Three principles for data protection with autonomous and networked driving

    The more digitalized a car is, the more important the issue of effective data protection. The VDA considers three principles key in this respect: Transparency, autonomy, and data security.

    The more digitalized a car is, the more important the issue of effective data protection. The VDA considers three principles key in this respect: Transparency, autonomy, and data security.

    Networking and digitalization require legal protection

    The German Association of the Automotive Industry (VDA) welcomes the discussion initiated by the German government on issues relating to the legal allocation of data from a technical, economic, and legal perspective. From the perspective of the automotive industry, this question, which is also very important for the sector's ability to innovate and remain competitive, requires further in-depth examination. Key features of the discussion on mobility data must be of an international or European dimension in view of the cross-border availability of data, the partially disruptive bursts of innovation, and the high competitive pressure for the companies involved.

    During the initial phase of the technical and economic development of the networking and digitalization of the industry and consumer products, government regulation should take into account the flexibility needed by the companies involved and the barely conceivable innovation potential (e.g., motor vehicles communicating with each other and with the infrastructure). Particularly from a competitive aspect, regulation here should be extremely restrained at first.

    IT security and data protection, like vehicle safety, are already taken into account during product development. When a new vehicle is launched on the market, the integrated protection systems correspond to the current state of the art. Protection against misuse and manipulation is regularly reviewed and continuously adapted to technological advances. With the increasing use of automated and networked vehicle functions, corresponding protective measures will play an increasingly important role in the future. Political principles for protection against unauthorized access should continue to enable the implementation of manufacturer-specific security technologies and architectures.

    Three principles for effective data protection

    With regard to Industry 4.0, German industry has also been discussing for some time the question of the legislative conditions and the need for the legal allocation of data. As early as 2015, the Federation of German Industries (BDI) addressed, among other things, the relevant legal issues in an assessment of the digitalized economy and Industry 4.0, pointing out, for instance, that hasty action should be avoided here and that the European legal framework should be observed.

    This debate should also consider that the scientific discussion is also critical of exclusive and access rights to data. According to this discussion, there is no principle according to which rights to data should be assigned to a specific legal subject. Neither do personal data protection laws legitimize control over the use of data as such or in downstream data markets, nor are exclusive data usage rights to be assigned to owners of objects that generate data via sensors.

    Cars and the internet are increasingly converging. The vehicles of the future will be networked. Digital networking provides answers to the challenges of increasing traffic volumes, creates greater safety, and helps reduce environmental and climate pollution. Advances in networking create additional data and information streams and data protection is of particular importance in the development of these technologies. This is why the member companies of the VDA – both vehicle manufacturers and suppliers – have drawn up joint data protection principles for connected vehicles to supplement the existing legal regulations in Germany. These data protection principles comprise the three core points of transparency, autonomy, and data security.

    1. Transparency

    Automobile manufacturers provide their customers with a wide range of vehicle-related information and assistance services. Using this data, information can be obtained that is necessary for the operation and safety of the vehicle, but that can also be used for new services. It is important that the customer is informed about which data is collected and used for which purpose, taking into account data protection principles.

    Technical data relevant to servicing, such as fill levels, is used by customer service staff and engineers in the workshop to rectify malfunctions, or by the manufacturer to analyze vehicle functions. German manufacturers inform their customers about the vehicle data they process in accordance with data protection principles, for example via displays in the vehicle, online services, or in the user manuals.

    2. Autonomy

    The collection, processing, and use of personal data depend on the customer's consent. In the connected vehicle, customers can always decide for themselves whether they want to pass on data and, if so, which data. If customers refuse to allow certain data to be stored, they will not be able to use certain services.

    3. Data security

    The VDA member companies protect customers from misuse of the data required for vehicle communication systems by way of data protection principles. The safety-relevant systems in the vehicle electronics are separated from navigation, telematics, and infotainment applications: Thus, for example, the navigation device and the engine control system are two completely different circuits. Gateways and firewalls seal off the security-relevant areas in the networked vehicle, and data is encrypted. The vehicles' software and hardware architectures are constantly being further developed, thus ensuring a high level of technical security on an ongoing basis.

    You can read the data protection principles here.

    Joint statement by the independent data protection authorities of the federal government and states together with the German Association of the Automotive Industry (VDA)

    Modern motor vehicles already require and produce a large amount of data. Due to the advances in information technology equipment within vehicles and their connection to the internet as well as the networking of road users among each other, this trend will continue and lead to far-reaching transformations to road traffic in the coming years.

    In addition, numerous new vehicle functions and traffic telematics applications are emerging, for example in the fields of services and multimedia. Alongside the undeniable benefits for road safety and comfort, digitization and networking in particular also harbor risks for the privacy rights of vehicle users. Against this background, the independent data protection authorities of the federal and state governments with the VDA consider the following data protection aspects to be especially pertinent.

    You can read the statement here.


    Law & Compliance

    Dr. Ricarda Leffler

    Head of Department

    Read on