As vehicles and their users become more digitally connected, private data will increasingly be used to generate new revenue streams, improve safety and make urban traffic flow more smoothly. But such data use raises a variety of privacy issues and, as was clear at last week’s SMMT Connected 2019 event, there are questions over whether data protection efforts can keep pace with the rate of technological change and ensure personal information is not misused.
SMMT Connected is a conference organised by the UK’s Society of Motor Manufacturers and Traders. The bi-annual event focuses on connected and autonomous vehicle technology.
Telematics data gathered from in-car sensors is helping carmakers and city authorities improve safety in urban areas, both for passenger and commercial vehicles. John Lippe, director of city engagement at Ford Mobility Europe, said a project the carmaker is undertaking with Transport for London (TfL) provides a good example. TfL is the local government body responsible for the transport system in the Greater London area.
Lippe explained that 160 Ford Transit vans equipped with telematics units were monitored for three months on London roads and a significant amount of data was gathered and analysed. That data was overlaid with TfL’s own data on road accident and fatalities.
“We found some close correlation with the way the vehicles were behaving and the historical data provided (by TfL),” said Lippe. “If we can correlate this we can use it as a predictive tool going forward and we believe that is a practical use of vehicle data.”
Michael Hurwitz, director of transport innovation at TfL, pointed out that the body had a Network Management Control Centre that covered 2,300 lighted traffic intersections. Information from traffic lights, combined with anonymised metadata from the vehicles, could greatly improve safely flowing traffic.
“It could show us that, at particular junctions there are antilock brakes being engaged more often, or this is where people are doing more severe movements on the steering wheel,” he said. “All of this is core data that connected vehicles will collect. That is really helpful if your role is to try and keep the network moving.”
TfL also has an arrangement with the Waze routing service to support its control centre, which Hurwitz described as “extremely productive”. If Waze registers a crash or accident, “it is quicker for us to see it via that application than via the emergency services,” he said.
Protecting personal data
However, the problem in the UK and many other countries is that wider adoption of data sharing relies on the willingness of the carmakers and other private stakeholders. TfL has no legal power to get in-car data from automakers or mobility service providers and many are reluctant to provide it, Hurwitz said.
Despite the ability to anonymise data, automakers are concerned about sharing telematics information from a personally owned vehicle. “We have to be very careful when we oblige people who are buying a new car to buy in to a system where they are not going to know what is being done with their data,” said Anne LeFrance, partner at partner at law firm Squire Patton Boggs and co-chair of its Data Privacy and Cyber Security Practice. “Obviously there will be legal issues but there will also be customer issues over testing the system.”
Peter Leavy, group head of connected car propositions at Vodafone Business, said that it was crucial to clearly say how the data was being used. That includes distinguishing between what data is essential for driver safety, what data is essential for the driver and their connectivity and what is for more commercial purposes, he said.
Jonathan Bamford, director of strategic policy at the Information Commissioners Office (ICO), the UK’s independent information rights body, pointed out that public confidence in information sharing had been shaken by controversies such as the Facebook/Cambridge Analytica data scandal.
That’s a challenge for many mobility companies that increasingly rely on the use of personal data for a variety of business models. “Our personal information has become the lifeblood of these companies and so it is up to us to work together and inspire public trust in how that information is used,” Bamford told the conference.
Bamford said it was important to identify the custodians of personal information. The consumer needs to understand exactly which organisations they are sharing information with and what exactly it is that those organisations are doing with their personal data, he said. That’s especially the case if consumers are using a multimodal transport platform involving any number of service providers.
The individual consumer needs to have some degree of control and those controls should be available from the outside, Bamford said. “I would say with concepts such as privacy by design, controls should be built in at the outset,” he said. “All you innovators should not be thinking of privacy last, you should be thinking of privacy first and building it in from first principles not as a bolt-on at the end of a process.”
Bamford reminded delegates that the EU’s General Data Protection Regulation 2016/679 (GDPR), which provides a legal framework for data use and privacy, included measures designed to hold companies accountable while also putting in place codes of conduct.
“If you want joined-up vehicles you need joined-up companies thinking about this,” said Bamford. “I’ve heard it said that personal data is the new oil so let’s not have an Exxon Valdez or Deepwater Horizon.”
By Marcus Williams