The Future Networked Car event organized by the International Telecommunications Union (ITU) at this year’s Geneva Motor Show highlighted the intensifying debate over automotive data privacy. A representative from Federation Internationale de l’Automobile (FIA), the international federation of automobile associations, and Stephan Appt, Legal Director at Pinsent Masons, highlighted fundamental dilemmas facing car makers and consumers.
‘My car, my choice’
FIA is at the forefront of a global effort by automobile associations to alert consumers to the data collection capabilities of connected cars. FIA has been leading the MyCarMyData campaign to educate consumers regarding the vehicle data collection activities of car makers and the potential consequences.
FIA is concerned that consumers know their rights to privacy but the organization is also advocating for consumer choice and the right of consumers to choose their telematics service providers and vehicle repair options.
This position reflects the organization’s perception that connected cars will increasingly be tied to the car maker’s eco-system of service providers. FIA’s consumer surveys show that:
- 90% believe the car data is owned by the car owner or user
- 95% want legislation to protect user data
- 78% want to choose their service providers
- 76% believe that consent to access data should be for a limited time or per-ride basis
Protecting consumer privacy
The reality however is that very little car data is being gathered in real-time today, though some data is being gathered periodically. But the onset of connected and autonomous cars is rapidly altering industry mindset around vast opportunities offered through the collection and analysis of user data.
FIA’s focus on consumer choice relates to the roadside assistance and insurance services offered by car clubs, which are increasingly introducing aftermarket telematics systems to connect to their customers and compete with car makers.
Car makers are still conflicted regarding connecting cars with some very much on the side of privacy protection for their customers. Former Volkswagen CEO Martin Winterkorn warned two years ago that the car was becoming a ‘Datenkrake’ (Data Octopus) and that VW was committed to protecting the privacy of its customers.
Winterkorn’s words reveal the ambivalence prevailing in the auto industry regarding privacy and data collection, particularly in the wake of two years of record-breaking recall levels. Car makers still aren’t quite sure they want to collect all that vehicle data.
Vehicle data is a battleground
It is clear that vehicle data can not only be used against the driver by law enforcement, marketers or insurance companies, it can also be used against the car companies by regulators or consumers.
Additionally, vehicle data has become a battleground as governments such as Russia and China insist that car makers locate their data collection servers within the borders of those countries and as regulators throughout the world specify how long data must be preserved or how quickly it must be destroyed.
The last thing any car maker wants to do today is get into the business of selling its data. Any vehicle or customer data that might escape into the open, even via a valid commercial agreement, could contain the seeds of a devastating backlash or regulatory action.
There are exceptions to this ambivalence. Tesla Motors proudly maintains its lifetime always-on connectivity. By and large car companies are not gathering vast quantities of data. But that is about to change.
Obligation to collect vehicle data
Appt of Pinsent Masons doesn’t see how car companies can possibly avoid collecting data on their cars and he pointed out the need for clear customer disclosures and opt-in procedures in advance of data collection. He also noted the requirements associated with event data recorders and some regional limitations placed on dashcam data collection.
For all their ambivalence about collecting data, though, car makers have an obligation and a need to collect data. Vehicle data may turn out to be incriminating, but Appt says car makers are obliged to collect and analyze data since they are answerable for the performance of the vehicle and the safety of the customer.
In the context of security concerns, the need for car companies to collect data has only increased. Car makers are recognizing they have a need to monitor vehicle systems as much as possible in real-time to ensure the integrity of vehicle performance and to detect and prevent the intrusion of malware.
Appt notes that efforts are underway to rationalize and harmonize privacy laws in Europe and around the world, but these efforts are at the earliest stages. In the meantime, car makers are caught like deer in the headlights. They are answerable for vehicle failures, recalls or security intrusions but they have a limited set of tools to take on these responsibilities and are confronting a fragmented legal framework around privacy, and their customers are increasingly wary regarding vehicle connections and data collection.
Implications of opting out
On a related panel at the Fully Networked Car event a moderator asked about the right of consumers to opt out of connectivity and the impact that might have on safety systems based on vehicle-to-vehicle communications. FIA notes that 91% of the respondents to its survey said they wanted the right to turn their car connections off.
Consumers shutting car connections off may create the peace of mind of an escape from the intrusive data gathering eyes of car makers, marketers and insurers, but it does not let the car maker off the hook for liability regarding the safe and secure operation of the vehicle. It also undermines safety systems designed to use connectivity to avoid collisions.
It isn’t enough to collect data. If a car company collects vehicle data there is an implied obligation to thoroughly analyze the data. This is yet another reason why car companies remain ambivalent. They will clearly be held liable for collecting data which might contain evidence of vehicle malfunctions. Yes, the days of plausible deniability are numbered it seems.
As car companies collect and analyze data they will be expected to notify vehicle owners and drivers in a timely manner as to imminent vehicle system failures. Ultimately, existing guidelines for postal notifications of potential malfunctions or flaws will no longer be sufficient. Real-time, in-dashboard warnings and alerts will ultimately be implemented by all car makers.
Winterkorn was correct in observing that his industry was confronting a Datenkrake, but his prescription was wrong. The auto industry must embrace connectivity and all of the responsibilities that it entails. Data is neither good nor bad. It is a resource to be used to better serve and protect the customer.
Roger C. Lanctot
As Associate Director in the Global Automotive Practice at Strategy Analytics, Roger Lanctot (@rogermud) has a powerful voice in the definition of future trends in automotive safety, powertrain, and infotainment systems. Roger draws on 25 years’ experience in the technology industry as an analyst, journalist and consultant. Roger has conducted and participated in major industry studies, created new research products and services, and advised clients on strategy and competitive issues throughout his career. Some consider Roger the Kevin Bacon of the connected car industry as evidenced by his wide LinkedIn and Twitter following and his frequent speaking and blogging activities on critical industry issues impacting critical topics such as vehicle safety, fuel efficiency and traffic. Roger is a graduate of Dartmouth College.
This blog was originally posted on LinkedIn Pulse under the title ‘The Emerging Battle for your Car’s Data’ and re-posted with the author’s permission.