All News and Perspectives

Redefining Privacy in the Era of Connected Vehicles

April 19, 2019 Eric Nutt, CTO Mandli Communications

The future of mobility will look and feel very different.  Want instant access to all your favorite TV shows so you can entertain your children wherever you go?  You got it.  How about access to directions, route changes, and knowledge of the intentions of all the vehicles around you?  Yup, consider it done.

Making this all possible is the world wide web, and the good news is 98% of all new vehicles in 2020 will be connected to the internet, with 100% expected by 2025.  However, along with the advantages of this connectivity, you get a mountain of privacy concerns.

The reality is that companies providing your in-car services – like entertainment and navigation services – will also have access to a slew of additional information about you, including how often you drive over the speed limit, how aggressively you drive generally, and where you go and how long you stay there; and that’s just for starters.  There is even talk of these service companies eavesdropping on your conversations or monitoring your emotions while you drive.

It’s unclear at this point how consumers will be able to keep these vehicles in check, but car companies can learn a great deal from the European Union’s (EU) latest attempts to regulate privacy.

On May 25, 2018, the EU’s General Data Protection Regulation (GDPR) went into effect, ushering in key protections for consumers. For example, a data subject – that’s you enjoying your connected vehicle services – must be able to withdraw consent as easily as you gave it.

GDPR also forces companies to factor in privacy concerns at the outset of product development lifecycles. This forces companies to think early on about what data they need, and for what purposes.  In other words, they shouldn’t just arbitrarily start collecting data, then figure out how to monetize it down the road.

Consumers should be pleased with these developments, but the real question remains: how well are companies implementing these requirements?

According to a January 2019 Cisco Study, there is still room for improvement.  Only 59% of companies reported meeting the GDPR requirements seven months after it went into effect, even though they could see GDPR coming down the regulatory pipeline years ago.

The report also highlights some consequences for not living up to the GDPR. For starters, companies’ sales cycles suffered; those who failed to meet GDPR requirements saw a 60% delay in their average sales cycle.

Another problem companies faced was a jump in costs associated with data breaches – which it turns out were more likely to happen when GDPR standards were not followed. For instance, there was a 27% higher probability of a data breach costing $500k for companies that didn’t meet GDPR requirements.

GDPR aside, perhaps the best example of the costs associated with ignoring customer privacy concerns is Facebook. In the last year alone, Facebook had the biggest single-day loss in stock market history at over $100 billion dollars and was also forced to enter multi-billion dollar negotiations with the FTC over privacy issues.

You definitely don’t want to drive a mile down that road auto companies.

It’s pretty simple, actually: consumer privacy matters and car manufacturers better start taking this issue seriously.  If we’ve learned anything, customers will flock to companies that take their data, and by default their privacy, seriously.

So, consider this fair warning, auto industry: we want our in-car television service, but that’s all.

Nothing more; nothing less.


Eric Nutt is the Chief Technology Officer of Mandli Communications, Inc., and an Associate Editor of the SAE International Journal of Connected and Automated Vehicles.

Follow Eric on LinkedIn.