Cars Data _HOT_
Alterio Wihl
However, with the rise of telematics systems, which combine computing with telecommunications, these dynamics are shifting. Unlike the standardized onboard diagnostics ports, telematics systems vary across car manufacturers. These systems are often protected by digital locks, and circumventing these locks could be considered a violation of copyright law. The telematics systems also encrypt the diagnostic data before transmitting it to the manufacturer.
Critics also emphasize the privacy concerns associated with open access to telematics systems. Granting third-party access could expose personal details, especially real-time location data. Advocacy groups warn that this information might be used as a tracking tool by potential abusers and others aiming to exploit people.
However, repair advocates have criticized this change as unduly restrictive. They argue that it gives authorized car dealers an unfair advantage over independent repair shops because the manufacturers allow the dealers to access the data remotely.
Whether data should be subject to property rights is a matter of debate. If deemed property, it seems logical to award these rights to the vehicle owner because the vehicle creates the data while used by the owner. However, through contractual terms and digital locks, manufacturers effectively secure control over the data.
The hope is that policymakers and the industry can strike a balance: upholding the right to repair without compromising safety and privacy. One possibility is developing tools that segregate sensitive personal information from mechanical data.
Ultimately, a successful implementation of the new law in Massachusetts may pave the way for a renewed nationwide memorandum of understanding, capturing the essence of the original memorandum of understanding and preserving the right to repair cars in the face of rapidly advancing technologies.
This webpage provides information on DAVI resources and activities aimed at facilitating mutually beneficial data exchanges, including the Work Zone Data Exchange (WZDx) project featured in AV 4.0. A U.S. DOT presentation on the DAVI initiative from November 8, 2018, is available here with associated slides.
The DAVI Guiding Principles define an approach for U.S. DOT and our stakeholders to prioritize and facilitate the iterative development of voluntary data exchanges. The principles shape actions by U.S. DOT and its partners to increase access to data for AV integration, and lead to actionable priorities and clear roles in implementation. U.S. DOT continues to refine and use these principles to engage with potential data generators and users.
U.S. DOT hosted the Roundtable on Data for Automated Vehicle Safety in December 2017 to discuss potential priorities for voluntary data exchanges to accelerate safe AV integration (see summary report). The Department kicked off the WZDx project in March 2018 to take on one of the priorities identified at the roundtable. More information on WZDx is available here.
The Department continues to identify potential data exchange priorities via various stakeholder engagement activities. Visit the Events and Public Notices pages for more information on opportunities to engage, or contact us at av...@dot.gov.
U.S. DOT recently announced plans to fund Work Zone Data Exchange (WZDx) Demonstration Grants. The purpose of this research program is to increase the safety of the traveling public through the production of consistent public work zone data feeds across jurisdictions. The program plans to provide one-time funding for public roadway operators to make unified work zone data feeds available for use by third parties and collaborate on the WZDx specification development described in more detail on the WZDx page. Updates on this planned funding opportunity will be shared on the WZDx page when available.
U.S. DOT is committed to providing public access to data funded through its research programs, including the Automated Driving System Grants program. Visit the Intelligent Transportation Systems (ITS) DataHub to find new data sets, including recent releases from the Cooperative Automated Research Mobility Applications (CARMA) program.
Many outside the federal government are contributing open training data sets that assist with computer vision and other core ADS functions. These include BDD100K from University of California at Berkeley, the Waymo Open Dataset, the Lyft Level 5 Dataset, the Audi AEV Autonomous Driving Dataset, and the Ford Autonomous Vehicle Dataset. Contact av...@dot.gov to share other examples of open training data sets.
Data concerning the performance, use and environment of the smart car and related services during the common use by the user, including embedded applications (e.g., GPS position or captured images by sensors) and features indicating hardware status and malfunctions (e.g., engineer data such as a manufacturer specific error code).
The data holder can require confidentiality obligations and technical measures to protect the secrecy of data (e.g., through contractual terms, confidentiality agreements, strict access protocols, technical protection standards and the application of codes of conduct).
The data holder can withhold or suspend data sharing when the confidentiality of trade secrets can be undermined. That is the case if: (i) there is no agreement on the necessary measures; or (ii) if the user fails to implement the agreed measures or undermines the confidentiality of the trade secrets; or (iii) if the user undermines in principal the confidentiality of the trade secrets. The decision of the data holder must be duly substantiated and provided in writing without undue delay to the user. In addition, in such cases, the data holder has to notify the national competent authority.
Also a legal person (this could be the case of companies that make use of a fleet of vehicles, etc.). However, there could be cases (e.g., rental car services) where there could be doubts regarding who is the data user, e.g. the rental car company or the person that rents the car. This will require further clarification.
Where the direct access is not possible, the manufacturer must make data available (and metadata) without undue delay, free of charge, easily, securely, in a structured, commonly used and machine-readable format and, where applicable, of the same quality.
Contractual restrictions can be agreed on restricting or prohibiting the access, use or further sharing of data if this could undermine security requirements as laid down by the law (ie. resulting in serious adverse effect on the health, safety or security of human beings). This is particularly relevant in the context of smart cars if the sharing of data can jeopardize the personal safety.
If data is protected by trade secrets laws, the data holder and the third party will agree on the necessary measures by means of an agreement (including technical and organizational measures) to preserve confidentiality.
When the user is a legal person (and thus, not the data subject) or when the recipient is different from the user, it is mandatory to put in place: (i) another legal basis under Art. 6 GDPR (different from the need to comply with a legal obligation); (ii) (where applicable) a derogation to process sensitive data under Art. 9 GDPR; and (iii) grounds under Art. 5(3) ePrivacy Directive. In this scenario, the Data Act will not create a new legal basis enabling the disclosure.
In cases where the user is an enterprise, Recital 30 of the Data Act suggests that, in order to disclose such data, the controller(s) should rely on other legal basis such as consent or the need to perform a contract. Another alternative which is also suggested (e.g., at the end of Recital 7) is to apply measures such as anonymization of the data.
Lastly, enterprises acting as users should also consider that when accessing such personal data, they could become data holders in cases of joint controllership (art. 26 GDPR) in relation to data subjects (who would be the users in these cases), if the corresponding requirements are met.
The data holder must only use any non-personal data generated by the use of a product or related service on the basis of a contractual agreement with the user. The use of data to obtain insights about the economic situation, assets and production methods of the user is prohibited. In addition, if the user is also a consumer, the contractual terms shall be carefully drafted to respect EU consumer laws.
Connected products and related services must be designed in such a manner that data generated by their use that are readily available to the data holder are also directly accessible to the user. This data also includes the metadata that is necessary to interpret and use the generated data.
The design must also ensure that the data is made accessible in the following manner: (i) by default; (ii) free of charge; (iii) easily; (iv) securely and; (v) where relevant and appropriate, in a structured, commonly used and machine-readable format. Furthermore, where applicable, data shall be of the same quality as is available to the data holder, and made available continuously and in real-time.
From a data protection perspective, products should also be designed to minimize potential risks to the fundamental rights of individuals. Measures may involve pseudonymisation and encryption as well as the use of technology that permits algorithms to be brought to the data and allow valuable insights to be derived while only processing the necessary data.
The Data Act will have a fundamental impact on the Internet of Things - and thus, of course, also on connected cars. The political agreement on the Data Act reached by the EU institutions must still be formally approved by the two legislative organs. Once adopted, the Data Act will enter into force on the twentieth day following its publication in the Official Journal of the European Union and will then become applicable 20 months after its entry into force. So the big impact will be evident in around two years for anyone who collects or needs data. We will of course be monitoring and reporting on developments.
df19127ead