Connected cars – Data protection, privacy, and cybersecurity

  • Home
  • Blog
  • Connected cars – Data protection, privacy, and cybersecurity

Connected cars – Data protection, privacy, and cybersecurity

By Waseem Haider on September 03, 2021
 , ,
By Waseem Haider on September 03, 2021 Newsletters , , 0 Comments

CONNECTED CAR TECH SERIES PART 4: Complex regulatory landscape threatens to restrict the market’s development 

Contributed by: Waseem Haider

In the last three parts of our Connected Car Tech Series, we talked about the immense possibilities this space is offering to car manufacturers, network operators and other stakeholders. This obviously creates an impression of the grass as all green which is not the case. Connected cars have a number of challenges.

One significant roadblock facing the connected car industry relates to regulations and standards. The need for regulations governing in-vehicle data and other connected car resources is one of the most pressing issues affecting connected car stakeholders. This is partially because regulations were meant to deal with basic connectivity, e.g. emergency calling, and partially because of the expansion of the connected car ecosystem. Current regulations do not sufficiently address the challenges posed by increased connectivity and the role of different stakeholders.

Though there are multiple areas which are affected by lack of standardization and proper regulations in the connected car ecosystem, there are two significant areas which stand-out due to their impact on both the end-consumers and service providers: data protection and privacy, and cybersecurity.

Data Protection and Privacy

One of the biggest challenges faced by the connected car ecosystem is the protection of consumer data. Even though regulatory authorities have made some significant policy changes around connected cars, data access and privacy regulations have yet to be tackled adequately. For example, the EU updated its Motor Vehicle Type Approval Regulation in 2019, but the increasing vehicle connectivity is still a topic of discussion. 

One major data protection law from the EU is the General Data Protection Regulation, or GDPR. There is a lot of uncertainty between the EU and US since the introduction of GDPR. Meanwhile, numerous regional efforts around data protection have emerged, inspired by the GDPR. One such regulation is the California Consumer Privacy Act (CCPA). The CCPA directly addresses car manufacturers and automotive suppliers globally on their telematics data capture, and influences cloud service providers’ data privacy practices.

The amount of data generated not only within the car but also outside of the car, certainly poses a threat to the protection of personal data and raises serious privacy issues. According to some estimates, almost 25 gigabytes of data is produced per hour from a connected car. Most of this is driver’s personal data and that of passengers. Moreover, suddenly the data generated by connected cars have attracted the interests of multiple stakeholders – enforcement and government authorities, car insurance companies, car manufacturers and other third parties.

Primarily, connected cars are generating data from three different categories of functionalities: Telematics, V2X and Infotainment (see Figure 1 below).

Figure 1: Main Data Sources in Connected Cars 

Source: ENISA

The functions shown in the graphic enhance the customer experience for car owners and some of them are essential for safety and emergency services. However, the amount of personal data which the connected car systems are generating becomes a cause of worry for the protection of the data and privacy of individual car owners and/or related parties. Note that we are not talking about the fully autonomous vehicles of the future, which will generate and gather even larger amounts of data than today’s connected cars.

Hence, the question arises how to adopt data protection and privacy standards today which will stand the test of time. While there is some progress in creating standards and regulations surrounding connected cars, for instance the new Motor Vehicle Type Approval Regulation, EU GDPR, and CCPA, many issues have not been addressed comprehensively or consistently enough to support growth of this new market.

Cybersecurity

Another big challenge for the connected car ecosystem is the now-increased vulnerability of cyberattacks and hacking threats. The transformation of the automotive industry into one offering digital mobility products and services has given rise to importance of cybersecurity in the connected car ecosystem (see figure 2 below). Though the digital features in connected cars are adding great customer value, they are also exposing connected cars to multiple touchpoints for possible cyberattacks. As connected cars have more and more in-vehicle software units, hackers have access to electronic systems and data, posing potential threats to critical safety functions and data privacy.

Figure 2: Cyberattack scenarios in connected cars 

Source: Frost & Sullivan

In the past few years there have been multiple instances of cyberattacks on connected cars, where hackers have taken full control of the vehicles. The major challenge is lack of clear regulatory guidelines and standards for the connected car ecosystem. As such, the cybersecurity problem is related to data protection and privacy. Cybersecurity and data protection/privacy are two sides of the same coin: cybersecurity presents the outside-in scenario and data protection is the inside-out scenario.

One important point to highlight here is that regulators are having a tough time formulating such laws. Part of the challenge is the involvement of multiple stakeholders in the connected car ecosystem. This influences current supplier contracts with OEMs and other third-party relationships for software development, testing and managing over-the-air (OTA) updates.

Regulators face a difficult situation in adoption of standards across the entire automotive value-chain. For the last few years, however, regulators have been working on a cybersecurity framework for the automotive industry that will cover the entire value-chain. This year, the United Nations Economic Commission for Europe (UNECE) passed a law called the Vehicle Cyber-Security Management System (CSMS), to be implemented by automotive manufacturers. The law will make cybersecurity an integral part of the entire connected car ecosystem and OEMs need to implement a certified CSMS across the entire lifecycle of any given connected vehicle in near future.

Next Up: Data ownership

Among the many regulatory issues in the connected car ecosystem is, who owns the data generated by connected car ecosystem. In the next part of this series, we will take a deeper look at ownership of data in the connected car space.

*

Image credit: Erik Mclean

Share this post

Related Posts

Vodafone Idea to work with Red Hat on distributed cloud platform

October 24, 2019 Vodafone Idea to work with Red Hat on distributed cloud platform  On October... read more

5G vendors report earnings

October 31, 2019 5G vendors report earnings The top five vendors selling 5G network infrastructure have... read more

Connected cars: OEM car maker strategies – where does the network operator fit in?

August 03, 2021 Connected Car Emerging Tech Series Part 3 Author: Waseem Haider Today’s car industry is... read more

Tough times at Huawei in 1Q20

March 06, 2020 Tough times at Huawei in 1Q20  If you're a Huawei watcher - and... read more

COVID-19 impact on network operators and their suppliers

April 28, 2020 "The COVID-19 impact is, of course, hard to assess..." With this comment, Ericsson's... read more

US crackdown on Chinese mobile apps to hit TikTok and WeChat

August 08, 2020 US crackdown on Chinese mobile apps to hit TikTok and WeChat; next... read more

Telco collaboration with webscale sector picking up steam

January 11, 2021 Telco-Webscale Collaboration In our recently published capex forecast, we discussed how essential collaboration... read more

Autonomous vehicle and robot highlights from CES 2021

January 18, 2021 Autonomous vehicles and robots picking up steam and will impact network infrastructure For... read more

Cell tower companies pondering what to be when they grow up

January 25, 2021 Cellnex steps into fiber and data center infrastructure through new joint venture... read more

Webscale sector’s capex push to bring many more data centers online in 2021-23

February 01, 2021 Webscale sector’s capex push to bring many more data centers online in... read more
Subscribe

Stay in the loop

Get our latest content by signing up below