It Is My Car And My Data

I am prepping for a panel for Consumer Telematics Show on January 5th
and the moderator sent over a question that I’ve been asked many, many,
many times: Who owns the data from a connected vehicle?

This question always surprises me because it seems very simple to me.

Just like the vehicle itself, the vehicle owner owns all the data.
Period. I do not see how it can be any other way.

I do not own my vehicle. The bank does because I am financing the
purchase. However, my bank and I have agreed, contractually that I am
responsible for the vehicle in its entirety. The bank has no rights to
the vehicle or it’s data.

If I was leasing my vehicle, which I have done in the past, then the
lessor owns the vehicle and has a vested interest in the asset. If the
lessor decides to put conditions on the vehicle, including access to
data coming in and out of the vehicle, then me, as the lessee, would
have to be notified prior to leasing the asset and agree as part of the

Transparency. That is crucial and that is what builds trust.

For simplicity’s sake, let’s assume I own my VW Jetta SportWagen
outright and let’s assume it has CarNet, which sadly, it does not.

If I signed a subscription services agreement for CarNet, there would
likely be terms that stated the OEM, Volkswagen of America, has certain
rights to certain data in order to provide the services offered. I, as
the vehicle owner, could choose to accept those terms or not. But I
would have to know exactly what those terms were prior to agreeing to
them. That includes what data, exactly VW would be pulling from my
SportWagen and what exactly they would be doing with said data.

Ability to opt out is non-negotiable.

If I agree to share my personal data, which it is because it is my car,
then it is my choice to do so and I am likely getting value from the
exchange. If I am not getting any value, then I am not likely to share
my data unless I simply do not care on wit about it and if sharing the
data has zero impact on my in any way.

These four simple “rules” are easily summarized as follows:

1. The data coming from the vehicle is the property of the vehicle owner

2. If data is coming to and from a vehicle, it’s nature, flow, and
uses must be explicitly known

3. There should be a value exchange for
sharing data

4. The vehicle owner must be able to easily chose to
share the data or not

But this is telematics and nothing is really that easy. Let me peel
this onion a touch by giving you a few examples.

Let’s say that I own a car that has an embedded telematics unit that is
connected to AT&T’s network. In order for the OEM to deliver telematics
services, it has to have the ability to reach my car, which means the
OEM must know where the car is and have the ability to call the car.
That is all fine and good if I agree to have telematics services and the
OEM knows who I am, the owner of the vehicle.

The fact is, OEMs seldom know exactly who owns their vehicles. While
the OEM has contractual obligations during warranty period and in the
case of safety recalls that does not mean that the OEM know that
Michelle Avary owns the car. As GM has learned, finding the second
owner is very, very tough.

A recent article by Jerry Hirsch from the LA Times pointed out that of
the 60 millions recalls last year, just over half have yet to be fixed.
One huge problem is that OEMs do not know who exactly to contact about
the recall because they do not know who owns the vehicle. His article
went into the lengths GM is going to in order to reach people who may
have vehicles with recalls. GM has hired Acxiom to conduct deep
research, use social media, and other avenues to find people.

DMV records cannot always help because there are laws on books that
protect a vehicle owner’s privacy. California, for example, has a law
called the Driver’s Privacy Protection act that prevents the DMV from
letting anyone know a registered vehicle owner’s address. Seems crazy,
but it came from the tragedy of Rebecca Schaeffer’s death by the hands
of an insane stalker. Besides making it harder for stalkers to find
victims, it also prevented the OEM from finding second owners.

Back to my example, say I sell my car to Bob Smith and fail to cancel my
subscription or transfer it over to Bob. Does the OEM still have the
right to take data in and out of the vehicle without Bob knowing? How
can the OEM know that Bob even owns the vehicle?

I would argue that the OEM does not have the right to Bob Smith’s data
without his explicit permission. The OEM is going to have to jump
through whatever hoops it has to in order to obtain that permission. If
the OEM is unable to reach Bob Smith, it cannot pull data and it has,
functionally, a stranded investment.

