Auto Industry Moving Steadily to Solve IoT Privacy Issues

By Chris Preimesberger  |  Posted 2015-06-17 Print this article Print

The auto industry is well on the path to establishing clear data privacy-versus-data sharing standards that could lead the way for other sectors.

MENLO PARK, Calif. -- As vehicles become increasingly dependent upon cloud services and loaded down with code, processors and devices, they're collecting scads of data about the cars, their drivers, their locations, and their driving habits.

As in the social-network business, this collecting and analyzing of transportation-related data is already a burgeoning, multi-billion dollar market for automakers, Internet service providers, insurance companies, and software makers.

Yet this also poses issues for users. Who actually owns this data, and for what purposes may it be used? Who is allowed to analyze and monetize it? Does the customer have final say on who can use what data? Not every app has an opt-in choice.

Will car diagnostics be made publicly available, so that when a driver that might need an oil change cruises by an Oil Changer shop, he gets an auto-notification on his smartphone? How much does that infringe on personal privacy? Your imagination can run wild here.

These are becoming more relevant questions all the time. It's not difficult to see that connected cars are upgrading the automobile market in the same way smartphones transformed the telecom world.

Ahead of the Curve at the Moment

To its credit, the auto industry has gotten a jump on these issues and is well on the path to establishing clear data privacy-versus-data sharing standards that could well lead the way for other sectors, such as health care, telecom and education -- to cite a few examples.

In 2013, there were approximately 23 million connected vehicles on the world's roads, according to IT industry researcher IHS. A connected car is defined as one equipped with Internet access that can include safety and weather alerts, connections to emergency services, and other notifications. Cloud-based apps enable owners to control their vehicle from anywhere, not to mention providing connection to geopositioning, defensive-driving and entertainment services.

IHS in a recent report predicted that 20 percent of vehicles sold globally this year will include some type of connectivity. It also projects the number of connected cars sold will increase to 152 million in five years.

Standards, naturally, are nowhere to be found at this early juncture, but the auto industry nonetheless appears to be making a conscious effort at an early start on establishing them. At the IoT Privacy Summit here at the Rosewood on June 17, hosted by IoT Web site security seal provider TRUSTe, speakers and panelists gave attendees an update on the automotive data privacy landscape.

TRUSTe provides a security certification seal to qualified Web sites, similar to the EPA's seal of approval for electric devices or the Good Housekeeping seal for a pie recipe. Clearinghouse for Privacy Information

Starting with, whose section deals specifically with these questions, the auto industry is making public its own conversations on the topic and offering expert perspectives.

Key types of data now being collected include diagnostics, geolocation information, biometric information, driver behavior information, and subscriber and registration information (for cloud services).

Biometrics aren't as commonly used as the others just yet, but they will be, said Tim Tobin of the law firm Hogan Lovells, which deals in data protection litigation, among other law types.

"It's coming that after you've been to a party and you've been drinking, for example, your car will be equipped with a breathalyzer that will automatically measure how much you've drunk, and won't let you start it up," Tobin said.

Additional connectivity in the future will be moving more data around to different places. For example, standards to come will require certain data to be transmitted automatically outside the vehicle (such as in crash notifications); in vehicle-to-vehicle (V2V) situations (so as to avoid collisions on the road), and in vehicle-to-infrastructure (V2I) scenarios on a 24/7 basis. Users won't have any control over these, but these rules are still years away, experts said at the summit.

Key Principles That Will Guide Standards

Key principles of the early standards being written and published by the coalition include:

*Creating a fundamental set of expectations for the collection, use, and sharing of vehicle data;

*Making certain that sensitive personal information (geolocation, biometrics, driver behavior, etc.) is subject to opt-in selection when data is to be used for marketing or shared with third parties for their own use, and

*Making sure that there are restrictions on disclosure of geolocational information to the government.

These "pre-standards" will go into a soft launch for the auto industry on Jan. 1, 2016. More information on this is to come soon.


Chris Preimesberger

Chris Preimesberger is Editor of Features & Analysis at eWEEK. Twitter: @editingwhiz


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel