Car makers want your data - here's why you should give it to them

Volkswagen now asks its customers to choose from four levels of data privacy

Motorists can speed up autonomy and contribute to road-mapping by waiving their privacy rights

How private are you on a scale of one to four? That seems like a random question, but it’s one the Volkswagen Group is posing to owners signing up to the We Connect app-based feature it’s now rolling out across its range.

Think carefully about your answer, because it determines both what happens to your data and how many features to which you’re given access. If you’re very private, you could be locked out of even what we now think of as basic features.

All new cars sold across the European Union since 2018 by law must be connected in order for them to be able to automatically contact emergency services in the event of a crash. So, with an embedded SIM card now mandatory, manufacturers are eagerly exploring what else they can do with this wireless connection to your car.

“E-call has been the main driver for us to get the car connected. Now it is, we see many opportunities from this perspective,” said Luigi Ksawery Luca, director of mobility and connected car at Toyota Europe.

Depending on the company, those opportunities range from sending automatic map updates or harvesting data on the car’s health through to radical upgrades that can unlock autonomous features.

Car makers face a dilemma, though. They want to access that valuable data, but they also need to follow the EU’s strict General Data Protection Regulation (GDPR), which also forms part of the UK’s Data Protection Act 2018. Hence Volkswagen’s questions.

The German company’s four levels are Maximum Privacy (which even deactivates e-call until the event of a crash), No Location, Use Location and Share Location. On that final level, “all mobile services are activated” and those services are listed using your location – for example, Amazon Alexa, live electric vehicle charging locations, live traffic information and voice control (which works far better when linked to ‘the cloud’).

“A trade-off makes the most sense,” said Brian Rhodes, associate manager for connected car at analyst firm IHS Markit. “They say ‘here’s the value in exchange for X, but I’m not going to give the value if you don’t want to give me X’.”

Volkswagen’s four-tier system is directly the result of GDPR, believes Rhodes. “It’s incredibly important they get it right, because there are significant ramifications if there’s a breach,” he said. “There are teeth to GDPR: the penalty is significant.”

The risk of your data leaking is becoming greater, however, because it’s no longer always held by just the car company. “It’s a cost issue. If you have your own servers with a lot of data, you need to maintain that,” said Mike Peters, head of connected car at infotainment specialist Harman.

Many car makers, including the Volkswagen Group, use Amazon Web Services, which is by far the biggest player in this field. Even data from advanced driving systems (ADAS) isn’t ring-fenced the way it once was.

“Your system and algorithms are getting better if you have a better scale of data, so it’s best not to protect it, because you need tons of it,” said Peters.

Once data leaves the digital confines of a car company, it can stray. For example, a cybersecurity company last year discovered a terabyte of unsecured data from Ford held by a third party on Amazon’s cloud computing servers.

However, restricting or siloing data simply isn’t an option any more; not only is it useful for making better cars in future, but it could also be key to boosting income at a time when profits are being stretched like never before.

Take the example of mapping road networks. “When I was at [radar tech firm] Navtech, they paid well in excess of a billion dollars to generate the original map data,” said Andrew Poliak, now chief technology officer of automotive for Panasonic North America. “Now cars have high-resolution cameras and lane-precise GPS, you can suddenly map the 3D world for autonomous applications a lot better, just from your customers. All they have to do is tick a box saying ‘will you share with us data coming off the vehicle?’.”

However, manufacturers are realising that this consent is becoming more and more valuable. “You need to provide some value back,” said Poliak.

If we’re happy with the trade-off and press the ‘share location’ consent button, what then happens to that data? Amazon reckons it has an answer in the Quantum Ledger Database, an unchangeable way of recording our consent level even as our data gets sold, possibly dozens of times.

We need to be more vigilant when we sell our cars, too. The advice of the UK’s National Cyber Security Centre is to treat a car as you would a phone and wipe all the data from it. That would protect against known cases where the first owner can continue to use an app to unlock the car and track journeys even after it’s sold, simply because the car hasn’t been delinked from the app.

As the potential consequences of data misuse continue to grow, the amount of consent we give may become one of the most powerful tools we as customers have.

*Nick Gibbs*

*READ MORE*

*Under the skin: how 5G data networks will revolutionise vehicle tech *

*Behind the scenes at the BTCC's mobile technical centre *

*Seat tech boss: it’s ‘possible’ to stop cars speeding for good*