Tuesday 10th December 2019

Connected car makers must be uncompromising over the protection of privacy

Published on March 27th, 2019

I don’t know about you, but I’ve come to mistrust the word Smart. Like most overused buzzwords, it now means everything and nothing, says freelance technology writer, Nick Booth. For me Smart is synonymous with Snitch, as smart objects always seem to be reporting on us to people behind banks of monitors.

Do you worry that the smart car will constantly tell tales on you – reporting on your behaviour to the authorities? Like a Goodfella in a Mafia movie, we’ll suspect that our trusted partner, the family car, is wearing a wire. It’s been turned and is singing like a canary to the authorities or, worse, the surveillance marketers.

Melodramatic? Perhaps. So here’s a more sober analysis from someone who knows this territory: Wayne Stallwood, head of AWS at service provider Kcom.

A connected car gives gigabytes of data each year, says Stallwood. Some are technical details about vehicle health, but some is private information – such as where you’ve been. The car makers really will value – in the best and worse sense of the word – the dirt on your driving behaviour and car usage.

Your interaction with the car’s components is interesting. You can tell a lot from a driver’s use of windscreen wipers and hazard lights. In this case, nobody cares about an individual’s data but when its collated with millions of others, car makers can significantly evaluate performance and make improvements.

The time to be worried

Nick Booth

It’s when data collectors target you as an individual that you have to be worried.

Data privacy must be respected, says Stallwood. We love GDPR (General Data Protection Regulations) when it’s protecting us from the information stealers and identity compromisers but we must remember those regulations apply equally to businesses, even if they have their customers best interests at heart. “The challenge for car makers is using that data without violating the data rights of their customers,” says Stallwood.

GDPR won’t stop car companies collecting this data, but it can restrict its use and distribution, by restricting access to the bulk data that car companies will aggregate. The problem is the lines are blurred. Like the incident tape that is stretched across the perimeters of a crime scene, the barriers to data are often breached and the integrity compromised. 

When the ‘lab boys’  – the data scientists – explore these crime scenes they will be crossing the line between customer intelligence and personally identifying information (PII). They are both mixed up together. Companies rarely try to classify between them or restrict access to data that’s protected under GDPR, according to Stallwood.

Connected car manufacturers can avoid this risk simply by changing the way they aggregate their data,” says Stallwood. Store data by its classification and the permissions applied. That ensures the sanctity of the data is protected – whether it’s personal or commercially valuable – and user permissions applied. Don’t let everyone get their fingers into the PII. Go further than that and apply unique policies to personal data so that even those with access – even if it comes by nefarious means – cannot do harm, Stallwood advises.

An all (data) points bulletin doesn’t always work, as we learn from mafia movies. These days the person of interest is likely to be lawyered up.

The author is freelance technology writer, Nick Booth.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow