Uncategorized

Autonomous vehicles and data ownership: drivers have rights too

(C) iStock.com/the-lightwriter

Autonomous vehicles and data ownership is a thorny issue.  We are facing the reality that authorities in key markets, like the US and UK, have ducked out of answering the key question of who should own the data these vehicles generate.  By 2020 Business Insider Intelligence estimates there will be 10 million vehicles with self-driving functionality, so we do not have long to come up with a solution that will satisfy vehicle owners and manufacturers.

The consequences if we fail are clear.

Autonomous transportation will see further erosion of the rights and privacy of consumers, in this case as drivers.  Yes, manufacturers could fall foul of ambiguous regulation, but more concerning should be that they will control a vast amount of data about our driving habits and where we go.

We have already seen how concentrating the control of social networks and search data in the hands of a few companies has led to a monopoly in areas such as digital advertising.  It does not bode well if we allow a small group of companies the same level of control over the data from autonomous vehicles.  Would it not be better to anonymize such personal information and give drivers control over access to it?

I am convinced this would offer consumers greater choice by encouraging more competition to challenge the established auto-manufacturers.  This has to be healthier for the future of autonomous vehicles.

So how big is the issue?

Intel suggested last year that just one million autonomous cars could generate the same data as three billion people.  That equates to one car generating 4,000GB of data based on just one hour of driving.  Obviously, manufacturers are very keen to have this data, because it will enable them to continuously improve the safety and performance of vehicles.  However, this is not its only use.

Knowing how a driver is acting on the road, where that individual is and matching it with a broader understanding of the customer will be a gold mine of valuable consumer data. Yet, this should sound alarm bells over who has the right to use, and indeed profit from, our data.

We have already seen that some in the automotive industry do not think the consumer should be considered the owner.

Tesla has shown repeatedly that it is prepared to use the data from its vehicles for its own purposes, sharing it publicly without the car owner’s permission to support its arguments.  The Guardian revealed this year that on numerous occasions Tesla was very happy to share crash data with the media to prove its technology was not responsible for incidents.  On none of these occasions was the driver consulted.  Indeed, the Guardian also pointed out it has built into its privacy policy the right to “transfer and disclose information, including personal and non-personally identifiable information….to protect the rights, property, safety, or security of the Services, Tesla, third parties, visitors to our Services, or the public, as determined by us in our sole discretion.”

This would not be such an issue if the regulatory framework afforded owners of autonomous vehicles the data protections they deserve.  The early indications are not promising.  The Self-Driving Act in the US and the eight principles of vehicle cybersecurity for connected and automated vehicles announced by the UK Department for Transport are open to interpretation.  They encourage self-regulation and voluntary commitments, which we all know are unlikely to succeed.  The European Commission is certainly talking about going further with its regulation.  

Under its e-Privacy Regulation it could force manufacturers to use a privacy-by-design approach to building cars.  Ultimately, this would mean data in cars is seen as “personal information,” which could draw massive fines if automotive companies lost it.

Of course, the industry is “very concerned” about this approach.  The Flourish Consortium, which includes insurers such as AXA, has publicly said it will affect the potential services that can be offered via autonomous vehicles.  Some insurers are discussing usage-based insurance, but this will require real-time access to data emerging from vehicles.

On the surface such services could be attractive if they manage down the costs consumers have to pay, but as we know from past experience vendors are more likely to exploit that data for commercial benefit, often at the expense of the consumer.

concentrating the control of social networks and search data in the hands of a few companies has led to a monopoly in areas such as digital advertising

How do we protect consumers’ rights?

There is no easy answer to this question, but I would argue we must take responsibility away from those who will gain most financially from accessing our data.  The most logical way to do that is to give consumers complete control of their data.  If a vehicle owner wants to avail of the latest offer from a local retail store, as he or she drives past, then they can grant access to their personal information.  Companies wanting to engage with vehicle owners should have to ask their permission to speak to them and the financial return, or value being offered, should be equitable for the owner.  Furthermore, giving the owner control of his or her data will reduce the likelihood of data being mis-used by an unscrupulous third party.

Time and again we see stories of cold-calling from litigation firms wanting to represent the victims of car accidents, who are able to operate, because they can glean sensitive personal information from insurance claims. This would not happen if consumers had greater control.

Technically, it is possible to return control to users.  The blockchain has become a topic of great interest in the automotive industry, particularly because of its ability to validate transactions and the identify of individuals.  Protecting data, though, is not its strong suit.  It can keep accurate records of data, but the blockchain does not store the data itself. Rather it stores the data somewhere else, which could potentially be vulnerable to attack.  If hackers can delete that information, or hold it to ransom, that could have grave consequences for the vehicle owner and/or the manufacturer.

We believe the most promising way forward is to use an autonomous data network, which runs self-driving cars independently of human interference, passing control of the cars’ data to the owner using encryption, ensuring manufacturers cannot access driver data without permission.  Furthermore, each vehicle on the network could be treated as a node sharing anonymized data from all of the vehicles interacting on the road.  This information could be broken up, encrypted, and stored across the network providing levels of security not possible with existing centralised networks.

Fundamentally we should not be relying on the regulators or the automotive industry to solve this critical issue.  The former will fudge the answer and leave it to the courts to settle on workable legislation.  The latter will struggle to weigh their commercial priorities against the needs of consumers. We need to present a radically different approach to protecting and using the data emerging from autonomous vehicles, and that does not involve humans.

Sarah Pentland - MaidsafeSarah is the Digital Marketer for MaidSafe, a Ayr based company focused on the creation of the world’s first autonomous data network. Having worked in various Marketing and Communications roles across the education and charity sector Sarah moved into the technology industry to pursue a passion for open source and future technologies.  Sarah has an MA from the University of Glasgow and MSc from the University of London SOAS.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

To Top

We are using cookies on our website

We use cookies to personalise content and ads, to provide social media features, and to analyse our traffic. Please confirm if you accept our tracking cookies. You are free to decline the tracking so you can continue to visit our website without any data sent to third-party services. All personal data can be deleted by visiting the Contact Us > Privacy Tools area of the website.