Vorsprung durch Technik? The personal privacy challenge to Telematics

The car industry offers a powerful example of a market that has been transformed by clever use of people’s data – as long as it puts drivers in control, says J Cromack.

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email


The car industry offers a powerful example of a market that has been transformed by clever use of people’s data – as long as it puts drivers in control, says J Cromack. 

The automotive industry has changed gear, with the need to capture and use rich data about vehicles, their performance, and their environment in real-time. 

Telematics, are systems used to send, receive, track, and store information about automobile operations. Telematics can also track personally identifiable information about car users. however; they can offer huge benefits to everyone along the automotive value chain. Car manufacturers gain an opportunity to monitor how their products are used, experienced, and maintained out in the real world. Insurers can reduce their risk and provide more attractive and personalised policies as a result of better insights into the causes of accidents. Indeed, Deloitte predicted that in Europe digitally-enabled motor insurance could reach 17 percent of all policies by 2020. Have we reached this milestone yet? 

Meanwhile, drivers receiving timely feedback about their car, or driving and road conditions, are less likely to have an accident, break down, get stuck in traffic or run out of fuel. If they have an insurance-linked telematics ‘black box’ or dash-cam, they’ll also be less vulnerable to bogus claims against them by other drivers. 

The momentum for adopting telematics on an industry-wide scale is accelerating. Ernst & Young predicted that 88 percent of all new cars globally will have integrated telematics by 2025

But to get to a point where everyone can benefit, car companies and service partners need to gain the trust of drivers and regulators. In a world sensitive to privacy breaches and keenly on the side of consumer rights, there are some confidence issues to overcome. 

Drive home the benefits 

Measures to update legislation, including the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act and others , have highlighted the delicate balance between the use of car and journey data for genuine benefit and the potential for misuse. 

Research conducted in 2017 by the British Vehicle Rental & Leasing Association suggests that the majority of drivers (95 percent) would happily share vehicle data if this might help diagnose or prevent faults. Similarly, high percentages said the same about it being used to automatically alert a breakdown company (93 percent) or help a manufacturer identify safety and warranty issues with its parts (82 percent). But in situations where personal exposure felt higher yet the perceived benefits harder to determine, drivers were much less comfortable about agreeing to data being shared. Scenarios here included information about their driving behaviour and performance or their location. 

The onus is therefore on car manufacturers, service partners, and insurance companies to be completely transparent about their intentions. They must also empower drivers with sufficient options to control the data that is collected and how it is used. A 2016 survey among members of FIA Region I, a consumer body representing motorists in Europe, the Middle East and Africa, flagged up the need for restrictions including time limits on data being kept and used. But to feel completely reassured, drivers will also be looking for options to specify the types of information that can and can’t be collected and to assign specific permissions about who can access and use it for each documented purpose. 

Respect personal boundaries 

In a work context, GDPR’s parameters around keeping and using people’s data in legitimate and reasonable ways should prompt fleet managers to differentiate between company-relevant driver data and that which has no bearing on business use, for instance. Even if telematics ‘black boxes’ are set to record everything about every journey, this would restrict the information that can be stored and used. Information about mileage and fuel consumption may be kept, for example, but details about where a vehicle is parked outside of company hours should remain private. 

It stands to reason that if the data people agree to share about their driving experiences results in something expected and beneficial – a smoother journey or avoidance of incident – they will relax and embrace it. But if they feel spied on, compromised, or taken advantage of in some way – perhaps because their route has been captured and sold on to service stations and retailers who start to bombard them with promotions as they drive past, or the wrong person discovers they have gone away because their car is parked at the airport – they will have every right to object. It’s this kind of activity that the My Car My Data campaign, championed by the FIA, is warning against. 

The keys to winning over drivers to the brave new world of connected cars – as in any attempt to use personal data– is to hand them control. By providing transparency about data collection and use, clarity about what individuals will get back in return, and the ability to review and edit those parameters at any time, individuals will feel empowered to embrace positive change instead of feeling suspicious. 

The European Data Protection Board (EDPB) updated its guidelines for processing personal data in the context of connected vehicles and mobility-related applications. This references the e-Privacy Directive (2002/58/EC, as revised by 2009/136/EC), which sets a specific standard for all actors that wish to store or access information stored in the terminal equipment of a subscriber or user in the European Economic Area (EEA). The guidelines state that prior consent is required for such activities and article 5(3) of the e-Privacy Directive takes precedent over article 6 of GDPR although a legal basis is still required for the processing of personal data. 

Transparency is crucial, supervisory authorities are now focused on this principle. It’s easy for them to validate and provide enforcement notices or intention to fine an organisation that is not demonstrating transparency. Connected vehicles and those that use Telematic systems must engage in a way that’s totally upfront and honest when seeking to use personal data for an organisations’ own purpose or when sharing with 3rd parties. 

Processes must be robust, clear, and comprehensive to ensure effective and consistent compliance and build a trusted relationship. Organisations should ensure privacy notices are relevant, clear and specific, and relate to the complexity of what happens with the data and if being repurposed.  This privacy notice must be written in a way that a layperson would understand. 

Understanding the lawful basis for processing personal data and making this clear, consistent and obvious is vital, hence Transparency and Consent are finely intertwined. 

If this raises concerns for you, then visit MyLife Digital’s Consent and Preferences Management, it can help an organisation capture consent, transparently and compliantly and ultimately build trust with customers/prospects.   

To request further information or book a demo, please get in touch 

MyLife Digital

MyLife Digital

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore


Rebuilding consumer trust after Cambridge Analytica

#ThrowbackThursday Remember the scandal of Cambridge Analytica and Facebook harvesting people’s data without their knowledge and then misusing it? This blog discusses how both companies could rebuild relationships in the


Regtech to the Rescue

#ThrowbackThursday This blog from 2018 talks about what has been penned as RegTech or Regulatory Technology. The surge of new regulations across multiple industries also gave rise

Find out how you can do more with data

Get in touch