Who Will Control Data Sharing In Web-Connected Vehicles?

When a driver takes delivery of a new car, the relationship with the manufacturer is only getting started. Not only might that consumer return to the dealership for repairs, but that consumer, perhaps unknowingly, is serving as a rolling laboratory for the vehicle maker. That’s because data generated by the car flows to the manufacturer, which accumulates the information and analyzes it, using those findings to improve future models.

That data-based relationship between company and consumer offers business opportunities for technology firms. A recent example of that comes from Otonomo, which is based in California and has launched a “Consent Management Hub” that, according to the company in a press release, “provides an efficient way for connected car drivers to take control of the sharing of their personal automotive data.”

The Product

In general, the product is designed to simplify the driver opt-in process for data sharing with OEMs, and to give vehicle owners a fuller picture of the data being shared with companies, with an interest in learning more about driving habits.

“Data security and privacy are among the most critical drivers or inhibitors in the next generation of mobility services,” said Sarwant Singh, senior partner at Frost & Sullivan. “Automotive OEMs and mobility service providers know how important it is to be responsible data stewards and earn consumers’ trust.”

According to automotive industry observers, nearly every new vehicle that is bought or leased is, by default, programmed to share data with manufacturers. Vehicle owners must consent to the data sharing, but they often give their permission unknowingly when signing lengthy or multiple documents at the time of purchase — when consumers are often eager to take the keys and drive off the lot.

Automotive data sharing promises to become as much a part of daily consumer life as, say, crafting personalized online ads based on browsing and eCommerce habits. For now, automotive data-sharing does seem to focus on improving safety and vehicle performance, with no solid evidence of that information being used for advertising or product recommendations.

Data Growth To Come

However, the mountain of data gathered from driving habits will certainly grow significantly in the coming years. Some 78 million existing vehicles are already connected to the web, according to an estimate from ABI Research. By 2021, 98 percent of all new vehicles sold in the United States and Europe will have web connections. The software in those vehicles — the source of all that data — also continues to get more complex, which only increases the available well of information.

“The first space shuttle contained 500,000 lines of software code, but compare that to Ford’s projection that by 2020 their vehicles will contain 100 million lines of code,” said Lisa Joy Rosner, CMO of Otonomo.

A look at recent news related to the advancement of self-driving vehicle technology shows how vehicles are becoming as much about the software as the hardware. A deal announced last week that involves Microsoft, Intel and SoftBank, along with a mapping startup called Mapbox, could lead to better navigational capabilities for cars and trucks in the near future. One of the products from Mapbox, for instance, “lets either a mobile phone or a car’s computer see the road as the car drives, picking out things like lanes or speed-limit signs,” according to Reuters.

A Security Risk

The data flow from connected cars might serve to make vehicles safer and more efficient, or eventually enable better marketing, but all those web connections present juicy opportunities for criminals, according to Phil Yannella, an attorney at Ballard Spahr who focuses on privacy and data security, in a blog and podcast earlier this year.

“The development of autonomous driving vehicles will likely increase the risk of hacking,” he said. “These cars will have multiple connection points. There will be connections between the Computer Area Network, which is kind of the brains of the car, as well as its component parts — its brakes, the drive train, etc. There will be connections between the car and the manufacturer. There will be connections between the car and other autonomous vehicles on the road, as well as any wired public infrastructure.”

So far, he said, 20 states have passed laws related to self-driving vehicles. But “most of these laws implement fairly ministerial changes, like making it clear under state law that autonomous driving vehicles are permissible on state roads, provided that vehicles comply with other state laws,” he said, adding that “detailed work” on data security and privacy for vehicles will have to take place the federal level.