Consumer Advocacy Group Demands Driving Data Be Controlled by Drivers

Matt Posky
by Matt Posky

The Global Alliance for Vehicle Data Access (GAVDA) has issued a letter to automotive manufacturers around the world to request consumers be given direct access to the data generated by the vehicles they drive. While the group is comprised of organizations representing rental agencies, car sharing, independent vehicle repair shops that also want access to the information, it’s likewise backed by several consumer advocacy groups that worry customers and small businesses are being taken advantage of.

At the core of the letter is a refutation of claims made in a June 3rd memo the Alliance for Automotive Innovation (AAI) sent to Congress. That group is an assemblage of the world’s largest industry players with an aim to monetize driving data as quickly as possible. It just so happens that the duo are diametrically opposed to how the government should handle user information.

Fair warning, my bias rests firmly in the right-to-repair camp, so I can’t pretend not to favor GAVDA here and won’t bother to try. But that doesn’t mean there aren’t lingering issues that need to be addressed or room for compromise. We also don’t know what we don’t know.

For example, the Alliance for Automotive Innovation warned Congress “a ballot initiative being pushed by outside parties in the Commonwealth of Massachusetts would force motor vehicle manufacturers to allow outside parties to be granted real-time, bi-directional access to vehicle data,” suggesting that the arrangement runs the risk of widespread cybersecurity issues — comparing it to the current pandemic.

This seems like a valid concern on its surface, if not slightly hyperbolic. Yet I’m not an expert in such matters, despite spending hours upon hours reading about them. However, if the risks truly were as dire as the AAI claims, one would assume the obvious solution would be not to harvest the data in the first place — but that would interfere with the automotive and tech industries’ long-term scheme.

“Vehicle manufacturers in North American and Europe continue to raise the ‘boogeyman’ of cybersecurity to intimidate legislators and regulators on the issue of access to vehicle data by vehicle owners,” Greg Scott, executive director of GAVDA, said in a statement to Automotive News. “The manufacturers know, and GAVDA members know, that vehicle owner access to vehicle data can and is being accomplished in a cybersecure manner and that the manufacturers’ actual goal is the commercialization of vehicle data to enhance their bottom lines at the expense of competition and consumer protection.”

Bingo. But does that mean opening up the data to third parties is a good idea?

That’s largely down to who has access. If your local repair shop is trustworthy and scrubs sensitive information between visits, then the danger is probably no greater than leaving it to be stored at the manufacturer’s data center. But if it’s irresponsible, then you may have just opened yourself up to unnecessary risk.

According to the law being proposed in Massachusetts, any vehicle sold within the state that transmits data back to the manufacturer after 2022 will be legally obligated to have a standardized, open-access data platform equipped. This will allow third parties and customers to have more direct control over their vehicles, which the Alliance for Automotive Innovation claims creates an unnecessary vulnerability. But it’s not supposed to be a data buffet. Owners would have direct access to all mechanical information amassed via a mobile application and could then authorize repair facilities (or whoever else) access for diagnostic purposes.

From AN:

Under the proposed law, automakers would not be allowed to require authorization before vehicle owners, independent repair facilities or dealerships could access the data stored in the vehicle’s on-board diagnostic system, according to the bill’s text.

The alliance, which represents most major automakers in the U.S., argues the ballot initiative poses “cybersecurity, personal safety and privacy risks to the owner of the vehicle” and endangers others on the nation’s roadways.

“Simply put, while manufacturers remain committed to allowing consumers to decide where to take their vehicle for repair and maintenance needs, there is no scenario in which real-time, remote access by third parties would be necessary to diagnose or repair a vehicle,” the alliance said in the letter.

The official position of the Global Alliance for Vehicle Data Access is that customers are technically the ones creating and giving manufacturers permission to access the data (even if it’s not stated formally). As such, it “strongly supports the bidirectional, real-time control of motor vehicle data by motor vehicle owners.”

Meanwhile, the government (which nobody seems overly fond of these days) seems to be more in line with the AAI. NHTSA Deputy Administrator James Owens previously noted that 3rd parties need to be able to service automobiles, but essentially told Congress the Massachusetts bill was dangerous. Having watched the right-to-repair movement struggle over the last few years, I’ve no faith that the legislative branch will side against corporations on behalf of consumers and small business owners. However, I cannot state that the AAI’s cybersecurity claims are without merit — though I don’t actually believe they’ll be substantially more responsible in handling the data. This one is kind of a crummy situation in general where the consumer starts out with their privacy and DIY abilities already being whittled away.

[Image: CAT SCAPE/Shutterstock]

Matt Posky
Matt Posky

A staunch consumer advocate tracking industry trends and regulation. Before joining TTAC, Matt spent a decade working for marketing and research firms based in NYC. Clients included several of the world’s largest automakers, global tire brands, and aftermarket part suppliers. Dissatisfied with the corporate world and resentful of having to wear suits everyday, he pivoted to writing about cars. Since then, that man has become an ardent supporter of the right-to-repair movement, been interviewed on the auto industry by national radio broadcasts, driven more rental cars than anyone ever should, participated in amateur rallying events, and received the requisite minimum training as sanctioned by the SCCA. Handy with a wrench, Matt grew up surrounded by Detroit auto workers and managed to get a pizza delivery job before he was legally eligible. He later found himself driving box trucks through Manhattan, guaranteeing future sympathy for actual truckers. He continues to conduct research pertaining to the automotive sector as an independent contractor and has since moved back to his native Michigan, closer to where the cars are born. A contrarian, Matt claims to prefer understeer — stating that front and all-wheel drive vehicles cater best to his driving style.

More by Matt Posky

Comments
Join the conversation
3 of 8 comments
  • Turbo_awd Turbo_awd on Sep 05, 2020

    Almost makes me happy my Stinger doesn't have wifi.. less need to worry about it transmitting data back..

    • Mcs Mcs on Sep 05, 2020

      " less need to worry about it transmitting data back.." No problem. Millions of doorbell, security, dashboard, and traffic cams are doing just fine gathering data about you without the help of your car.

  • Anomaly149 Anomaly149 on Sep 05, 2020

    There are some good reasons to pause and really consider what you do with vehicle connectivity, and it's mostly because the average age of a car on the road is around "the release date of Windows 7". Extending the logic, around half of internet connected cars will be "Windows Vista SP2" or older. That's a hard problem; one that doesn't get easier when you have to figure out how to reasonably securely allow random third parties access to encryption keys.

  • Oberkanone My grid hurts!Good luck with installing charger locations at leased locations with aging infrastructure. Perhaps USPS would have better start modernizing it's Post offices to meet future needs. Of course, USPS has no money for anything.
  • Dukeisduke If it's going to be a turbo 4-cylinder like the new Tacoma, I'll pass.BTW, I see lots of Tacomas on the road (mine is a 2013), but I haven't seen any 4th-gen trucks yet.
  • Oberkanone Expect 4Runner to combine best aspects of new Land Cruiser and new Tacoma and this is what I expect from 2025 4Runner.Toyota is REALLY on it's best game recently. Tacoma and Land Cruiser are examples of this.
  • ArialATOMV8 All I hope is that the 4Runner stays rugged and reliable.
  • Arthur Dailey Good. Whatever upsets the Chinese government is fine with me. And yes they are probably monitoring this thread/site.
Next