Data ownership

Cybersecurity and the risk factor

Philip Nothard, Insight and Strategy Director, Cox Automotive:

“Collaboration will be key to the success of connected automotive. Manufacturers, their customers, dealers, retailers, agents, fleets, suppliers and more will need to come together to create mutually beneficial commercial opportunities – which strike the right balance between privacy and convenience.”

What is happening to your data?

When discussing connectivity and mobility solutions, it is impossible not to consider questions around who owns and can use the vast quantities of data generated. There are tangible cybersecurity risks as vehicles become more akin to computers on wheels, with hackers increasingly looking to exploit loopholes in software and code. No one wants to be trapped in a vehicle which is seemingly driving itself into a potentially hazardous situation, however much it makes for a good storyline in a film or TV series.

UN Regulation No.155, which entered into force in January 2021, sets out guidelines to ensure cybersecurity in vehicles. Manufacturers have been encouraged to explore possible risk factors and loopholes generated by human error as well as back-end servers, update procedures, the interface between software and hardware, communication channels and the data/code transfer process. There is a balance to be struck between locking down all of the systems in the vehicle and providing secure access to the Cloud.

China’s Ministry of Industry and Information Technology has recently called on the automotive sector to improve data control and cybersecurity measures. However, it isn’t just the vehicles which need to be reinforced. Interoperable charging infrastructure could become vulnerable to attack, rendering large numbers of electric vehicles unable to operate in geographic territories. With sufficient charge points affected, this could also impact national grids and cause power outages. This is an extreme and unlikely example, but a possibility which needs to be addressed through robust risk management.

"With all of these different types of mobility solution, there is a wealth of untapped driver data which is resting in between different organisations. It is logical to argue that manufacturers and breakdown companies might need access to driver and vehicle information to support predictive maintenance and improve safety. Perhaps not quite so easy to argue why the manufacturer would need to know what music people listen to while driving or which routes are the most popular! Although that data certainly has commercial value."

Sebastian Fuchs, Managing Director Manheim and RMS Automotive Continental Europe

Keeping your data secure

Drivers may rightly be concerned about what data is being collected about them, their vehicle, and their habits while they are in possession of the car or van, but what happens when it passes to a new owner or user? In an era of increased mobility, with vehicles potentially changing hands more frequently, it is important that personally identifiable information is not passed on along with the car keys – or, indeed, the apps now replacing them.

Infotainment and telematics systems, ADAS and OTA updates; all these connection points are collecting and storing data. As convenience benefits like in-car payments and dashboard service bookings become more commonplace, the information which could be passed on to third parties creates even more potential vulnerabilities. It would be easy to determine a driver’s daily habits, bank account information and more if someone wanted to fraudulently take on their identity.

For organisations in the wholesale sector, those running subscription and shared mobility schemes, and the businesses currently collecting data on driverless vehicle trials, there is a clear emphasis on designing with security in mind. Between drivers, data must be wiped. This could be as simple as clearing the sat nav history, saved home location and mobile phone connection. However, the reality is the data being collected goes much deeper. It may take specialist organisations to ensure that a vehicle has been completely purged in between users.

"The General Data Protection Regulation (GDPR), introduced in 2018, put greater responsibility on companies to keep their customer’s data safe or risk hefty financial penalties. This is a particular problem in the used car market, where some vehicles have changed hands multiple times. Any company hoping to retail a vehicle therefore opens themselves up to a multitude of data breaches and penalties if proper procedures aren’t followed.

“For those looking to sell used vehicles through auctions, remarketing companies can help. For example, Manheim’s DataCleanse service ensures that all personal information and data is wiped from the vehicle and redacted from any documentation before it is sold at auction. Shockingly, before the launch of the DataCleanse service in 2019, we found that 51% cars audited prior to auction had data breaches, including sat-nav history, phone data and invoices with personal information, highlighting the importance of services like this."

Liam Quegan, Managing Director, Manheim Auction Services

Maintenance, breakdown and the aftermarket

While concerns exist over vehicle vulnerabilities and personally identifiable information, there are strong arguments for increasing connectivity and data sharing when it comes to predictive maintenance, proactively managing breakdown scenarios, and supporting servicing in the aftermarket. From minimising downtime to increasing convenience, preventing accidents and improving safety, the data being collected by vehicles offers plenty of opportunities to create smoother driver and user experiences, as well as supporting revenue streams at different stages of the automotive lifecycle.

Beyond the hardware, there are also significant applications being developed by third party suppliers within the industry to support the driver experience – all while collecting large volumes of behavioural data. It is perfectly possible that operators could use the data collected to build up a picture of traffic patterns to support city planners or highlight recurring faults with vehicle makes or models to inform manufacturers. Tracking retail preferences could support advertising, while looking at where and when people charge could determine where local authorities should invest in new infrastructure. The potential is huge, but with Big Data comes big responsibility.

"Effective use of data and technology can fundamentally change the way in which organisations are able to embrace the developing mobility agenda. Fleets, rental and lease companies, dealers, manufacturers, and new mobility businesses all need powerful back-office systems to manage their internal processes successfully and to provide services to their clients in the best possible way. That demand will only increase over the coming years."

Frederik De Witte, Co-founder of FleetMaster