Why companies should consider compliance, Zero Trust and the implementation of the GDPR together and what advantages a combined approach brings.
The U.S. Federal Communications Commission (FCC) has voted to overturn Net Neutrality.
The decision gives internet service providers (ISPs) and telecom companies the right to prioritize services according to customers’ ability to pay and to sell customer data to third parties. One industry likely to feel the effect of this is the automotive sector.
Connected cars depend on consistent data transmission. It's estimated that by 2021 over 380 million connected cars will be on the road, more than double the number now. Today, the motor manufacturing industry is still in the very early stages of figuring out how to make money from connected car data.
The relaxing of Net Neutrality rules makes it likely that auto manufacturers will team up with telcos and ISPs to offer customers a range of data-based services. Ultimately, this could be even more profitable than actual vehicle sales.
One of the biggest challenges for motor manufacturers will be to convince customers that their privacy is assured and that it will not be open season for their data. One sure fire way to secure driver data is to use virtual private networks (VPNs).
Big data, big profits
By the year 2020, it is estimated that 20 billion in-car devices will be constantly sending back vehicle data via the Internet. At that point, each vehicle will be transmitting around 1.5tb of data every day – that’s more than 25GB per hour per car.
For this reason, working out how to acquire, manage and monetize all this big data will become a key part of every motor manufacturer’s business model.
Already, the search for software platforms to partner with has begun in earnest. Ford’s Ford Pass platform and GM’s OnStar AtYourService feature are early examples. Auto data is sold to third parties such as insurance companies or roadside retailers to help them tempt drivers with loyalty discounts and special offers.
The repeal of Net Neutrality allows internet providers in the U.S. to get in on the action. In the future, deals between ISPs and auto manufacturers could give rise to a range of software-based service packages. The exact content and the speed at which each service is delivered would vary according to how much car owners are willing to pay.
One of the biggest challenges around privacy is how to develop services that reconcile the conflicting interests of product designers and marketing executives with those of the legal and compliance teams.
One such compromise came to light in 2015. The German motorist organisation Allgemeiner Deutscher Automobil-Club (ADAC) discovered that large amounts of data were being captured by the on-board diagnostics (OBD) system of a BMW model, including driving destinations and phone contacts, without the permission of the user.
Originally, the data could only be accessed by directly connecting to the OBD. However, as soon as the data started being transmitted wirelessly the risk of it being captured, processed and shared without the customer’s permission becomes unacceptably high.
In Europe, especially under General Data Protection Regulation (GDPR), auto makers must ensure they have the express permission of the vehicle owner before they can share car data.
As yet, there are no such regulations in the U.S. This has led to concern in some quarters that anyone may have free rein to harvest and sell connected car data at the expense of owner privacy.
For example, what’s to stop someone making money from customer details stored in the infotainment systems of rental vehicles? By connecting your phone to a rental car you could unwittingly give details of your smartphone, locations visited and even home address for others to mine for profit.
Consumer confidence at a crossroads
The effect of all this on consumers is hard to gauge. Partly because industry studies conducted to date are colored by the interests of the sponsoring parties.
For example, insurers Willis Towers Watson portray a broadly positive picture saying 55% of consumers will likely purchase a new or pre-owned vehicle with new technology features in the next 24 months. Four out of five drivers, they say, are open to sharing their driving data.
In contrast, research published by the digital platform security company Irdeto is decidedly more downbeat. The study of over 8,000 consumers in six countries revealed 93% either don’t have a connected vehicle or don’t know if they do. Nearly half (49%) do not own and do not plan on buying a connected car. A high proportion (85%) cited cybersecurity as the reason for their caution.
Whatever the true facts may be there is no doubt that VPNs are a useful way for motor manufacturers to ensure any driver data transmitted wirelessly remains completely private.
This is especially important for GDPR compliance. VPNs in vehicles can guarantee secure connectivity, assured authentication and centralized remote management for software patches and over-the-air updates.
In summary, doing away with Net Neutrality allows Internet providers much more freedom to shape how our cars connect to the online world.
Any new services that involve the harvesting and selling of driver data would conflict directly with the privacy-first principles enshrined in regulations like GDPR.
Privacy, and by extension VPN technology for protecting that privacy, has to be a core component of the future plans of every auto manufacturer.