Who Owns Your Car Generated Data?

By January 20, 2015 March 17th, 2018 Automotive, Telematics

All cars manufactured beginning January, 1996 are equipped with sensor networks and computerized control systems to comply with the U.S. EPA’s OBD-II standard. An increasing number of today’s cars have built in GPS-based navigation, streaming music devices and advanced active safety features, and more cars rolling off the production lines are equipped with a wireless connectivity that transmits some of this information to automakers’ services such as GM’s OnStar and Mercedes Benz’s mBrace.

Combining and analyzing the various bits of information from different vehicle systems can yield rich information from driving habits and frequently visited locations to the occupants’ taste in music; modern airbag control systems can even sense if the person at the passenger seat is a child or an adult.

It should come as no surprise then that many companies, from insurance companies to advertisers and content providers, are interested in this information and are trying to convince automakers to share the data collected by connected cars. Many technology and services upstarts are also looking for novel ways to capitalize on this information, some by analyzing and selling it back to consumers and OEMs.

Who Owns Car Generated Data?

The position of the National Highway Transportation Authority (NHTSA) in regards to who owns the data generated by a car, whether retrieved from the car’s “black box”, or its electronic data recorder (EDR), or streamed to the OEM, is quite straightforward:

“Ownership of the EDR and EDR data is a matter of State law, and such provisions vary considerably. NHTSA considers the owner of the vehicle to be the owner of the data collected from an EDR. NHTSA will always ask permission from the owner of a vehicle before downloading any information for use in government databases.”

Of course, there may some further discussions when considering fleet cars or a car loaned to a family member.

Fifteen states have enacted statutes relating to event data recorders and privacy. These states provide that data collected from a motor vehicle event data recorder may only be downloaded with the consent of the vehicle owner or policyholder, with certain exceptions. You can review the data privacy provisions in state statutes in the National Conference of State Legislatures (NCSL)’s report.

Connected Car Services on the Cheap

Of course, automakers are in control of the storage and transmission of vehicle data and are actively using this data to provide telematic services. But while OEMs are building proprietary and closed systems, the aftermarket has been more diligent.

In recent years, a plethora of consumer-grade plug-in OBD II modules appeared in the market from companies like AutomaticZubieMetroMilePlex Devices and Dash. In essence, you plug one of these devices into the car’s OBD II port, and connect it, either wirelessly or via Bluetooth, to your cell phone and, voilà, a connected car with no help from the OEM, thank you very much.

The better known example of non-OEM service using vehicle data is usage based insurance (UBI), now offered by a handful of insurance companies, where saving benefits appear to trump concerns over privacy.

Automakers and Politicians Take a Stance

While consumers may forgo privacy in order to cut insurance costs, OEMs are fighting for what they perceive as their right and duty to safeguard data, even from car owners.

At last year’s Consumer Electronics Show in Las Vegas, Jim Farley, then head of Ford’s marketing said: “We know everyone who breaks the law. We know exactly when you do it because we have a GPS sensor in your car.” Notwithstanding the uproar this statement had caused that led Ford to issue a retraction, Farley did add: “By the way, we don’t supply that data to anyone.” Later, Ford clarified that the company did not track anyone without their permission.

More recently, Ian Robertson, BMW’s chief of sales and marketing, was quoted by the Financial Times at the North American International Auto Show (NAIAS): “There’s plenty of people out there saying ‘give us all the data you’ve got and we can tell you what we can do with it’ adding that this included “Silicon Valley” companies, as well as advertising groups. And we’re saying: ‘No thank you’.”

Over in Europe, Google is pushing Android Auto: an android based in-vehicle infotainment (IVI) system. Working with the Open Automotive Alliance and presumably ready to be deployed by nearly 50 OEMs, Google caught the attention of both OEMs and German politicians.

According to Bloomberg, Audi’s Chief Executive Officer Rupert Stadler said: “The data that we collect is our data and not Google’s data. When it gets close to our operating system, it’s hands off.” This sentiment was echoed in comments from Volkswagen’s CEO Martin Winterkorn and Daimler’s CEO Dieter Zetsche.

Bloomberg also quoted Joachim Pfeiffer, a spokesman for Merkel’s parliamentary bloc on economic and energy policy: “We mustn’t under any circumstances let our development become dependent on companies like Google.”

Connected Car Predictions for 2015 and Beyond

Connected car technologies questions concerning security, privacy and data use rights will continue to top of mind for OEMs, suppliers and service providers, as well as legislators and politicians in the years to come. Stay tuned to the next blog post for an overview and commentary on the state of connected cars and in-vehicle infotainment systems technologies, business ecosystem trends, and how they will shape over the next 12-24 months.