The EU is regulating data shared between connected cars, and why that’s a good thing

Cars are the new smartphones. As pieces of tech, they have the power to collect immense amounts of data about everything from road features – like surfaces, gradients and signposts – to how they’re driven, by who and even what music is played on journeys. That data comes with an immense value, understandably, everyone wants a slice.

The EU predicts that the amount of data generated by connected devices will rise from 33 zettabytes in 2018 to 175 zettabytes in 2025. For some kind of context, hard drive manufacturer Seagate says one zettabyte is enough storage for 30 billion 4K movies, 60 billion video games, or 7.5 trillion MP3s.

It’s a lot of data, and an intense battle over it is developing. Carmakers and a collection of insurers, leasing companies and vehicle repair companies are at odds over who should have access to the data generated by drivers and their vehicles, as Nick Carey writes for Reuters. The European Union is trying to regulate the situation, but it’s not coming without challenge.

Ioanna Lykiardopolou from TNW’s SHIFT summarizes the situation well: automakers are serving as “gatekeepers of data access and have been resisting specific regulations for in-vehicle data”. Their reasoning largely boils down to protecting consumers – their consumers.

That’s not to say carmakers don’t want to share data, though. They’re just being very conservative with the freedom afforded to those who want to get their hands on the data and how they go about it.

The European Automobile Manufacturers' Association (ACEA) told Reuters: "Europe's auto industry is committed to giving access to the data generated by the vehicles it produces. However, uncontrolled access to in-vehicle data poses major safety, (cyber) security, data protection and privacy threats." Indeed, if vehicle data was more freely shared, these issues would certainly be at the front of our minds.

On the surface, this sounds quite reasonable, and as drivers, we should appreciate that the companies who make our vehicles are being cautious with who can get their hands on the data generated. But what about the industries of products and services that sit adjacent to carmakers, like leasing firms, repair shops and car sharing services that are also important when it comes to owning a car?

Those types of company appear to be taking issue with the automotive world’s protective nature. Naturally, car manufacturers have free access to the data vehicles generate, but repair shops, for instance, are getting “breadcrumbs”. Or worse, facing steep financial hurdles as carmakers put high premiums on data access. This is before we consider what kind of control drivers themselves should have over the data generated in their vehicles.

We’ve seen this kind of thing before in the car industry: when vehicles went from being mostly mechanical to featuring many high-tech electronics, it became easy for manufacturers to lock down access to control units and diagnostics systems. Third-party repair shops were given access, but only if they paid for specialist hardware and software to read error codes and diagnose faults. They were at the mercy of the carmaker.

If the current data situation goes unmarked, the same thing could end up happening. Carmakers could control all the data that originates with their vehicles, only granting access to it for a price or in proprietary formats that aren’t easy to work with. Those that can’t afford it, or have the scale to afford it, like independent repair shops, risk going out of business. This leaves consumers with little choice of where, when and how they get their vehicle repaired. So, while consumers are protected, they pay a price in another way.

The European Union’s answer

Judging by Reuters’ report, it seems the automotive industry could already be heading down that familiar path. Insurance companies and leasing firms, more critical of the car industry’s grip on data, say that they simply won’t be able to function unless they can access key parts of vehicle data.

Indeed, if that does become the case, it’s not just a debate over data access. The conversation then turns to one of fairness and competition. Essentially, if carmakers do place such controls over data, it may lead to monopolies of power and lay the groundwork for an anti-competitive market, which won’t end well for small businesses or consumers alike.

The European Union isn’t going to let this situation play out on its own though. The EU is currently in the process of devising the remit of its Data Act, which will “ensure fairness in the digital environment, stimulate a competitive data market, open opportunities for data-driven innovation and make data more accessible for all”.

The EU’s announcement on its Data Act, likens data to “a streetlight or a scenic view” something that many people can access at the same time, and can be consumed over and over without impacting quality or risking supply. With that perspective, it seems the EU is intent on pushing data as a common good. Something everyone should have access to, assuming they can do something useful with it.

It’s worth noting that the EU also expects its new rules to help generate €270 billion in GDP by 2028. Of course, that will only happen if data can freely, and safely, move from its source to a place where it can create value.

Sometimes that generated value will come from carmakers, but in many other instances it will be with other companies, like insurance firms, repair shops, governments, town planners, tech startups, vehicle app developers and beyond. There’s also the possibility that access to vehicle data will build entirely new industries too. We should do everything we can to ensure data can be shared.

The intention is that the Data Act will lead to new and innovative services and more competitive marketing for aftersales services and repairs of connected devices. It will also give consumers access to their data, and say over it’s used, which is a factor that appears to be overlooked by the organizations embroiled in this discussion. While data may originate in vehicles, it’s ultimately a person’s data that is being mined, and they certainly should deserve a say in how it’s used — much like in GDPR regulations.

The Data Act also seeks to rebalance the negotiation power of small to medium businesses. In other words, it should prevent large carmakers from having all the power and control over data. In theory, this keeps the market competitive and open to all. If you want to read the full breakdown of the Data Act, click here.

The start of a complex problem

Thankfully, the EU’s Data Act is looking to serve the masses and prevent an anti-competitive market from developing, which is surely a good thing. What’s more, it seems that the regulations will prevent us from having to retrofit a solution further down the line, as we’ve had to with GDPR. With this more upfront approach, we should get a handle on data before any companies are able to monopolize it. However, there are a few things that the automotive industry and its adjacent businesses will need to figure out.

They’ll need to consider privacy, that’s the big one. Industry players will need to build systems for data collection and sharing that don’t compromise individual privacy, but also don’t inhibit data sharing. For drivers, it’s likely that their choice of in-vehicle provider will become increasingly relevant when they look to make purchase decisions based on who best protects their privacy as a car owner.

Cassandra Moons, TomTom’s data protection officer, said previously, "There are two ways for a company to approach the tightening of privacy regulations. On one side of the spectrum is the ‘tick-the-box’ approach. On the opposite side is privacy by design”. Privacy needs to be front and center, not an afterthought.

What’s more, industry players will also need to consider how to share and store data and how to collaborate with it. It’s not simply a case of giving everyone passwords to the same database. APIs will need to be carefully thought out, as will data formats, so that everyone from repair shops to tech startups that want to reimagine car sharing have access.

Ultimately, we’ll only realize the EU’s goal of generating €270 billion in additional GDP if we’re able to collaborate openly and freely. After all, we are stronger collectively than as individuals.