Out-Law News | 16 Jan 2015 | 10:21 am | 2 min. read
Ian Robertson, BMW head of sales and marketing, said BMW had so far resisted requests to share connected car data with those businesses, according to a report by the Financial Times.
'Connected cars' is a general term used to refer to vehicles that allow information to be transmitted and received, often involving use of SIM cards and public communication networks, to enable a range of services in respect of the vehicle and its users. Examples include, an automatic lock/unlock feature, car operating status monitoring and access to 'infotainment' services.
Data such as that which outlines how long a car engine has been running for, matched with location data, could allow advertisers to promote outlets such as restaurants that are near to where cars and their occupants are, according to one example of potential data use cited by Robertson.
Munich-based technology law expert Stephan Appt of Pinsent Masons, the law firm behind Out-Law.com, said that BMW's approach to sharing data is in line with the cautious nature of privacy rules in Europe. However, he said it highlights the different standards on privacy that exist between the EU and US regarding connected car data sharing.
In November last year, two major US-based automotive industry bodies agreed new ‘privacy principles’ for connected car data. The principles set out conditions on the disclosure of personal data to third parties, including marketers. Appt warned at the time that the principles "may fall short of what European data protection authorities would be able to accept".
Last month, a European Commission survey found that 51% of consumers in the EU would be willing to have a connected vehicle, while 38% said their acceptance would be subject to data anonymity or the ability to opt in to data connection services.
Appt said at the time that the survey had highlighted that there are "mixed feelings about car connectivity" and that "privacy concerns" could be the underlying reason behind them.
Appt said that connected car manufacturers and other stakeholders in the automotive industry need to "promote privacy", not just to avoid potential challenges from data protection authorities, but because it is important to do so "rom a business case perspective". He said it is becoming "increasingly important" for connected car makers to win consumers' trust.
"This can be achieved by demonstrating transparency and establishing by design adequate technical and organisational measures to avoid data breaches, which are of course concepts that are already requirements from a legal perspective," Appt said.
BMW said it has put IT security measures in place to prevent unauthorised access to data relating to the running of its cars, according to the Financial Times report.
"In the future, supervisory authorities are expected to increasingly pay special attention to vehicle IT, including investigating whether the scope for attacks could be reduced by suitable encryption or program code signatures, hacking tests as well as the practical implementation of principles of data protection law such as data economy, privacy by design and privacy by default," Appt said.