The Future Networked Car gathering put on by the International Telecommunications Union at the Geneva Motor Show last week highlighted the intensifying debate over automotive data privacy. A representative from FIA, the international federation of car clubs, and Stephan Appt, legal director and attorney at Pinsent Masons, highlighted fundamental contradictions facing car makers and consumers.
FIA is in the forefront of a global effort by car clubs to alert consumers to the data collection capabilities of automobiles. FIA has been leading the MyCarMyData campaign to educate consumers regarding the vehicle data collection activities of car makers and the potential consequences.
FIA is concerned that consumers know their rights to privacy but the organization is also advocating for consumer choice. FIA believes consumers should have the right to choose their telematics service providers and vehicle repair options.
The FIA position reflects the organization’s perception that connected cars will increasingly be tied to the car maker’s eco-system of service providers. FIA says its consumer surveys show that:
- 90% believe the car data is owned by the car owner or user
- 95% want legislation to protect user data
- 78% want to choose their service providers
- 76% believe that consent to access data should be for a limited time or per-ride basis
The irony and the reality is that very little car data is being gathered in real-time today, though some data is being gathered periodically. But the onset of connected and autonomous cars is rapidly altering the industry mindset around vastly increased data collection.
FIA’s focus on consumer choice relates to the roadside assistance and insurance services offered by car clubs, which are increasingly introducing aftermarket telematics systems to connect to their customers and compete with car makers.
Car makers are still remarkably conflicted regarding connecting cars. Some car makers may themselves be interested in privacy protection for their customers and for themselves. It was only two years ago that former VW CEO Martin Winterkorn warned that the car was becoming a Datenkrake (Data Octopus) and that VW was committed to protecting the privacy of its customers.
Winterkorn’s words revealed the profound ambivalence prevailing in the auto industry regarding privacy and data collection, particularly in the wake of two years of record-breaking recall levels. Car makers still aren’t quite sure they want to collect all that vehicle data.
It is clear that vehicle data can not only be used against the driver by law enforcement, marketers or insurance companies, it can also be used against the car companies by regulators or consumers. Additionally, vehicle data has become a battleground as governments such as Russia and China insist that car makers locate their data collection servers within the borders of those countries and as regulators throughout the world specify how long data must be preserved or how quickly it must be destroyed.
The last thing any car maker wants to do today is get into the business of selling its data. Any vehicle or customer data that might escape into the wild, even via a valid commercial agreement, could contain the seeds of a devastating lawsuit or regulatory action.
There are exceptions to this ambivalence. Tesla Motors proudly maintains its lifetime always-on connectivity. By and large car companies are not gathering vast quantities of data. But that is about to change.
Appt of Pinsent Masons doesn’t see how car companies can possibly avoid collecting data on their cars and he pointed out the need for clear customer disclosures and opt-in procedures in advance of vehicle usage data collection. He also noted the requirements associated with event data recorders and the regional limitations placed on dashcam data collection.
For all their ambivalence about collecting data, though, car makers have an obligation and a need to collect data. Vehicle data may turn out to be incriminating, but Appt says car makers are obliged to collect and analyze data since they are answerable for the performance of the vehicle and the safety of the customer.
In the context of security concerns, the need for car companies to collect data has only increased. Car makers are increasingly recognizing they have a need to monitor vehicle systems as much as possible in real-time to ensure the integrity of vehicle performance and to detect and prevent the intrusion of malware.
Appt notes that efforts are underway to rationalize and harmonize privacy laws in Europe and around the world, but these efforts are at the earliest stages. In the meantime, car makers are caught like deer in the headlights. They are answerable for vehicle failures, recalls or security intrusions but they have a limited set of tools to take on these responsibilities and are confronting a fragmented legal framework around privacy and their customers are increasingly wary regarding vehicle connections and data collection.
On a separate panel at the Fully Networked Car event a moderator asked about the right of consumers to opt out of connectivity and the impact that might have on safety systems based on vehicle-to-vehicle communications. The FIA notes that 91% of the respondents to its survey said they wanted the right to turn their car connections off.
Consumers shutting car connections off may create the peace of mind of an escape from the intrusive data gathering eyes of car makers, marketers and insurers, but it does not let the car maker off the hook for liability regarding the safe and secure operation of the vehicle. It also undermines safety systems designed to use connectivity to avoid collisions.
Finally, it isn’t enough to collect the data. If a car company collects vehicle data there is an implied obligation to thoroughly analyze the data. This is yet another reason why car companies remain ambivalent. They will clearly be held liable for collecting data which might contain evidence of vehicle malfunctions. Yes, the days of plausible deniability are officially past.
As car companies collect and analyze data they will be expected to notify vehicle owners and drivers in a timely manner as to imminent vehicle system failures. Ultimately, existing guidelines for postal notifications of potential malfunctions or flaws will no longer be sufficient. Real-time, in-dashboard warnings and alerts will ultimately be implemented by all car makers.
Herr Winterkorn was correct in observing that his industry was confronting a Datenkrake, but his prescription was wrong. The auto industry must embrace connectivity and all of the responsibilities that it entails. Data is neither good nor bad. It is only a resource to be used to better serve and protect the customer.Share this post via: