Autonomous vehicles and data ownership is a thorny issue. We are facing the reality that authorities in key markets, like the US and UK, have ducked out of answering the key question of who should own the data these vehicles generate. By 2020 Business Insider Intelligence estimates there will be 10 million vehicles with self-driving functionality, so we do not have long to come up with a solution that will satisfy vehicle owners and manufacturers.
The consequences if we fail are clear.
Autonomous transportation will see further erosion of the rights and privacy of consumers, in this case as drivers. Yes, manufacturers could fall foul of ambiguous regulation, but more concerning should be that they will control a vast amount of data about our driving habits and where we go.
We have already seen how concentrating the control of social networks and search data in the hands of a few companies has led to a monopoly in areas such as digital advertising. It does not bode well if we allow a small group of companies the same level of control over the data from autonomous vehicles. Would it not be better to anonymize such personal information and give drivers control over access to it?
I am convinced this would offer consumers greater choice by encouraging more competition to challenge the established auto-manufacturers. This has to be healthier for the future of autonomous vehicles.
Intel suggested last year that just one million autonomous cars could generate the same data as three billion people. That equates to one car generating 4,000GB of data based on just one hour of driving. Obviously, manufacturers are very keen to have this data, because it will enable them to continuously improve the safety and performance of vehicles. However, this is not its only use.
Knowing how a driver is acting on the road, where that individual is and matching it with a broader understanding of the customer will be a gold mine of valuable consumer data. Yet, this should sound alarm bells over who has the right to use, and indeed profit from, our data.
We have already seen that some in the automotive industry do not think the consumer should be considered the owner.
This would not be such an issue if the regulatory framework afforded owners of autonomous vehicles the data protections they deserve. The early indications are not promising. The Self-Driving Act in the US and the eight principles of vehicle cybersecurity for connected and automated vehicles announced by the UK Department for Transport are open to interpretation. They encourage self-regulation and voluntary commitments, which we all know are unlikely to succeed. The European Commission is certainly talking about going further with its regulation.
Under its e-Privacy Regulation it could force manufacturers to use a privacy-by-design approach to building cars. Ultimately, this would mean data in cars is seen as “personal information,” which could draw massive fines if automotive companies lost it.
Of course, the industry is “very concerned” about this approach. The Flourish Consortium, which includes insurers such as AXA, has publicly said it will affect the potential services that can be offered via autonomous vehicles. Some insurers are discussing usage-based insurance, but this will require real-time access to data emerging from vehicles.
On the surface such services could be attractive if they manage down the costs consumers have to pay, but as we know from past experience vendors are more likely to exploit that data for commercial benefit, often at the expense of the consumer.
concentrating the control of social networks and search data in the hands of a few companies has led to a monopoly in areas such as digital advertising
There is no easy answer to this question, but I would argue we must take responsibility away from those who will gain most financially from accessing our data. The most logical way to do that is to give consumers complete control of their data. If a vehicle owner wants to avail of the latest offer from a local retail store, as he or she drives past, then they can grant access to their personal information. Companies wanting to engage with vehicle owners should have to ask their permission to speak to them and the financial return, or value being offered, should be equitable for the owner. Furthermore, giving the owner control of his or her data will reduce the likelihood of data being mis-used by an unscrupulous third party.
Time and again we see stories of cold-calling from litigation firms wanting to represent the victims of car accidents, who are able to operate, because they can glean sensitive personal information from insurance claims. This would not happen if consumers had greater control.
Technically, it is possible to return control to users. The blockchain has become a topic of great interest in the automotive industry, particularly because of its ability to validate transactions and the identify of individuals. Protecting data, though, is not its strong suit. It can keep accurate records of data, but the blockchain does not store the data itself. Rather it stores the data somewhere else, which could potentially be vulnerable to attack. If hackers can delete that information, or hold it to ransom, that could have grave consequences for the vehicle owner and/or the manufacturer.
We believe the most promising way forward is to use an autonomous data network, which runs self-driving cars independently of human interference, passing control of the cars’ data to the owner using encryption, ensuring manufacturers cannot access driver data without permission. Furthermore, each vehicle on the network could be treated as a node sharing anonymized data from all of the vehicles interacting on the road. This information could be broken up, encrypted, and stored across the network providing levels of security not possible with existing centralised networks.
Fundamentally we should not be relying on the regulators or the automotive industry to solve this critical issue. The former will fudge the answer and leave it to the courts to settle on workable legislation. The latter will struggle to weigh their commercial priorities against the needs of consumers. We need to present a radically different approach to protecting and using the data emerging from autonomous vehicles, and that does not involve humans.