Data ownership

Philip Nothard, Insight and Strategy Director, Cox Automotive:

“Collaboration will be key to the success of connected automotive. Manufacturers, their customers, dealers, retailers, agents, fleets, suppliers and more will need to come together to create mutually beneficial commercial opportunities – which strike the right balance between privacy and convenience.”

When discussing connectivity and mobility solutions, it is impossible not to consider questions around who owns and can use the vast quantities of data generated. There are tangible cybersecurity risks as vehicles become more akin to computers on wheels, with hackers increasingly looking to exploit loopholes in software and code. No one wants to be trapped in a vehicle which is seemingly driving itself into a potentially hazardous situation, however much it makes for a good storyline in a film or TV series.

UN Regulation No.155, which entered into force in January 2021, sets out guidelines to ensure cybersecurity in vehicles. Manufacturers have been encouraged to explore possible risk factors and loopholes generated by human error as well as back-end servers, update procedures, the interface between software and hardware, communication channels and the data/code transfer process. There is a balance to be struck between locking down all of the systems in the vehicle and providing secure access to the Cloud.

China’s Ministry of Industry and Information Technology has recently called on the automotive sector to improve data control and cybersecurity measures. However, it isn’t just the vehicles which need to be reinforced. Interoperable charging infrastructure could become vulnerable to attack, rendering large numbers of electric vehicles unable to operate in geographic territories. With sufficient charge points affected, this could also impact national grids and cause power outages. This is an extreme and unlikely example, but a possibility which needs to be addressed through robust risk management.

Drivers may rightly be concerned about what data is being collected about them, their vehicle, and their habits while they are in possession of the car or van, but what happens when it passes to a new owner or user? In an era of increased mobility, with vehicles potentially changing hands more frequently, it is important that personally identifiable information is not passed on along with the car keys – or, indeed, the apps now replacing them.

Infotainment and telematics systems, ADAS and OTA updates; all these connection points are collecting and storing data. As convenience benefits like in-car payments and dashboard service bookings become more commonplace, the information which could be passed on to third parties creates even more potential vulnerabilities. It would be easy to determine a driver’s daily habits, bank account information and more if someone wanted to fraudulently take on their identity.

For organisations in the wholesale sector, those running subscription and shared mobility schemes, and the businesses currently collecting data on driverless vehicle trials, there is a clear emphasis on designing with security in mind. Between drivers, data must be wiped. This could be as simple as clearing the sat nav history, saved home location and mobile phone connection. However, the reality is the data being collected goes much deeper. It may take specialist organisations to ensure that a vehicle has been completely purged in between users.

While concerns exist over vehicle vulnerabilities and personally identifiable information, there are strong arguments for increasing connectivity and data sharing when it comes to predictive maintenance, proactively managing breakdown scenarios, and supporting servicing in the aftermarket. From minimising downtime to increasing convenience, preventing accidents and improving safety, the data being collected by vehicles offers plenty of opportunities to create smoother driver and user experiences, as well as supporting revenue streams at different stages of the automotive lifecycle.

Beyond the hardware, there are also significant applications being developed by third party suppliers within the industry to support the driver experience – all while collecting large volumes of behavioural data. It is perfectly possible that operators could use the data collected to build up a picture of traffic patterns to support city planners or highlight recurring faults with vehicle makes or models to inform manufacturers. Tracking retail preferences could support advertising, while looking at where and when people charge could determine where local authorities should invest in new infrastructure. The potential is huge, but with Big Data comes big responsibility.