Connected Car Data Privacy Goes on Trial

by VPNHaus | 09/05/2019

Modern cars know more about us than we might imagine. From driving habits to information about places we’ve visited and even our music tastes, much of the information our cars gather every day is very personal. Such details are also useful to law enforcement. Police forces are starting to use this data to determine the causes of traffic incidents.

Under regulations like EU GDPR, customers have a right to expect such information will remain private unless they expressly give their consent. This puts the onus on the vehicle manufacturers to build-in appropriate security measures that protect individuals’ personal data.

Encryption, a technology used in Virtual Private Network (VPN) software, protects this data on board the vehicle and as it passes over the Internet, effectively rendering it unintelligible to casual observers. Ensuring customers’ data has built-in protection in this way allows auto manufacturers’ to comply with data protection regulations.

What Your Car Knows

Today’s car is as much a computer as it is a means of transportation. The black box, or event data recorder, inside 96% of today's cars collects all kinds of information.

Some things like seat-belt use, speed, braking and acceleration may prove important for insurance companies and the police. But a car’s central computer system goes much further. It also logs our phone’s contact list, what text messages we receive, the music we listen to and where we’ve been.

Most people regard this type of information as private and rightly expect vehicles to protect their personal data from overly intrusive searches and sequestration.

Connected Cars on Trial

It can therefore come as a shock for drivers to find that sensitive personal data stored in cars is not encrypted or subject to legal restrictions. In most countries, police only require probable cause to search vehicles and are not obliged to obtain a warrant before downloading data. The legality of this has already been tested in the courts.

According to the American Civil Liberties Union (ACLU), such cases call on individual courts to decide whether laws dating from before the digital age should be extended to let police gather more information than was originally intended. In the absence of universal legal protections the problem will continue. Every new technology such as 5G video feeds or pinpoint geographic data will bring up the same challenges.

Manufacturers Promise Security

The onus on data protection is therefore on the manufacturers. Advanced driver assistance systems (ADAS) such as collision avoiding automatic brake systems provide higher margins for manufacturers. They are also encouraged by government commitments to ensuring vehicles are ever safer. Unsurprisingly perhaps, the market for ADAS is expected to grow by more than 10% every year reaching $67 billion by 2025.

Manufacturers have every incentive to ensure sensitive customer data is secure and their systems comply with data protection regulations. So far, around 20 carmakers have signed up to build systems featuring privacy built-in. The plan is to give car owners the ability to manage the data collected in their vehicles and obtain customer consent to use location and biometric data for marketing.

Encryption Drives Privacy

To achieve all this, auto manufacturers will need to introduce encryption technology into their vehicles. Enterprise-class VPN software is a key driver for shielding sensitive customer data from unwarranted intrusion.

By creating an encrypted tunnel for auto data communications with the manufacturer or with smart city systems, a VPN makes personal data unintelligible. This renders customer confidential information safe from casual intrusion by law enforcement officers and cybercriminals alike.  

In summary, continued advances in connected car technology and next generation bandwidth will inevitably increase the number of cases where confidential personal data in vehicles is analyzed without the owner’s consent. To meet data protection laws, car makers must ensure event data recorders and central computer systems properly protect personal information from possible interception by unauthorized parties.

In the continued absence of clear legislation ruling personal data stored in cars as admissible in a court of law, encrypted connections using VPN software will be key to ensuring drivers’ personal details receive appropriate levels of security as demanded by data protection standards.