2018 has been a year full of personal data being accessed without consumer consent. As a result, awareness for data protection and transparency is growing, especially within the automotive industry. Vehicle manufacturers are interested in protecting the data of vehicle owners, which sometimes can hinder the ability of Service Providers to create useful applications for drivers.
With the introduction of the neutral server initiative by the European Automobile Manufacturers Association (ACEA) and the creation of a Neutral Server Platform established by Otonomo, OEM’s now have a secure path to provide vehicle data to Service Providers and in turn, offer their consumers a plethora of new applications and services that are helpful and convenient.
Utilizing Otonomo’s Neutral Server Platform
As a Service Provider in the mobility ecosystem, having access to relevant vehicle data is essential. This data can easily be accessed by registering to Otonomo’s Platform. Once registered, Service Providers can select various bundles that are equipped with imperative data attributes for their business. Each bundle is comprised of specific data attributes that can pertain to a host of use cases for drivers. One or more redirect URI’s are also provided to Otonomo at this point as part of the registration process.
The Process of Authentication
One of the first steps in ensuring driver privacy is making sure only the right people access a driver’s vehicle data. The Platform does this using an authentication process for accessing all vehicle data API’s. Every Service Provider registered to the Platform will receive a client_id and client_secret (in other words, a specific username and password). These credentials should be kept safe and private.
Obtaining Consent From Drivers
Drivers need to be in control of their data; they should determine what data they are willing to share and what they choose to keep private. Additionally, they need to be in charge of who has access to their data. The Neutral Server Platform allows drivers to do this through an embedded process available inside applications they intend to use.
The process is really simple:
- A driver downloads and registers to the application on their phone.
- They will then select the manufacturer (OEM) of their vehicle and will get redirected to Otonomo’s Platform.
- The Otonomo Platform will be redirected to the OEM’s authentication page through OAuth 2.0. On this screen, the driver will be able to log onto the OEM’s car application using their personal credentials.
- Once logged into the OEM’s car application, the driver will be able to see the specific and exact data attributes the application would like to access. Here, they will have the option to grant or revoke consent to view and share their personal data. If they approve, they won’t need to go through this process the next time they open the application on their phone.
- Otonomo will then redirect the driver back to the original application, using the redirect URI provided by the Service Provider. A token will then be sent to the Service Provider, which grants them the ability to make API calls to Otonomo on behalf of the driver.
It is important to note that a driver can choose to revoke consent to share their data at any time.
A Service Provider can simply integrate vehicle data into their application by using the Otonomo Authentication API.
For further information and inquiries regarding Neutral Server click here.
Architected for security and privacy by design, Otonomo’s platform complies with even the most stringent data privacy regulations including GDPR and CCPA, ensuring all parties are protected and companies remain compliant across multiple geographies.
