Vehicle Data: A Look at OEM Principles
July 16, 2020—The landscape of vehicle data, privacy and connectivity all move so quickly that the tantalizing products sometimes obscure the underlying regulation, which is still very much in infancy.
Industry players are seeking toeholds with regulatory agencies, assuming that the day will come when some rule or law puts stricter governance around the collection and dissemination of the massive amounts of data that vehicles produce (4 terabytes per day, by some estimates).
It’s important to take a look at the efforts of automakers, which lead the way in rolling out most of this tech to consumers. Though issues remain in the arenas of Right to Repair and the ethics of proprietary data, the OEMs have taken steps to lay the foundation for privacy guidelines. Here is a look at some of those recommendations.
The Alliance of Automobile Manufacturers has created a set of principles that the organization says should govern consumer information use in vehicles. Its members include Honda, BMW, Fiat Chrysler, Ford, General Motors, Hyundai, Toyota, Subaru, Nissan and other big names.
The Alliance says the principles were developed in 2014 and submitted to federal regulators. They were reviewed in 2018. The National Highway Traffic Safety Administration cites the principles on its website on vehicle cybersecurity.
According to the organization, the three foundational ideas are:
Provide customers with clear, meaningful information about the types of information collected and how it is used.
Provide ways for customers to manage their data.
Obtain affirmative consent before using geolocation, biometric, or driver behavior information for marketing and before sharing such information with unaffiliated third parties for their own use.
The principles developed by the Alliance aren’t mandatory for automakers to follow, but they provide a framework for OEMs to build their own rulebook.
“The principles provide an approach to customer privacy that members can choose to adopt when offering innovative vehicle technologies and services,” according to the Alliance document. “Each member has made an independent decision about whether to adopt the principles, and other companies may choose to adopt them as well.”
The principles are based around the ideas of transparency, choice, context, data minimization, security, integrity and accountability. It says that consumers should get proper notice about the kinds of information collected from a vehicle, how its used and who might have access.
One of the more clear rules within the principles covers consumer consent. According to the document, OEMs should get a car owner’s consent when using and sharing geolocation data, biometrics or driver information. Consent is also required for OEMs to share information with insurers, according to the Alliance.
There are exceptions, however, for OEMs to collect that data to protect safety, for “warranty purposes” and “for internal research and product development.”
Data ownership is where some of the more thorny issues come into play. Groups like the Auto Care Association decry what it views as an unfair playing field if OEMs have all the diagnostic data first and can forward it to dealer service centers.
On its website, the Alliance’s information on data ownership says, in part: “Technical data: Automakers reserve the right to use technical data that is stored in, and relates to the functioning of, the vehicle.”
Elsewhere on the site, it says that technical data on warranty or safety matters can be shared with authorized dealers.
The data ownership debate is still taking place. In this case, it’s around vehicle diagnostic data that might benefit repairers. But the Alliance’s framework touches on the broader issue of all consumer data, which will be the guiding topic for any broader legislation that comes through.
Follow ADAPT next week for a more in-depth look at how shops can protect consumer data and the laws the govern those practices.
In the meantime, see these articles on related data ownership topics: