At the beginning of December, ACEA organised its second passenger car conference entitled ‘Smart cars: Driven by data’. Our first car conference, held two years ago, gave a broad overview of the benefits and implications of the connected car. ACEA’s second car event proved to be an excellent opportunity to zoom in on what is at the heart of smart mobility: data. Given that the Commission published its European master plan on Cooperative Intelligent Transport Systems the day before, the event topic proved to be more timely than ever.
Today, more and more objects have network connectivity, allowing them to send and receive data. This is the case with many everyday household appliances, from a refrigerator to your smart television. It’s also the case with your car. But what kind of data are we exactly talking about? Well, smart cars rely on the collection, use and processing of data from different sources – including the driver, the vehicle itself, and its surroundings (such as other vehicles, the vehicle manufacturer, road infrastructure and third-party service providers).
Most vehicle-generated data are primarily of a technical nature. They exist only momentarily, are used locally within vehicle systems and are never stored. Other vehicle-generated data can potentially be put to a wide variety of uses: to increase comfort and convenience for customers, to improve products and services, and to contribute towards achieving societal goals such as improving road safety, reducing fuel consumption, and facilitating traffic management and parking. Concretely, such data can for instance be used to advise the driver on the easiest and safest routes; to contact emergency services in case of an accident; or to ‘predict’ when your car will need maintenance or repair.
Now the question is, how can we protect data, and share it safely and securely? It is clear that with the development of the internet of things, people can have genuine concerns about the protection of personal data and privacy. At the same time, however, more and more people are increasingly willing to share data with service providers if it means that they can benefit from useful services. In Europe, we are fortunate that the EU has a tradition of strongly protecting our privacy. Last year, it adopted the General Data Protection Regulation, which is probably the most modern data protection law in the world. This law contains many provisions that protect consumers against undue processing of their personal data. Moreover, data protection is also one of the key pillars of the C-ITS Master Plan that was launched by the Commission at the end of November.
But I can imagine that you are now wondering: what has ACEA exactly been doing in the field data protection? It goes without saying that data protection is an issue automakers take very seriously; our industry is committed to providing customers with a high level of data protection to maintain their trust. Anticipating the entry into force of the new EU law, which will occur next year, in 2015 the automobile industry adopted a set of data protection principles in relation to connected vehicles. The bottom line of the auto industry’s data protection commitment is that personal data will be shared with third parties only on the basis of a contract, with the consent of the customer, or to comply with legal obligations.
However, the rise of the connected car is also increasingly linked to demands from third parties to access and use in-vehicle data. For auto makers, the big challenge is to find the best means of providing safe and secure access to this data for third parties. On the one hand, some parties are calling for direct access to data inside the vehicle. But this would facilitate hacker attacks, since every new external data interface increases the number of potential targets and entry points. Additional safety risks in terms of driver distraction could arise if external parties are granted uncontrolled access to the vehicle’s on-board systems, for example through apps or additional control units. A car is not a smartphone on wheels, nor is it a PC that can be rebooted if a problem occurs while driving. Cars require much higher standards in safety, security and privacy compared with smartphones or other consumer devices.
Vehicle manufacturers are fundamentally willing to share selected data, provided this occurs in a way that meets strict requirements for road and product safety, as well as data security, and does not undermine their liability. Over the last few months, automobile manufacturers have been working to define the best way to provide secure and safe access to vehicle data to interested third parties. The concept we have been working on will provide an alternative to direct in-vehicle access to data; this should minimise the risks I mentioned before. This would involve vehicle manufacturers communicating the relevant vehicle data in a secure manner to an off-board facility, from where third parties can access it.
In addition to an external server managed by the vehicle manufacturer, one or more neutral servers would also be installed, providing service providers with an alternative to the manufacturer’s server. These neutral servers would neither be operated nor financed by the manufacturers. This would provide an open, yet protected, interface for the provision of services by third parties, contributing to innovation and allowing for customer choice and fair and open competition.
To further elaborate on this concept, ACEA recently published a position paper on access to vehicle data for third-party services. This paper presents the views of the European automobile manufacturers as to how such data access can occur for third-party services in a manner that strikes a fair balance between the legitimate market-driven needs of service providers, the interests of consumers and the need to protect their personal data and privacy, as well as the protection of road safety, security and intellectual property rights.
The increasing ability of cars to exchange data with the outside world holds great potential to revolutionise the driving experience, but all this doesn’t come without challenges and there are plenty of risks that need to be properly addressed. To benefit from the connectivity revolution, a solid framework needs to be put in place to protect vehicle data and facilitate third-party access to data. ACEA is ready to engage in a constructive dialogue will all relevant players to explore the best way forward, I’m quite sure that our recent conference and position paper provide enough food for thought!
Secretary General of ACEA