Trade Groups Squabble Over Rights to Vehicle Data
What happens if car owners allow third-party access?
Should you be able to decide who has access to the data your car collects about its mechanical and electronic condition?
“You bet,” says the Global Alliance for Vehicle Data Access. “Not so fast,” retorts the Alliance for Automotive Innovation.
The squabble has been sparked by a proposed Massachusetts state law that would give owners the ability to allow their cars’ data to be accessed by independent repair shops.
The requirement, which faces a state referendum vote in November, would take effect a year from now when the 2022 model year begins.
Who Has Rights to What?
So far, so good. But how would this accessing actually occur?
The measure specifies that cars be equipped to reveal their operational data either wirelessly or through a remote server accessible by the vehicle’s owner. The law also would enable third parties to send data, including software, into a vehicle, even as it’s being driven.
Currently, carmakers require authorization before anybody can tap into a car’s onboard diagnostic databank. The Massachusetts law would eliminate that step.
The Vehicle Data Access alliance, which is made up of groups that represent fleet owners and aftermarket repair facilities, favors the measure. No surprise there. Independent repair businesses have groused for decades about carmakers making it difficult for anyone but a franchised dealer to obtain repair manuals, service equipment and other tools.
But the Alliance for Automotive Innovation, which represents carmakers, warns that making it easy for third parties to read a vehicle’s data—and upload new software into it—sounds like a cyberattack waiting to happen.
AAI agrees that owners should be able to fix their vehicles wherever they please. But in a June letter to the U.S. House of Representative’s energy and commerce committee, the group raises the specter of “significant” pubic safety and cybersecurity threats raised by the Massachusetts law.
AAI argues that consumers are being misled by descriptions of the law as a “solution for fixing cars.” In fact, the group contends, it’s all about allowing third parties to collect a vehicle owner’s driving habits, travel patterns and location in real-time.
The proposed Massachusetts law, it warns, creates “absolutely no safeguards” for how data mined this way might be stored, protected or used later. AAI further asserts that opening up access conflicts with federal guidance about how carmakers are supposed to shield the same data.
The National Highway Traffic Safety Administration, which arbitrates such issues, takes the middle ground. It agrees that owners should be able to give service shops access to their car’s diagnostic data. It also has cautioned Congress about the potential data leakage that could result.
The debate over your ability to grant or block access to the data collected by your car is far from over.
This latest skirmish zeroes in on a fundamental question: Is it possible to allow access to specific information for a one-time purpose without having everything else your car knows about you ending up out there in the cybersphere too?
Aptiv plc is launching a fleet of 30 autonomous vehicles that will operate as part of Lyft Inc.’s ride-hailing network in Las Vegas.
Toyota Motor Corp. is encouraging employees at its research and development center near Ann Arbor, Mich., to participate in an on-going program there to test connected vehicle technologies.
Perhaps it has something to do with comparatively low gas prices.