integration with home ecosystems and personal accounts: the volume and sensitivity of information tied to a modern car is on a clear trajectory upward.
Regulatory frameworks are starting to move. The EU’s Vehicle Data Act and evolving GDPR interpretations in the automotive context will set precedents that Australian policy will likely follow, eventually. For now, though, the practical responsibility sits almost entirely with buyers and sellers.
The industry spent decades insisting a car is just a machine. The connected era has made that argument untenable. Treat your next car sale the way you’d treat offloading an old laptop: wipe it properly, unlink your accounts, and don’t hand over the keys until you’re confident a stranger can’t use the thing to reconstruct your life.
Data reset processes vary by make and model. For vehicle-specific instructions, check your manufacturer’s privacy policy or contact their support team directly.
