Connected Car – data protection is no optional extra

In Germany, hardly a day goes by without passenger cars providing at least one news report. Sadly, the headlines are dominated by negative topics such as emissions scandals, bans on diesel vehicles, and air pollution, rather than by exciting, forward-looking mobility scenarios. Electric cars, autonomous driving, or air taxis – the mobility of the future holds a lot in store for us. The disruptive power of digitalization is very visible and comprehensible in this industry, perhaps more than in any other.

A look at the CES, the world's largest consumer electronics trade fair – where all the major automakers and OEMs come together every January to present the latest trends in networked vehicles, autonomous driving, and new mobility services – shows that cars are increasingly developing in the direction of rolling computers.

Today, the networked car is already a reality, as the example of eCall shows. eCall is the automatic emergency call system that has been mandatory in Germany for all new cars since 2018. After an accident, it automatically establishes a connection to the nearest rescue control center and requests help. The information transmitted to the rescuers includes the time of the accident, the vehicle identification number (VIN), the location of the vehicle, its direction of travel and, if seat belts are worn, the number of occupants. The automatic emergency call uses mobile radio and satellite positioning, as well as data collected by the vehicle. But this is only the beginning. In the future, many more sensors and cameras will be installed to collect gigantic amounts of data and enable networking and, ultimately, autonomous driving. Greater security is one of the most important arguments in favor of networked, automated cars, but it is precisely this networking that poses a considerable challenge for modern vehicles in terms of compliance with legal data protection requirements. The data the car collects is private information, such as my usual routes – where I go shopping, for example – or details about my driving style, which in turn allows conclusions to be drawn about my mood. This opens up completely new, fantastic opportunities for digital business ideas. For example, I can be automatically guided around a traffic jam on my way to a business appointment and at the same time receive suggestions for dinner or lunch in a restaurant along the selected route. Or I get a favorable offer for a car wash nearby, matching a gap in my appointment calendar.

The examples show only a few of the numerous possibilities for using position data. There are many other opportunities: think of providers of emergency call systems, payment systems, charging stations, insurance companies, and many more. However, this places high demands on data protection. Clear rules regarding principles such as transparency, purpose limitation, and data minimization are stiplulated by the EU General Data Protection Regulation (EU-GDPR).

So, the challenge for companies is to strike a balance between compliance with these requirements and the ability to continue to gain knowledge, and ultimately benefits, from customer data. Automakers and OEMs have to answer key questions such as:

  • How can we easily give customers information about their data?
  • How do we obtain their consent?
  • How can we take existing (or non-existing) consents into account in all processes?
  • How do we have to adapt our IT infrastructure?
  • What new processes do we need, and how can these be defined and implemented?
As experts in Customer Data and Consent Management, we aim to bridge the gap between IT, Legal & Data Protection and other specialist areas. We help large OEMs and SMEs continue to operate successfully within the applicable legal requirements – now and in the future.