Yes, seriously. They need to service the vehicle, OK, but communicate to and through the vehicle.

What does that mean? The repair tech tells my car that it's ready for pickup and my car ignores him because it's a car not a communication channel?

I can tell my local repair guy down the road my number. No need for some megacorp to know who I am.

These are the services, according to the article:

“T-Connect enables features like remote starting, in-car Wi-Fi, digital key access, full control over dashboard-provided metrics, as well as a direct line to the My Toyota service app. The servers that control these options contain unique customer identification numbers and customer emails.”

I don't see why any of that should require the email address. They can communicate with the customer through the app or through the car UI.

In general, apps and sites these days hoover up more info than they need simply because they can, not because it adds to the customer experience (and often doesn't help the company either). There is no incentive to be in any way judicious about what to collect and the frequent breaches show that even the companies don't value PII as something worth protecting because it's not core to their business.