Frequent readers of this blog know that I am a HUGE fan of over-the-air
updates and in-vehicle communications. I know that once the majority of
vehicles have persistent, ubiquitous connectivity in and out of the
vehicle, vehicle ownership will be better. When this utopia happens, an
OEM can annually call the car and ask the owner for permission. Easy
peasy pumpkin sneazy. I think it perfectly reasonable that if the
vehicle is installed with an embedded cell phone, the OEM could, without
infringing on anyone’s privacy, call the vehicle on an annual basis to
check on the owner’s status for contact information updates and if they
still have permission for data exchanges. I also think it perfectly
reasonable for their to be clear, transparent safeguards in place to
protect a vehicle owner’s privacy.

The embedded telematics device in the vehicle is clearly owned by the
vehicle owner. I have been advocating and working for a world were the
OEM pays for the wireless connectivity of the embedded telematics
device. I believe that the OEM will extract more economic benefit from
the data and contact with the vehicle owner than it will pay out in
wireless transport costs. The value exchange for the owner will be
equally much, much larger than the wireless transport costs and any
minimal infringes on privacy in the form of lower ownership costs and
safer vehicles. With standardized telematics devices installed in every
car that are always connected, always on and where the wireless
transport is paid for by the OEM, things actually become much, much more
simple for everyone involved as well.

But that does not imply that the OEM has an implicit right to the data
any more than it implies that the OEM has a right to the embedded device
or the vehicle itself. The OEM may have a vested interest in the
vehicle and it’s embedded telematics unit, but it does not have a right
to it. The OEM does not own the car, the device, nor the data.

To elaborate a touch, let’s assume that the OEM is paying for the
wireless transport to and from an embedded telematics device. Even now,
it is in the OEM’s best interest to keep some sort of connectivity to
the device regardless of its state of subscription, revenue generation –
hard cash or soft value, like data.

Let’s say that I shut down my subscription so, the OEM turns off the
device. The OEM cannot turn back on the device until I agree or I sell
my car to someone else that agrees that they want the device turned back
on. It does not mean that the OEM can turn off the device in a manner
that it can never be turned on again. That is insanity. It is my car,
my device. I bought the car and knew it had a device that could be
turned on and off and back on, just like my iPhone. Apple cannot brick
my phone simply because I do not pay my wireless subscription.

Obvious, right? What OEM in their right mind would wirelessly brick a
wireless device on an asset they do not own nor have any right to? None
would. It would be crazy. Even if I signed a contract giving said OEM
permission, since the OEM has no way to know if I even own the vehicle
anymore, they cannot just brick the my car. That would diminish the
value of the vehicle unnecessarily. Just like the OEM cannot destroy
your personal property by rendering it unable to function, the OEM
cannot take your data.

It is an extreme and absurd example, I know, but you get the point.

Sadly, the embedded telematics device is nothing more than a cell phone
and cell phones become obsolete. I experienced this first hand when the
FCC shut down the analog network. It is happening now as mobile retail
carriers shut down their 2G networks. It will happen again with 3G shut
downs and eventually 4G/LTE. While there are ways to mitigate the
negative impact to vehicle owners and automotive OEMs for cellular
transitions, there is no way to fully avoid them.

When I buy my car with a telematics device, I expect the telematics
device to work. If it fails to work, the value of my asset, the value
of my car has been diminished. Whether or not I subscribe to telematics
services, I have the expectation that all features on my vehicle will
work for as long as the vehicle is maintained. If I change my mind and
want to enable telematics services, I should be able to do so, just like
I can with my iPhone 4S. And if I sell my iPhone 4S or when I go to
sell that car, the second owner has the right to all the functions and
features, including telematics services.

However, if a network is shutdown and the telematics device cannot
technically connect to anything any more, then that is obviously not the
OEM’s fault. Yes, the value of my asset was diminished, but it more
force majeure than the OEM doing something silly like bricking a car’s
telematics unit because it is not generating revenue. But I digress.

Getting back to the heart of the issue, there is great value for a
vehicle owner, for an OEM, and I would argue for society at large, to
have all vehicles connected at all times and for the OEM to have the
ability to reach vehicle owners inside their vehicles. I believe that
the vehicle’s data is owned by the vehicle owner and the OEM must get
explicit permission to access this data. I do not think it at odds for
the OEM to be able to contact a vehicle and the owner to maintain
privacy. Safeguards need to be in place, for sure. OEMs must be
completely transparent when they pull data and what they do with the
data. And vehicle owners must be able to opt-out of data collection
without having the value of their vehicle diminished unnecessarily.

Peace-out and hope to see you at CTS and CES.