So when Jim Farley, VP of Marketing and Sales at Ford said at CES 2014 “We know everyone who breaks the law, we know when you’re doing it – we have GPS in our cars, so we know what you’re doing” – was there a collective intake of breath? Did the penny drop that, thanks to connected car technologies, Big Brother’s ability to watch has been massively improved?
Certainly, Ford Motor Co. was sufficiently concerned about the impact of the statement that it sought to mitigate it with a “we do not track our customers in their cars without their approval or their consent.” Nevertheless, other car manufacturers are talking about contracts to assign ownership of connected car data back to them, yet others make a thing out of the fact that they won’t own the data. But even then, maybe ownership isn’t the problem, maybe it’s the processing of it that is the real issue. After all, connected car isn’t just about making our lives easier, but about new marketing channels for corporations wanting to sell us more stuff. To do that they want to know more about us.
Currently, there are few legal standards for what information a vehicle can collect, how it can be used and by whom. Different car manufacturers have different policies and increasing access to open platforms means that we will have to understand the privacy policies of each app developer before we sign up for some connected car services.
Even if we are happy with the data privacy policies of each link in the connected car chain, information transmitted over the internet ends up on servers, making it a potential target for authorities, lawyers and hackers. Jay Stanley, a senior policy analyst for the American Civil Liberties Union said “as soon as the data starts flowing to outside parties, whether app developers or (wireless) carriers, I start to get nervous. It raises the prospect that control over individuals by police, by insurance companies, by whoever, might become more finely grained than we have now.”
A report issued recently by the (US) Government Accountability Office found that of 10 car manufacturers surveyed, all collected and shared location data of customers. The report went on to say that the reasons the car manufacturers gave to customers for collecting the data were so “broadly worded” that they would “potentially allow for unlimited data collection and use.”
In the US this debate over data privacy seems to be further ahead than elsewhere in Europe. US transportation secretary, Anthony Foxx said that the government would be looking at privacy issues, whilst the automobile association, AAA called for a consumer bill of rights with regard to connected car data. Meanwhile the Jim Farley admission at CES 2014 prompted a letter from Senator Al Franklin to clarify just how Ford collected its data and what it does with it.
Can we afford to be more relaxed in Europe? Are the regulations over data collection and use actually that different? Well, at the North American International Auto Show recently, Germany’s three luxury car manufacturers all acknowledged that that the industry’s moves to connect the car did make it easier for manufacturers to access data about customers. But, representatives from BMW, Mercedes and Audi all said that they do no accumulate, store or sell data about their customer’s movements. Andreas Renschler, global head of Daimler AG’s Mercedes-Benz luxury brand said in an interview that the company is sensitive to privacy concerns, because in Germany there are legal constraints on how companies harvest data from consumers and the drivers must “know and accept” data collection. But that doesn’t really get round all the possible data hand-off points as cars become more and more connected. How will we know and accept data collection at all collection points and what if there are circumstances when the authorities “need to know” overrules your desire for data privacy?
However this plays out, many of us will sign up to the connected car without really thinking about what data is being collected, by whom and for what purpose. After all there is always the “well I have got nothing to hide” stance – until of course, you do. But the main thing about all of this is, of course, it is not just a connected car issue – it is a connected everything issue. There is already so much more data out there about us all and none of us know really what is happening to it.
Two thoughts to ponder:
- the data privacy “chain” is only as strong as its weakest link. If we, somewhere along the chain, agreed to a whole bunch of “permissions” (did you read Apple iTunes Terms recently?), it matters very little if somewhere up or downstream of that link we said “yes” or “no” to a privacy or permission question;
- there are still many players in the “connected car” chain (or eco-system if you prefer) who think they could act as privacy guardians, or ”own” the data, or perhaps just “manage” its custody. Old style thinking. These players also get quite possessive about working with others who might feel they also have a claim to the data. I know it’s not an easy one, but this won’t work. The maturity and pragmatic co-existence on this issue in the smartphone/device connected eco-system is a few years ahead of the automotive industry. Here we learnt that without such pragmatic co-existence, innovation is suffocated. Last time I counted, I had over 100 End User License Agreements and Subscriptions and payment debits and marketing permissions on my smartphone alone. And most of these agreements extend well beyond that device. No doubt though: this technology and eco-system is driving massively the volume, variety, availability of data and its potential for intrusiveness .
Do I think that data custody battles will really hold up the birth of genuinely connected cars? No. It’s only a matter of time before the “privacy” landscape in the car (for better or worse) resembles that of the landscape outside the car, in your palm or on your desk.