This article was originally published on CFO.com.

There is a deep ambivalence prevailing in the auto industry regarding ownership of the data generated by the connected car.

Averages are a convenient way to characterize a lot of numbers, but are just as often misleading. The “average” U.S. driver reportedly spends around 275 hours a year driving a car, (according to the 2015 AAA Foundation for Traffic Safety Survey) and spends (on average) 38 additional hours stationary. The U.S. Department of Transportation Federal Highway Administration estimates that the average driver travels about 13,500 miles in a year, so the average speed of the average car driven by the average driver must be 49 mph — which doesn’t match my experience at all closely, and probably doesn’t match yours either.

As cars get more “connected” and capable of generating continuous data streams related to location, performance, and driver behavior, another average emerges — the 25 gigabytes per hour of data that (on average) will get sent to the cloud by each connected vehicle — 6,875 GB (6.875 terabytes) a year if all that data is stored. If all the 253 million passenger cars and light trucks (the current IHS automotive estimate) in the United States were “connected,” which likely won’t happen for a decade or more, we’d be sending  about 1,740 exabytes (one billion gigabytes) to the cloud every year. By the time the worldwide passenger vehicle fleet is fully connected (say around 2035), even if we don’t have driverless autos everywhere, there will likely be 2 billion vehicles, creating nearly 14 zetabytes of data annually. That’s about 4 times as much data as the entire planet created, from every source, in 2015.

Those are somewhat scary numbers if you’re responsible for storing everything reliably in the cloud (we already create more data than we can store reliably without some degree of de-duplication), but for all the potential benefits for improved safety and efficiency, one question remains unanswered and is starting to generate a lot of debate: Who actually owns all that data?

In Europe, where European Union legislation is promoting more connected vehicles and where it’s estimated that one-third of all passenger vehicles will be connected (at least for infotainment and some telematics) by the end of 2016, the Federation International de Automobile (FIA) is running a campaign called “MyCarMyData” to promote this debate. A combination of research and surveys indicate that:

  • 90% of people believe the car data is owned by the car owner or user, if the car is rented or leased;
  • 91% want the right to opt out of their vehicle’s connectivity capability — and to explicitly turn it off when they are using the vehicle, which has consequences for safety systems that require vehicle-to-vehicle connections;
  • 95% want legislation to protect user data and ensure user privacy,
  • 78% want to choose their service providers, for services like insurance, roadside assistance, periodic serving, and repairs — not to simply depend on “what the data says” they should do; and
  • 76% believe that consent to access data should be for a limited time or on a per-ride or per-drive basis.

It’s important to bear in mind that there are two side to this debate. There is also a deep ambivalence prevailing in the auto industry regarding vehicle owner privacy and data collection, particularly in the wake of more than two years of record-breaking recall levels for both major and minor issues (and pretty much every brand) related to reliability and safety.

Car manufacturers still aren’t quite sure they want to collect all possible vehicle (and driver) performance data — and thus be required to respond when problems show up or are predicted to be imminent. It’s one thing for a car owner get a notice in the mail that they should visit a dealer “soon” for a free repair or to fix potential problem; it’s quite another for them to get a real-time warning via a dashboard or heads-up display alert — and who is liable if the driver ignores the warning and something bad happens?

It should be clear that comprehensive vehicle performance and driver behavior data, which can be used “against” the driver by law enforcement or insurance companies, and for “targeting” by a potentially vast range of marketers, can also be used against the car companies themselves by regulators or by (unhappy for many possible reasons) drivers. And while the auto industry is global, the “big data” industry isn’t always: where to store vehicle data has quickly become an issue as governments such as Russia and China require that car makers locate their data collection and storage platforms within their country’s borders. The regulatory environment is equally diverse, as regulators in different parts of the world specify different rules for how long data must be preserved, how quickly it must be destroyed, and what it can be legitimately used for.

Close to the last thing most of today’s established car makers actually want to do is get into the business of selling driver data before the issues of ownership, permissible use, and regulation are decided — let alone have to resolve the economics of where all that data will live and how it will be protected and secured. Any vehicle or customer data that might escape into the wild (and some will), even via a seemingly valid commercial-use agreement, could contain the seeds of an expensive and disruptive consumer class-action lawsuit or a regulatory action that constrains or damages business plans and investments.

Given the number of potentially involved businesses and organizations (the vehicle manufacturer, insurer, fuel provider, parking space owner, traffic manager, infrastructure planner. etc.), the challenge of coordinating secure and appropriate use, even for “anonymized data,” is significant.

This debate isn’t going to end with connected cars. The same volume of data storage, ownership, and appropriate use questions are already visible in relation to connected homes, workplaces, commercial activities, travel and entertainment, and so on. Before everything is connected, we owe it to our businesses and our customers to have an informed debate over what’s possible, what’s beneficial, what’s acceptable, and what, as a result, we should be doing with all this potentially available data.

About the Author
John Parkinson

John Parkinson is an Affiliate Partner at Waterstone. John brings extensive experience to the topics of technology strategy, architecture and execution having served in both senior operating and advisory roles.