31 May 22

Soon, all cars will be connected – here’s who’s fighting for your data

By 2023, 70% of all new cars sold worldwide will be connected. By 2026, that will be true for all new cars sold in the UK (and most likely all of Europe). As a result, your vehicles are turning into data goldmines. Criminals, OEMs and insurers all want a piece of the action.

“As exciting and innovative as this sounds,” Ryan Fulthorpe, a British insurance expert, told the Daily Telegraph – ‘this’ being generalised new-vehicle connectivity the UK in just four years’ time – “it also means additional vulnerabilities, which hackers will be able to exploit.”

Keyless theft

One risk already being exploited by criminals is keyless vehicle theft, where hackers use a relay box to boost the signal from car keys to gain entry to vehicles. Cases have been on the rise, says Mr Fulthorpe. 

Another risk: “Hacking into mobile apps that communicate directly with cars, on-board computers or monitoring systems. This could lead to the control of vehicles being taken over, or to the theft of your personal data.”

As the expert points out, each policy holder should examine closely whether their insurance covers theft and other damages from vehicle hacking or digital data theft. 

Common-sense measures

Some common-sense measures can reduce the risk of cybercrime against connected vehicles. These include: 

  • parking your car in a secure place, 
  • using a signal-blocking key case, 
  • fitting your car with alarms and steering locks, 
  • limiting the number of in-car apps you use,
  • keep your in-car software up to date, and 
  • only download genuine, certified apps. 

Meanwhile, a landmark battle is being waged in California over vehicle data privacy that could set the agenda for connected car data on a much wider scale. 

$192 billion

As early as next year, when up to 70% of all new vehicles sold worldwide will have some form of connectivity, the connected car market will have a revenue of $192 billion, and an annual growth rate of 18% until at least 2028. 

In other words, vehicle data is a goldmine, and many parties – insurers, fleet operators, governments – will be eager to use it to drive their agenda, be it fewer claims, higher productivity, or increased road safety. 

But that data could just as easily be used in an untransparent way to discriminate against certain groups of users. Hence the California Privacy Rights Act. From 2023, this will prevent OEMs and insurers from using precise geolocation without the express permission of the vehicle user. 

Opt in or out

This means that they would have to ‘opt in’ for their data to be used, or at least have the clear choice to ‘opt out’ if that data use is the standard.

“Just because you subscribe to GPS, it doesn’t mean that car makers and insurance companies should have a blank cheque to use or sell your data for whatever they want,” Justin Kloczko, author of a March 2022 Consumer Watchdog report on ‘Connected Cars and the Threat to Your Privacy’ was quoted by Forbes.

However, the automotive and insurance industries are already seeking exceptions to the provisions in CPRA. The outcome of that battle will determine the fate of vehicle data privacy in California, and possibly also in the rest of the United States, and beyond.  

Image: Hans-J. Brehm, CC BY-SA 4.0

Authored by: Frank Jacobs