ACEA weighs in on connected car data guidelines
15 May 2020
15 May 2020
The European Automobile Manufacturers’ Association (ACEA) has welcomed new guidelines drafted by the European Data Protection Board (EDPB) on personal data and connected vehicles.
However, the association is concerned that the connected car data guidelines are presently too broad in scope and should not be rushed through.
′The automobile industry is committed to providing its customers with a high level of personal data protection,’ said Eric-Mark Huitema, ACEA director general. ′That is why it is so crucial that these guidelines are made more robust. Indeed, they need to provide authorities across the EU with a good and common understanding of how data protection rules should apply in the field of connected vehicles.’
Data generators
In their 21-page document outlining the automotive industry’s comments on the EDPB guidelines, one of ACEA’s biggest worries was how connectivity was framed in relation to vehicles. Connectivity normally implies that vehicles communicate with the outside world, with data transmitting from one device to another. But the EDPB’s guidelines go beyond this, also covering communications within a vehicle.
ACEA believes this does not make sense and is not consistent with national guidance in several member states, such as France and Germany. The association would like it to be made clear that the manufacturer becomes the data ′controller’ or ′processor’, only from the moment the data leaves the vehicle.
The EDPB’s understanding of what constitutes personal data is too extensive and does not accurately reflect how vehicles are used, ACEA claims. ′Motor vehicles are different from other products like smartphones in that they have multiple users and therefore multiple potential data subjects’, Huitema said. ′Whether vehicle data can be considered personal data should be assessed in the context of data processing, considering the impact on the data subject in each case.’
Some data subjects, like passengers or pedestrians seen by outward-facing cameras, are not identifiable for vehicle manufactures, the association argues. At the same time, some data relating to average fuel consumption or speed, for example, is technical and not related to a data subject, therefore not impacting privacy.
Data preservation
This means that subjects should not have the right to delete all vehicle data, ACEA argues contrary to what the EDPB implies. The association identifies the need to preserve data relating to components or the health status of the vehicle, as it is needed to ensure compliance with product safety and liability laws, as well as being used to carry out repair maintenance and periodic technical inspections.
The draft guidelines assess data processing in connected vehicles based on the ePrivacy directive. However, ACEA point out this directive is about to be replaced with a new ePrivacy regulation. This could risk the new guidelines quickly becoming outdated, causing confusion. This has led to the association calling on EDPB to postpone the publication of the guidelines until the content of the new regulations are known.
′We think the quality and accuracy of the guidelines are more important than the speed with which they are adopted,’ said Huitema. ′Our industry stands ready to work with the EDPB to achieve pragmatic and workable guidance that can strengthen customer trust in new connectivity technologies.’
Data-rich vehicles
The development of increasingly connected vehicles brings with it the promise of more intelligent transport. Fuel consumption and emissions could be dealt a blow as cars communicate traffic build-up with each other and the surrounding infrastructure. Manufacturers could gain greater insight into how their vehicles are driven, allowing them to consider the impact of different driving styles and journey types.
However, as with every other aspect of people’s digital lives, there are concerns and complications over the use of said data. Fears of hackers intruding on car connectivity or personal information being used irresponsibly will need to be balanced alongside the need for data processing. Both consumers and manufacturers require established connected car data guidelines to help combat fears like these. The challenge, as always, is balancing these regulations to both protect consumer privacy and allow the continued development of connected technology.