Data ownership and privacy are largely open questions. When a company collects data, several factors must be taken into consideration. In addition to the question of who owns the data that is being collected, these include who has access to the data, what the data is being used for, and who has control over how the data is used.
When it comes to the connected car, these questions are particularly significant because vehicles that are generating data often are used outside of work hours and work-related activities, meaning that people’s personal data are being collected.
Rather than simply asking who owns the data, industry participants should seek to understand who needs the data and how it is used to add value. In many jurisdictions, personal data are not subject to property rights in the traditional sense. To avoid confusion, it is necessary to differentiate between different kinds of data (such as personal, vehicle related, fleet related, and aggregated) and the context (consumer vs. commercial, for example). If ownership is defined as having the right to decide what happens to private data, then I believe that private individuals or the companies they work for have that right.
Who Has Access to the Data?
Individuals who generate this private data should have a right to know who has access to their private data. If someone’s vehicle is being tracking by their employer during their private time, then that individual should know who can see his or her private activity. Likewise, individuals and companies should know who at the telematics provider or anyone else who has access, directly or indirectly, to that data.
How Is the Data Being Used?
The company and the individual should know that their private data is protected. In addition, they also should know how their aggregate, or non-personal data, is being used. Many companies won’t do this, but I think that when people see the benefits to society in general through analyzing the shared data that there will be a better understanding of the importance of telematics in vehicles.
How the data are used is dictated by the company that implements an on-board diagnostics (OBD)-based telematics system, and the prevention of usage is negotiated between the company and the driver whose vehicle is being tracked. It is essential, however, that drivers have the right to request the deletion of their personal data, though ultimately this is a decision that is made by the company.
In the United States, a new legislative proposal would limit the collection of any data from a vehicle to instances in which the owner has given express consent. In this context, especially to the extent that it involves personal data, communication of the benefits of telematics-enabled fleet management will be crucial; the clearer that these benefits are articulated, the stronger the fleet industry’s position will be to advocate credibly for a fair and practical balance between privacy and data-enabled fleet management.
Benefits of the Connected Car
The types of data collected by the connected car range from speed driven, harsh braking, hard driving, seat belt usage, fuel consumption, vehicle faults, and factory voltage. The benefits of collecting this data include the following:
- Safety benefits: Ability to monitor surroundings, warn of impending collision, apply brakes, monitor speed, remind driver to slow down, monitor seat-belt use
- Environmental benefits: Prohibit idling, monitor vehicle emissions and performance, alert driver to existing or pending performance problems that can affect emissions, analyze driving habits to determine ways to limit mileage and emissions
- Business benefits: Track vehicle location, speed, monitor systems for preventative maintenance, compliance (rules such as number of hours worked, miles driven, etc.)
The data are accessible by the fleet owners, fleet managers, manufacturers and fleet repair personnel. The data are being used for safety, efficiency, and consumer protection while using company vehicles.
When it comes to data ownership, it is important to note that, in many jurisdictions, personal data are not subject to property rights in the traditional sense. For example, while an individual may (rightfully) think she “owns” her social security or passport number, these cannot be bought and sold. In a broader sense, however, the question of data ownership is often the wrong question. Asking who owns the data unnecessarily sets up an all-or-nothing paradigm that shuts out the opportunity for constructive, win-win solutions. The fact is that the same data can be used by different parties for different appropriate purposes. Rather than asking who owns the data, industry participants should seek to understand who needs the data, for what purpose, and how it is used to add value.
Upholding the rights of the individual is absolutely essential to any discussion of data security or privacy. To mitigate fears associated with data collection, these rights must be identified and accepted on a global scale. This includes readily providing information on the following:
- Who has access to my personal data?
- What will be done with my aggregate data (such as being sold, published, or made available in other ways)?
- Am I able to have my personal data deleted?
- How are you ensuring that my data is being held securely?
These rights also apply to the companies that implement OBD-based telematics systems, as they should have the ability to go to their telematics provider and readily receive information on the same points.
It’s important to note that different countries enforce varied levels of privacy. In Canada, for example, individuals must be made aware prior to tracking, but this is not a requirement in the United States.
Balancing Act: Trading Privacy for Benefits
Finding the right balance of risks and benefits in the data security/privacy discussion requires the ready participation of fleet owners/managers, fleet service providers, the aftermarket industry, vehicle manufacturers, and individuals. These groups must work together to address security and privacy concerns through open, multi-platform structures that provide transparency and do not impose rigid regulatory or data-access restrictions. From there, the appropriate balance can be struck and laid out as an industry mainstay.
To accomplish this, fleet owners/managers must work with telematics providers to educate regulators and vehicle manufacturers about the benefits of aftermarket telematics OBD port data – both to preserve current benefits and to promote future innovation.
Second, standards on OBD port safety and compatibility are continually evolving, and these standards must be set to ensure that sensible security standards are implemented to preserve access to OBD port data.
Third, as the recent Hours of Services regulations show, the legislative process is an important mechanism to protect safety and privacy in the connected car, without sacrificing the gains provided by OBD port functionality. Fleet management associations and other industry groups should work with aftermarket providers to engage in the legislative process and ensure that aftermarket telematics benefits are not sacrificed in the name of security or privacy.
Fourth, to address privacy concerns, aftermarket telematics stakeholders should develop a clear view of appropriate and acceptable uses of OBD data, as well as being proactive in taking steps to protect the security of that data. Healthy and proactive self-regulation plays an important role in protecting privacy, building credibility, and avoiding overreaching intervention by regulators or other stakeholders.
Fifth, rather than claiming mutually exclusive ownership of data, industry participants should seek approaches that allow use of data that create the greatest common benefit and are compatible with privacy rights and the underlying commercial value proposition that are being provided.
As discussion around handling of personal data continues to grow, companies should stay attuned to best practices as they are brought to light and empower individuals to ask questions, looking to the privacy rights previously outlined as guides. Communication is key as we move forward in the process, and keeping industry participants abreast of developments will help companies navigate the waters in handling personal data.
By implementing this approach, individuals will feel more assured, knowing who has access to their personal data, what is being done with aggregate data, how the data are be secured, and that they have the ability to have it deleted, should they so request. Transparency is crucial, with ongoing communication leading the way.
At this point in time, laying out a set of best practices is crucial for all parties, including fleet owners/managers, telematics providers, the aftermarket industry, vehicle manufacturers, and individuals. Over time, implementing a formal approach to the handling of personal data will be beneficial to both businesses and users, mitigating much of the concern that has been bubbling in the industry.
Neil Cawse is CEO of Geotab. Neil is an accomplished business leader, entrepreneur, and engineer who has been founding and running his own businesses since 1992. In 1998, Neil sold his software development company with over 100 engineers to Datatec. In 2000, Neil founded Geotab Inc., which is now the largest telematics company in the world, as measured by new vehicle subscriptions on a yearly basis. Geotab has been voted one of the 50 fastest growing tech companies in Canada and has been ranked in the top 200 in North America for the last four years. Neil is an engineer at heart, and this passion keeps him involved in the day-to-day engineering and design of Geotab’s systems. Neil believes that Geotab’s success stems from the company’s integrity, its forward-thinking ideals and, foremost, the customer receiving the right solution.
Subscribe to Data Informed for the latest information and news on big data and analytics for the enterprise.