You just bought a new Tesla and dig the way it evolves over time via over-the-air updates? We hear you. There’s something appealing about waking up in the morning and finding out that your automobile has more features, more electric range or even better, more performance!
Tesla opened the door to the entire concept of a connected car, a trend the entire auto industry is only beginning to catch up on. Over-the-air updates aren’t just beneficial for the consumer, they’re also great for the carmaker, as it allows them to diagnose a vehicle with a lot more precision and quickly fix glitches on the go.
But the connected car is also a data-collecting object. Very much like your smartphone and your computer, the automobile of tomorrow will not only collect a ton of information from its software and hardware, but also about you and your passengers.
This opens the door to important ethical questions, like what kind of data is being collected, where it’s all going and how, as a consumer, you can make sure your information is secure. Intrigued by this new automotive reality, we decided to dig deeper to find out more on the matter.
What Is Automotive Data Collection Currently Being Used For?
As we’re writing this, big-name carmakers say they’re collecting all sorts of information about your automobile to improve its performance. Through over-the-air updates, the company that built your car, truck or SUV, can update your infotainment system so it stays in tune with new trends, add features, or even change the way your automatic transmission changes gears.
These updates go as far as retuning some of your vehicle’s electronic systems, like traction and stability control software, ABS, semi-autonomous driver assistance technology like adaptive cruise control, and automatic emergency braking. The beauty is that it’s all done overnight while you sleep. There’s no need to bring your car to the shop.
Furthermore, new automobiles now come equipped with cameras, radars, and sensors. These are used for a variety of different applications, either to assist the driver during parking manoeuvres, or simply help hitch a trailer to your pickup truck.
But these technologies also act as your car’s senses to collect data. In other words, whatever these cameras, radars and sensors see, the carmaker sees as well.
Ever notice the cabin camera located just over the rear-view mirror in a Tesla? The contents of that camera are accessible by Tesla at any moment, at any time. And it gets even creepier than that: each time you connect your smartphone to Android Auto or Apple CarPlay, the carmaker has access to the contents of your phone. This means that your contacts, your calls, your text messages, the apps you used and downloaded, as well as the websites you visited are all transmitted over-the-air.
For more information on the matter, we sat down with the CEO of a big-name carmaker that preferred to remain anonymous for privacy and legal reasons. This person, who didn’t want his company under the spotlight, explained to us that most if not all carmakers are currently collecting a ton of data from cameras, sensors, and over-the-air updates. The problem is that they are still unsure what to do with it.
What was meant by this statement is that carmakers are looking for ways to make these data collection practices ever more lucrative, either by selling the information to third parties, or by offering consumers subscription services based on personalized data collection.
Luckily for the consumer, they’re currently locked down by strict data protection laws. According to our contact, no carmaker is currently selling our data. At least, not yet. But talks have been made with insurance companies on the matter.
“I’d be lying if I told you that we haven’t spoken with insurance companies about how we can work together in this data collection reality, but we’re currently not doing anything with the data except improving our vehicles,” he told us.
“Would we want to do more with it? Heck yes! But there are so many ethical and legal headaches surrounding it all, that we just don’t know where to begin”.
How protected are we really?
What if your data was in fact being used by third party companies? How are you protected and what kind of rights do you have as a consumer? We reached to the Office of the Privacy Commissioner of Canada
(OPCC) for some insights on the matter.
According to Vito Pilieci, Senior Communications Advisor, the OPCC oversees compliance with the Privacy Act, the federal public sector privacy law, and the Personal Information Protection and Electronic Documents Act
(PIPEDA), Canada's federal private-sector privacy law which applies to data collection.
The PIPEDA generally sets outs a number of obligations
for organizations such as carmakers. For instance, carmakers who operate in Canada, like any other company that takes part in data collection, are responsible for the collection of personal information under their control. Personal information can only be used or disclosed for the purposes for which it was collected
; in this case improving your car’s performance.
That data must then only be kept as long as required to serve those purposes. All collected personal information must then be protected by appropriate security
But while the OPPC already has a set of protocols to oversee automotive data collection, it has already made two appearances before parliament to discuss privacy issues specifically related to connected cars and autonomous vehicles. In one of its hearings
, the OPPC set forth the concept that a connected automobile is much more complex than a connected phone or computer.
“Most of these data flows in the connected car are very complex and not transparent. Individuals are accustomed to simply getting in a car and driving and may have little awareness about how the data captured by a connected car may be used in the background, let alone the implications of those uses, or of any options available to limit, disable or otherwise control them,” explained Mr. Pilieci in an email to us.
The Slow Death of Franchised Car Dealerships
The connected car also opens the door to another rising phenomenon: centralized dealer networks. With so much data in circulation, carmakers need to arm themselves with data protection systems and strong encryption to prevent a breach from happening. As the auto industry pumps resources into more advanced in-car software and technology, it must, as explained by the OPPC, also take the responsibility to adequately safeguard all information that’s being collected.
A good way to go about it is by centralizing the dealership network in the same way Tesla has been doing it since its inception, or how Polestar, Volvo’s new upstart electric vehicle division, is also operating. According to our source, independent franchised dealerships are too risky in a world where sensitive data is being drained out of vehicles.
Tesla understood early on that by using a corporate selling model instead of franchises, it was able to get a better grasp on its vehicles and the data they collect. Each car is connected to a central source and so is each store selling and servicing the vehicles. The risks for data breaches are therefore considerably lower when using this method.
“I can tell you that we have already began speaking with our franchisees about a possibility of centralizing our operations, and they’re not happy about this proposition. The sad reality is that we, as well as all other carmakers, need to head down that route if you we wish to sell more connected cars,” said the auto CEO we spoke to.
How Do You Gain Access to Your Own Data?
The European Union is currently working on new legislations that will require automakers to offer consumers an easily accessible data downloading service. This means that like big tech companies (Google and Facebook) that allow you, the user, to obtain a copy of the information they’ve collected on your behalf, car companies will also need to offer a similar service.
“If you were to ask your carmaker tomorrow to give you back all the data they collected from you, they wouldn’t even know how to do it. Most mainstream carmakers are not ready for this.” – the CEO added during our interview.
Tesla currently offers this service via its website but restricts what kind of information they send back. That in-car camera for instance is restricted to Tesla, even if it’s your face being filmed in a car that you own.
As a consumer, it’s therefore important to properly grasp and comprehend the terms and conditions of your connected car and what it means to own one. More than ever, automakers will need to show utmost transparency related to their data-collection practices. As a Canadian citizen, you are protected under the Personal Information Protection and Electronic Documents Act
. This entitles you to have access to full transparency as to what kind of data is being collected and what it’s being used for. You also have the right to request a copy of that data at any time. Just make sure you’re properly informed before signing over