While the degree of connectedness varies, “connected cars” have become the norm today. At its core, “connected car” technology means the car is connected to the Internet, usually through a wireless local area network. From here, the connection can be used for entertainment, navigation, car maintenance, e-commerce and shopping, insurance discounts, emergency assistance and communications. The potential is nearly limitless.
Connections, however, collect data, and where the connected car industry goes, so does the awareness of data privacy. The Cambridge Analytica fiasco has awoken the American public to how valuable their data is and how it can potentially be misused. After all, it’s no longer about the information consumers are voluntarily giving up: many new cars today feature cameras, microphones and other sensors that could be used to track movements and driving behavior and even listen in on personal conversations (which is already proving to be a conspiracy headache for Amazon’s Alexa and Google’s Home).
“Many new cars and trucks are equipped with multiple cameras (usually external-facing) and dozens of sensors that measure everything from roadway markings to GPS coordinates to whether the driver’s hands are on the wheel,” wrote Consumer Reports’ Jeff Plungis.
In downloading and launching new apps, whether on the smartphone or via the car’s telematics system, customers may not realize they’re giving permission for companies and their business partners to track and trade the information. (Who really reads all that tiny text before hitting the “I Agree” button?) Many new cars – most notably those sold by BMW, General Motors, Nissan, Tesla, and Toyota – are actively gathering information for the benefit of carmakers and their partners. So this begs the question…who owns that data?
One thing is for certain: it’s valuable. A two-year-old report from McKinsey projected that the value of connected car data could reach $1.5 trillion (yes, that’s “trillion” with a “t”) by the year 2030, and even represent a primary revenue source for carmakers. Other parties are shuffling for a piece of the action, including wireless and cable companies, auto dealerships, connected system hardware and software creators, payment platforms and even gas stations. And then there are players like Apple and Google, who inevitably find a prominent place at the table when it comes to trading information. After all, selling data is a very high-profit-margin business, unlike selling cars.
But many consumers are wondering how the data will be used…or misused. According to Alexander Soley writing for RT Insights, most of the data collected today belongs to carmakers.
“In the current landscape, most of the drivers’ vehicles’ data are owned by the car manufacturers (OEMs) in the United States and Europe, not the vehicles’ owners,” he wrote.
Given the value of the information, it will inevitably be traded and sold, and much of it is personally identifiable, which concerns privacy advocates.
“The average vehicle contains a great deal of personally identifiable information (PII) such as home addresses, phone numbers, and in some cases biometric data such as fingerprints; locations and routes; the condition of the vehicles over time, and in some cases information from applications saved on to the vehicle itself,” wrote Soley. “While there are no clear metrics as to how much the data are worth, they are worth enough for the OEMs to insist on owning the data.”
This leads to some questions, including: Can OEMs share the data with insurance companies or law enforcement? How protected is the data from hackers? Do drivers have any control over their data? (And if they did, could they sell it, given how valuable it is?) Are the companies making the sensors for the carmakers keeping copies of the data? Is it different when you rent, lease or own the car? What information is the car gathering from phones, and who sees it? Will privacy regulations change the current landscape? (The EU is putting a new General Data Protection Regulation (GDPR) rule into effect this month that will give drivers more control over what data is shared, how often, and with whom.)
In the U.S., few efforts have been made to restrict or control connected car data (though it has generally been established that drivers own the information contained in the car’s event data recorder, or “black box”). Thus far, most major automakers in the U.S. have pledged to adhere to voluntary guidelines about providing clear notice to drivers about what kind of data is being collected and who has access to it. Privacy advocates, however, say the issue is too complex to expect drivers to become stewards of their own data, and the notice isn’t always “clear.”
“Consumers shouldn’t have to read every detail of a complicated contract when they’re being pressured to complete a sale, or to dig through their 500-page owner’s manual, or search the Web for privacy information they don’t even know may be there,” David Friedman, director of cars and product policy and analysis at Consumers Union, told Consumer Reports’ Jeff Plungis. “It’s unfair to expect consumers to constantly play defense.”
Then there’s the evidence that data protection safeguards in place today may not be robust enough. Late last year, ZDNet reported that Privacy International conducted a test in which they rented a series of connected cars from car rental and sharing firms and discovered that information about previous drivers was collected and retained in the vehicles’ infotainment systems. The cars’ systems also revealed locations previous drivers had travelled to and were able to identify wireless devices that had been connected to the car in the past.
As more anecdotes about Orwellian and troubling connected car practices emerge (and yes, “cartapping” is already very much a thing in law enforcement), consumers may become increasingly wary about how their private data is shared and sold. It’s not very far-fetched to imagine that the Federal Trade Commission (FTC) may be compelled to carve some connected car data privacy rules into stone in the future if consumer complaints and concerns reach a critical volume. (It would make a terrific campaign promise to court the votes of the privacy-minded.) This may change the landscape for the connected car industry and the $1.5 trillion it promises.
Whoever controls the lion’s share of connected car data may need to convince the public in the future that the goal is to improve the customer experience, not make a pile of cash from selling the data to the highest bidder. To do so effectively, however, the promises need to be true.
