Today’s connected cars generate 25 gigabytes of data every hour, coming from numerous systems, sensors, cameras, and event data recorders. While car data was designed for one purpose—to operate the car generating it—it can support an endless number of novel use cases. For each use case, there is one important distinction: Whether the data it requires is personal car data or aggregate car data. In this blog post and short video, we’ll explain why this distinction matters and describe the differences between these two types of car data.
Personal Car Data Extends Beyond the VIN
Car data can power personalized services for individual drivers, such as roadside assistance, electric vehicle charging services, subscription-based fueling, usage-based insurance, remote diagnostics, trunk delivery by retailers, on-demand car washing, or parking spot finding and payments. These services require information about the individual vehicle—its location, battery or fuel status, condition, mileage, etc.—in order to operate. That is, personal car data.
From a legal perspective, there is no global standard for what constitutes personal car data. Most global privacy regulations do not directly address connected car data. The California Consumer Privacy Act (CCPA) discusses vehicle information shared for warranty purposes, while the Nevada Privacy of Information Collected on the Internet from Consumers Act exempts automakers and repair facilities from a requirement to allow consumers to opt out of the sale of their personal information. Only the European Union delves deeply into the question of how connected car data processing affects its consumer privacy laws.
According to the guidelines issued in January 2020 by the European Data Protection Board (EDPB), “Even if the data collected by a connected car are not directly linked to a name, but to technical aspects and features of the vehicle, it will concern the driver or the passengers of the car.”
The EDPB guidelines specifically discuss:
- Ensuring that data is collected and processed for “specified, explicit, and legitimate” purposes
- Data minimization principles, that is, only collected personal data that are relevant to and necessary for the service being provided
- Data protection by design and by default: “Technologies should be designed to minimize the collection of personal data, provide privacy-protective default settings and ensure that data subjects are well informed and have the option to easily modify configurations associated with their personal data.”
Key takeaway for service providers
What constitutes personal car data could be much broader than the vehicle owner’s information and/ or vehicle identification number (VIN). Service providers should look to the EDPB guidelines as a “gold standard” for what to consider when designing their data collection policies and consent management practices.
Aggregate Car Data Takes Multiple Forms
In addition, there are many use cases for car data that do not require identifiable information about cars or their drivers. This aggregate car data supports applications and crowdsourced insights such as traffic management and congestion management, mapping and planning, road hazard identification, predictive maintenance, location intelligence, and media measurement. When car data is de-identified or aggregated, it is no longer considered personal information, so personal data protection laws do not apply.
What is Aggregate Car Data?
There are actually several types of data points that fall under the category of aggregate car data:
- Individual data points: These are time-stamped records that contain one or more vehicle attributes, such as location, speed, or an image of a road sign but with no continuity over time. (That is, no identifiers that connect each successive data point to a discrete vehicle.)
- Trips: Trips are a calculated dataset that include a starting point, ending point, and associated times.
- Events: Events are triggered based on a logical rule, such as a vehicle attribute changing (low battery or tire pressure) or a vehicle passing into a geofenced area.
The Otonomo Platform supports all of these types of aggregate data; our API documentation provides details. The common thread is that all aggregate data from the Otonomo Platform has de-identified the actual vehicle generating that data.
Context is Critical
De-identifying vehicle data seems simple on the surface, but the reality is that it’s a moving target. Car data is unique because much of it is location-based. Therefore, developers must consider the mosaic effect: That is, de-identified data can become identifiable when combined with other public datasets.
For aggregate car data, blurring techniques are a way to remove potential identifiers from the data. Blurring means truncating a portion of the data, such as degrees of precision in location or the beginning and ending points of a trip. This granular approach protects driver privacy while preserving the value of the data for one specific use case.
For example, a parking app must have precise location accuracy to determine whether a parking space is available at a given point in time. However, it does not need to know whether the same vehicle is occupying that parking space, so all vehicle identifiers can be removed. An app that measures radio-listening habits, on the other hand, may need insight into listening time. It needs to know that data points coming in at a set interval represent the same vehicle, but it does not need precise location, so GPS coordinates can be truncated to only include degrees of latitude and longitude.
Personal Car Data and Aggregate Car Data May Intersect
Finally, there are some use cases that could depend on both personal and aggregate car data. Consider a parking app: It needs to know what parking spots are available, but it also needs to know a driver’s location to guide him or her to the perfect spot. In these cases, the data minimization principle applies: The app should collect identifiable data only when necessary to provide the service. It could ingest a pool of de-identified data on a continuous basis but only collect a specific car’s location when the driver requests a parking spot.
Which Type of Car Data Does Your App Require?
When you’re designing an application or analytics solution that uses car data, you must carefully consider your data needs and:
- Determine whether your application requires any personal car data requiring driver consent
- Design privacy policies, practices, and application flows for consent management
- Analyze your aggregate car data needs in accordance with de-identification and data minimization principles
The Otonomo Platform multi-OEM car data services platform provides access to both personal car data and aggregate car data. Our platform powers new applications, services, and crowdsourced insights while protecting data and adhering to global privacy requirements.
Learn More About the Privacy Implications of Car Data
Otonomo data strategists are available to do an in-depth data exploration with your business and technical teams; reach out to us to schedule a session.
If you’d like to learn more about data privacy and connected cars, our Privacy Playbook for Connected Car Data, with a foreword from the Future of Privacy Forum, is a great resource.