A New EU Regulation-Based Framework for Car Data Access

Extended Vehicles: A New EU Regulation-Based Framework for Car Data Access

In accordance with the European Union’s Regulation (EU) 2018/858, OEMs must be ready to share connected car data with third parties by September 1, 2020. More specifically, this regulation establishes a requirement for automakers to provide technical information captured by onboard devices (OBDs) and other vehicle components to independent vehicle repair operators, so they have an equal ability to compete with authorized dealers.

The regulation furthers the concept of the extended vehicle—which encompasses not only the physical vehicle but also the data it generates. This broader concept reflects the tremendous value of car data to transform the automotive industry. In a nutshell, here’s what OEMs and automotive repair companies need to know about the industry’s upcoming requirements.

OEMs Must Provide Non-Discriminatory Vehicle Data Access

Article 2.1 of Regulation 2018/858’s Annex X states that, A manufacturer shall put in place the necessary arrangements and procedures, in accordance with Article 61, to ensure that vehicle OBD information and vehicle repair and maintenance information is accessible through websites using a standardised format in a readily accessible and prompt manner, and in a manner which is non-discriminatory compared to the provisions given or access granted to authorised dealers and repairers.” 

The outlined information includes, but is not limited to:

  • “Unequivocal identification of the vehicle, system, component or separate technical unit for which the manufacturer is responsible” (2.5.1)
  • Component and diagnosis information (such as minimum and maximum theoretical values for measurements (2.5.4)
  • Diagnostic trouble codes, including manufacturer specific codes (2.5.6), and
  • Information to enable the development of generic diagnostic tests and tools. “Where manufacturers use diagnostic and test tools in accordance with ISO 22900 – Modular vehicle communication interface (MVCI) – and ISO 22901 – Open diagnostic data exchange (ODX) in their franchised networks – the ODX files shall be accessible to independent operators via the website of the manufacturer.”

Keeping the Car Repair Market Competitive

The European Union wants to ensure that the market for car repairs stays a competitive one. 

Not surprising, since the average European consumer spends €666 annually on maintenance, repairs, road assistance, and tires for a petrol car. This figure is somewhat less for diesel or electric vehicles, according to the 2019 LeasePlan Car Cost Index

In order to remain competitive, independent garages and automotive repair companies will need access to connected car data. This will enable them to provide service on an even footing with an OEM’s dealer network.

Vehicle Data Must Always Be Easily Accessible

Article 61 states that, “Information shall be presented in an easily accessible manner in the form of machine-readable and electronically processable datasets.“ 

It specifically states:

  • Data should be available on a website
  • It should be in standardized formats (while acknowledging that standards are not yet available)
  • It can be processed with “reasonable effort” by independent operators, and
  • Manufacturers must “ensure” that vehicle OBD information, vehicle repair and maintenance information are “always accessible, except as required for maintenance purposes of the information system”

Data Accessibility Is Hard Work

There’s a lot of hard work packed into the words “easily accessible.” First, car data must be made available on a website, in a manner that’s safe, secure, and privacy-compliant. (We’ll discuss that a bit more shortly.) In addition, it needs to be standardized enough that it can be processed by third parties with “reasonable effort.”

In Otonomo’s experience, all car data must be cleansed, normalized, and harmonized before it is  usable — even when it comes from a single auto manufacturer. Regulation 2018/858 calls for open data formats and well-defined metadata, standards that don’t exist today. Even with these standards in place, practical solutions would also require complex data processing, well-defined APIs, and extraction tools.

OEMs Can Charge Fees for Car Data Access

Regulation 2018/858 acknowledges that OEMs will incur costs to make vehicle data available to third parties. In turn, it allows for OEMs to charge third parties for data access. The fees may be time-based (per access period) or transaction-based. However, the fees that OEMs charge for vehicle repair and maintenance information must be “reasonable and proportionate.” In addition, “Those fees shall not discourage access to such information by failing to take into account the extent to which the independent operator uses it.” 

Data Access Fees Require a New Technology Infrastructure

The EU regulations provide OEMs with flexibility to achieve reasonable returns on their investments in data accessibility. However, they also require the OEMs to put in place processes and technology for usage metering, billing, and auditing.

GDPR Opt-In Requirements Apply to Personal Car Data

Regulation 2018/858 states that, “Whenever the measures provided for in this Regulation entail the processing of personal data, they should be carried out in accordance with Regulations (EU) 2016/679 (i.e. the General Data Protection Regulation, or GDPR)…” 

This is not surprising; the car data covered in this regulation includes vehicle identification numbers (VINs), which directly links to identifiable individuals, namely car owners and drivers. In addition, “technical information concerning the vehicle’s condition (e.g. engine coolant temperature, engine RPM, tyre pressure)” under the personal data category in the European Data Protection Board’s pending Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications, for which the review period just ended. 

Consent Management Will Be a Critical Component for Compliance

OEMs will need to implement robust mechanisms for car owners to provide consent for third parties such as independent garages to obtain service-related car data. These mechanisms will need to include:

  • A user interface and process through which car owners could provide consent for a specific garage to access their data. This interface could be through a website, mobile app, or the infotainment system. Our survey of 2,512 European consumers indicates that the infotainment system is the most commonly preferred communication method. 
  • The ability for car owners to provide consent to new service providers or revoke consent from providers they are no longer doing business with. This may require a separate database of vehicle repair operators. 
  • Data flows from this interface to the systems providing data access for vehicle repair operators. For safety and security reasons, data access will most likely be through a separate database from the one collecting connected car data from the car. 

Otonomo Consent Management Hub enables all parties to meet these requirements.

Meeting the September 1 Deadline: What Lies Ahead

Automakers have a lot of work ahead of them to prepare for the September 1 deadline, but they don’t need to do it alone. Clearly defined in the regulation are requirements for OEMs to ensure data access methods, data standardization, and compliance with GDPR and other privacy regulations.

Otonomo works with several leading OEMs, including BMW Group, Daimler AG, Mitsubishi and Fiat Chrysler Automotive, to increase car data utilization. We’re  actively involved in addressing the issues that Regulation 2018/858 has created, and we’re here to help.

Reach out to us to start a dialogue. 

TOPICS: OEMs

Matan Tessler - VP Product

    Related Posts

  • New European Consumer Survey on Connected Car Data and Privacy

    If you work for an OEM or are developing applications or services based on connected car data, the Otonomo-SBD Automotive survey should sit near the top of your reading list. It’s full of insights about consumers that we haven’t seen anywhere else.

    READ MORE

    By Lisa Joy Rosner | CMO

  • The First Privacy Playbook for Connected Car Data

    The Privacy Playbook for Connected Car Data presents 9 plays for putting privacy at the center of your data business practices. Read more.

  • 7 Key Differences Between GDPR and CCPA

    The top differences between GDPR and CCPA based on our advanced analysis. Read and learn how to navigate these privacy and security regulations.

Leave A Comment