Auto industry actively sharing vehicle data, putting consumer choice, safety and security first
In recent months various initiatives were launched that involve automobile manufacturers working together with governments and other businesses to facilitate data sharing. Indeed, Europe’s auto industry is committed to giving access to the data generated by the vehicles it produces. However, uncontrolled access to in-vehicle data poses major safety, (cyber) security, data protection and privacy threats. That is why any EU legislative framework should keep vehicles and their occupants safe and secure, while also guaranteeing that our sector can remain competitive and continue to innovate.
Message from ACEA’s Director General – March 2021
The European Commission’s data economy strategy, called Shaping Europe’s Digital Future, was launched about a year ago and continues to dominate the agenda here in Brussels. From our industry’s point of view, I can tell you that this strategy holds a great deal of potential for mobility in general and for Europe’s automobile manufacturers in particular.
The connected, and increasingly automated, vehicles that ACEA’s members build are becoming an integral part of Europe’s data economy. This also means that the many legislative initiatives the EU is taking in the digital policy field have a major impact on the Cooperative, Connected and Automated Mobility (CCAM) ecosystem our members operate in. Think for example of the Data Governance Act and the highly-anticipated Digital Services Act (DSA) that were launched just before Christmas, as well as the legislative proposal for an EU approach to artificial intelligence (AI) that will come out later this year.
The connected, and increasingly automated, vehicles that ACEA’s members build are becoming an integral part of Europe’s data economy.
On top of that, the Commission has also made clear its intention to legislate in-vehicle data access, with a proposal expected in the second half of 2021. At ACEA, we have carefully followed the ongoing debate and believe that any legislative initiative should be underpinned by the ‘better regulation’ principles and justified by a thorough impact assessment.
Indeed, the data market is relatively new for automobile manufacturers. Research by KPMG on automotive data sharing shows that the digital services and shared mobility markets were basically non-existent in 2015. But as we speak, this is becoming a highly competitive market in which European vehicle manufacturers not only actively compete with one another and non-European auto makers, but also with an increasing number of service providers.
These service providers include large international players and so-called ‘hyperscalers’, which are big tech companies that are dominating cloud computing technology and are expanding their data services into all kinds of markets, including mobility. That is why we believe that when the Commission conducts an impact assessment it also has to consider this fierce competition, especially with a view to preserving and fostering the innovative power and competitiveness of Europe’s automobile industry.
It is important to stress that vehicle manufactures are already sharing in-vehicle data. The reason for that is very simple: the customer is king. And data sharing increases comfort and convenience for customers, improves products and services, and contributes to achieving societal goals such as improving road safety, reducing fuel consumption and facilitating traffic management.
It is important to stress that vehicle manufactures are already sharing in-vehicle data. The reason for that is very simple: the customer is king.
This is also generating increasing demand from third-party service providers to access and use in-vehicle data. Of course, vehicle manufacturers are highly interested in third parties developing services for their customers, as this helps improve the in-vehicle experience.
The guiding principle here is that ACEA’s members are committed to making vehicle-generated data available for third-party services in a manner that ensures the protection of the user’s personal data, does not endanger the safety and (cyber) security of the vehicle and its occupants, and does not undermine the liability or intellectual property rights of the vehicle manufacturer.
And real-life examples across the automotive value chain show that this is perfectly possible. Think for example of data sharing for repair and maintenance purposes, tailor-made insurance coverage and mobility planning. Moreover, this is not limited to business-to-business services. Auto makers are also keen to share data with governments to serve the higher good. When it comes to road safety for example, manufacturers are already sharing data to protect vulnerable road users such as pedestrians and cyclists.
A great example in this respect is the Safety-Related Traffic Information (SRTI) initiative, which brings together automobile manufacturers, road traffic authorities, EU member states and service providers – all of whom have agreed to exchange safety-related data in order to make Europe’s roads safer.
Auto makers are also keen to explore new applications of in-vehicle data, because they know that being part of the European data economy is key to making sure the industry remains competitive and innovative. That is exactly why we believe that, if the Commission decides to regulate access to in-vehicle data, this should be limited to laying down the basic principles according to which data should be made available. The Commission should not prescribe the use of a specific technology.
If the Commission decides to regulate access to in-vehicle data, this should be limited to laying down the basic principles according to which data should be made available.
First of all, to ensure fair competition on the market, a key principle is that a level playing field must exist between vehicle manufacturers and third-party service providers that are active on the same market. To enable this, auto makers have already pledged to provide access to in-vehicle data and resources under non-discriminatory conditions.
This means that third parties are given access to the same vehicle-generated data that manufacturers use to offer their own connected services. Furthermore, third parties get access to the same functionalities, at the same time and to the same extent as the manufacturer, or to the manufacturer’s authorised dealers and repair shops, to provide connected services.
The second important principle that should guide the future framework for access to in-vehicle data is customer choice. Vehicle manufacturers already have a special responsibility towards their customers, especially when it comes to protecting their safety and security. Likewise, manufacturers now also need to provide transparency and preserve customer choice over what data is shared, with whom, and for what purpose. This is necessary to retain the trust of customers.
In-vehicle data sharing should therefore be based on clear terms and conditions ensuring that consumers know what data they share and with whom, in full compliance with privacy and data protection rules. We strongly believe that customers need to give permission to allow third-party access to data and that they should remain in control of data sharing at all times.
We strongly believe that customers need to give permission to allow third-party access to data and that they should remain in control of data sharing at all times.
It is also clear that, under EU law, the manufacturer is primarily responsible for the safety and security of the vehicle. As ACEA we believe it is not possible to ensure this if access to vehicle data is not combined with a suitable mechanism for controlling those who want access to in-vehicle data. Similarly, auto makers should never be restricted in their cybersecurity measures, nor be forced to create ‘back doors’ for unintended use that the vehicle is not designed for.
In fact, all the necessary, tried-and-tested safeguards for preserving the security and safety of a vehicle are already provided by the so-called ‘Extended Vehicle’ model for off-board data sharing, which is defined by ISO standards and represents the state-of-the-art in this field. Through neutral servers the Extended Vehicle also ensures that all relevant stakeholders have access to the same input at the same time, allowing them to compete on equal footing.
By contrast, we know that other stakeholders are demanding on-board access to all data, as well as the ability to install applications and run their own software in the vehicle. Such uncontrolled direct access would have major safety and security consequences. It would enable third parties to tamper with (safety) critical systems, as well as environmental systems controlling emissions for example.
Uncontrolled direct access would have major safety and security consequences. It would enable third parties to tamper with (safety) critical systems, as well as environmental systems controlling emissions for example.
Speaking on behalf of ACEA and our member companies, I am convinced any future EU framework for access to in-vehicle data should not constrain innovation and competitiveness. Instead, it should lay down basic principles in key areas to safeguard fair and non-discriminatory access, technology neutrality, customer choice and – above all – people’s safety and security.
The Commission should follow these principles, as they ensure that all providers of services for connected vehicles are equipped with the same tools and have access to the same input. This will allow them to compete fairly and continue to innovate in a way that will increase consumer choice, strengthen the European data economy, and benefit Europe’s society at large.
Director General of ACEA