Balancing Data Protection With UX is Carmakers’ Big Challenge

Philip Oakley

---

15th July 2019

In the age of both data collection and tightening privacy regulations, automakers need to make sure they are responsibly collecting only the data they need.

Darren Mann, vice-president of global operations at telematics specialist Airbiquity told TU-Automotive: “A car can generate in excess of 20mb of data a day, with a considerable amount of that being personal data, such as location.” This is where automakers need to be careful. Location data is often sensitive to people, many of whom worry about being tracked by our electronics, and now, our cars.

Now, the European Union’s GDPR mean anyone in Europe has access to their data and the right to revoke it at any time. This means that automakers cannot hold the data they collect for longer than necessary, and EU citizens have the right to know how the company is using said data. Citizens also have the right to revoke access to it if they’re not happy with how it’s being used.

However, carmakers want to improve the driving experience for customers by, for example, knowing where a customer drives to frequently, the car could predict there will be traffic on the road owing to an earlier accident, or know conditions will be icy on that route because of the weather forecast. The drawback is that this data can also be used incorrectly; an automaker could use it to target ads to specific customers on the infotainment system, or on their phone, which is often connected wirelessly to the vehicle’s computer. The data could also mean customer profiling could predict which car a customer would be likely to buy based on their driving style, distance, previous purchases, and other variables.

Also, insurance providers could use data to decrease insurance rates and premiums to customers. “Anonymized collision data could be made available to insurance companies and used to reduce premiums, and since it’s anonymized it’s exempt from GDPR as it’s not personally identifiable,” said Mann. “An example could be based on specific vehicle models statistically being safe; the anonymized data elements sent to the insurance company would prevent them from being able to specifically identify any data subject.”

While the data can be used in various ways, it’s important this data is protected at all costs. The best way for automakers to protect this data, Mann said, is to “encrypt it, meaning attackers would need access to the decryption software in order to use the data or sell it on”. Although attackers can still try random keys, this is “dependent on the algorithm used and the length of the key, so encryption is likely to deter most attackers,” Mann told us.

Another condition of GDPR is that companies must not hold data longer than necessary; once an automaker has finished with location data from millions of vehicles, for example, it needs to destroy it. “Every day longer than necessary increases the risk of it being obtained by attackers,” Mann said. “If they do lose the data or it is obtained by hackers, trust in that automaker decreases dramatically, impacting sales.”

Data is also impacting on current ADAS systems, said Mann, technology which will depend increasingly on OTA updates to keep up with changes in infrastructure, traffic conditions and prevailing weather. However, Mann warned: “It’s incredibly important for manufacturers to deliver OTA updates that are safe and tested, lest they get caught in costly software liability claims.”