Data privacy in the era of the connected car

In a world that is becoming increasingly connected, the way tech companies approach privacy can either earn or lose their customers’ trust. Learn how TomTom approaches privacy in and out of the connected car.

Europe’s most influential privacy regulators are already concerned about the impact that connected cars will have on users’ private information. As cars increasingly become connected and automation is turning into reality, data privacy needs to be at the center of decision making.

As every industry is beginning to face scrutiny over how they gather and use customer data, businesses must find a balance between user privacy and the need for data to improve products and services. No consumer wants to have their data used or sold without their explicit informed consent.

In response to the increased connected capabilities of consumer goods, regulators have introduced massive privacy laws such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) to protect user data.

Reactive or proactive privacy policies

There are two ways for a company to approach the tightening of privacy regulations. On one side of the spectrum is the “tick the box” approach. On the opposite side is privacy-by-design.

In the first method, companies that need to meet new and demanding privacy laws treat regulations in a way that resembles a “tick-the-box” exercise. For example, they would ask if there is a data inventory in place and would check if the privacy terms and conditions are updated. Using this technique, companies approach privacy reactively and only consider privacy details after a product launch. This not only puts the business at risk for not complying with regulations but also can lead to losing valuable customer trust.

“

"There are two ways for a company to approach the tightening of privacy regulations. On one side of the spectrum is the ‘tick-the-box’ approach. On the opposite side is privacy by design."

Cassandra Moons

Sr. Privacy Legal Counsel and Data Protection Officer, TomTom

At TomTom, we prefer the latter approach. For us, privacy has always been at the core of what we do. We have always understood that data privacy was – and is – important to our customers and have built our products around strict privacy standards.

By taking this approach, it means that we integrate privacy considerations into the design, engineering and infrastructure of TomTom’s connected services. Using data in an ethical manner starts from the product’s conception. By performing privacy impact assessments (PIA), we assess the privacy risks throughout the development of a product or service and use this to decide what data we truly need to gather to protect our users.

Every day, over 600 million drivers in 81 countries use TomTom’s connected navigation.

New data ecosystems

At TomTom, it is important that we not only meet the ever-changing data privacy regulations but also maintain consumer trust throughout the whole process. To achieve this, we first need to understand what is involved in the complex data ecosystems emerging around connected cars so we can always be transparent with our customers.

What type of data do connected cars collect?

Let’s take a closer look at where connected vehicles generate huge amounts of data. We can identify four different data pillars:

• Vehicle (technical) performance data: Generated by monitoring resources that provide valuable information about the fuel consumption, mileage, oil level, engine temperature, emission and traction, serving to optimize the operation of the car

• Driver data: This is information about the driver’s behavior. For example, the interior cameras checking whether someone falls asleep behind the steering wheel and waking the driver up with a warning signal, sensors measuring driving behavior for safety purposes, the driver’s personal infotainment settings, voice-controlled features or active input to improve in-vehicle location technology (“here’s a speed camera”, “here’s a road closure”)

• Location data: Real-time or saved information about destinations

• Surrounding data: Generated by monitoring the car environment via sensors and cameras to collect information about road surface, curvature, gradient, traffic signs, measuring distance and speed of other cars and intercommunication between autonomous driving vehicles to sync speed

Put together, this amounts to an impressive quantity of information that can tell someone where a driver goes and how they behave in the car. Harvard professor Shoshana Zuboff, who has researched the different dimensions of data collection, explains how these dimensions feed privacy intrusion through the increasing lack of individual control and transparency. This study can be applied to the ecosystem of connected cars.

The different levels of collecting connected car data

There are multiple levels on which car data can be collected. These are:

• Hard data: Personal details which people deliberately submit such as when a driver creates a user account when setting up the in-vehicle navigation unit or sharing location data with permission

• Driver digital traces: Metadata such as distances, vehicle model, device configuration and monitoring, selected buttons, infotainment session times

• Behavior surplus: The combination of information from the other dimensions to predict a driver’s personal preferences or emotional state via deep learning models which outcome can be traded for profits

Ascending levels of automation

Just as there are levels to achieve autonomy, there are also levels to achieve full connectivity in cars. The higher the connectivity level, the more complex privacy challenges become:

• General hardware connectivity: The driver is able to track basic vehicle usage and monitor technical status

• Individual connectivity: The driver uses a personal profile to access digital services via external digital ecosystems and platforms

• Preference-based personalization: All occupants enjoy personalized controls, own infotainment content and target contextual advertising

• Multimodal live dialogue: All occupants interact live with the vehicle and receive proactive recommendations on services and functions

• Virtual chauffeur: All occupants’ explicit and unstated needs are fulfilled by cognitive AI that predicts complex, unprogrammed tasks

Use cases involving connected car data can have completely different outcomes when the three different aspects of data dimensions, pillars and user experience level blend together.

How private is our private information?

The complexities and dimensions of data collection from connected services highlight that it is becoming increasingly difficult for consumers to understand how companies are using their personal information. If data were to fall in the wrong hands, this could have a troubling impact on someone’s privacy.

To illustrate this further, let’s take a look at just some of the different ways companies use personal data in the specific use case of collecting information about someone’s braking and acceleration behavior. For the purpose of this exercise, let’s assume that the car’s privacy notice only referred to using the data for safety purposes and vehicle performance.

Imagine an insurance company going beyond this point by using this data to offer users who drive safely and take care of the environment different premiums via personalized connectivity. Or a tech company that could go even further and use this data to build profiles about someone’s mental state. Companies could even sell this “behavior surplus” to predict stressed drivers’ origins and destinations. This information could be sold to third parties for multiple data stack location-based advertising via multimodal live connectivity.

How do we treat data privacy at TomTom?

At TomTom, data privacy is extremely important to our overall vision of creating a safer and more efficient driving experience. Taking a privacy-by-design approach means not only complying with GDPR, but having the ultimate goal of being ethical.

One example is the fact that TomTom customers first need to give their informed consent for the collection of location data, which is then de-identified by disconnecting the link between the customer and their GPS trace.

TomTom products also collect limited categories of personal data so that our privacy statements are always easy to read. Through de-identifying data and always requiring informed and clear consent, we have built a culture that balances the need for data with maintaining customer privacy.

We do not need to know who you are, we only want to put data directly back into making our products and services safer and more efficient. We will never make customer data available to third parties for commercial uses. We are innovators, not advertisers.

Our promise to you

With TomTom, you are safer – on the road and online.

We don’t sell your information. We don’t identify our users. We rely on de-identified location data to make better products that help get you where you’re going, safely and comfortably.