A recent wave of events between an Ola Electric scooter customer and the electric vehicle (EV) manufacturer has thrown open a debate on data privacy and the need for a data protection regime. Bengaluru-based Ola Electric recently published personal data collected from the e-scooter’s telematics component to defend itself after a user levelled accusations of the vehicle malfunctioning and crashing into a speed breaker.
It all began when Guwahati-based Reetam Singh met with an accident while riding on the latest Ola S1 Pro e-scooter. Post the accident, Singh’s father posted a barrage of tweets alleging that the Ola scooter malfunctioned when the brakes were applied before a speed breaker.
“On March 26, 2022 my son had an accident due to fault in regenerative breaking where on speed breaker instead of slowing, the scooter accelerated sending so much torque that he had an accident…The scooter went airborne crashing and skidding. My son was severely hospitalised…where he had fractures in left hand and 16 stitches in right hand due to fault in Ola S1 Pro,” Singh’s father said in his tweet on April 15.
Almost a week after these accusations, Ola posted the telematics data captured from the vehicle on the day of the accident claiming that Singh was in fact overspeeding “throughout the night” and “braked in panic” thereby losing control of the vehicle”.
“There is nothing wrong with the vehicle,” Ola added in its statement. The company also supplied acceleration data of the day of the incident to support this claim. It claimed that Singh drove at high speeds up to 115 kmph travelling up to 11 km at high speeds prior to the accident.
“Our operating system tracks various vehicle sensor data which we receive real-time in our cloud….At 12 AM, the rider started riding aggressively on Hyper mode, reaching 96kmph…At 12:09 AM, our data shows that all three brakes being applied together-front brake, rear brake and regenerative bread (reverse throttle) likely due to obstruction on the road. This brought the speed down from 80 kmph to 0 kmph in 3 seconds. No sudden torque or acceleration is observed after braking, contrary to customer claims,” added the April 22 statement issued by Ola.
Ola’s actions have social media in splits with few users supporting the rider’s stance, while others showering support for Ola, based on the company’s supplied datasets. However, data privacy experts and lawyers that FE spoke with said that although Ola has the right to defend itself from malignment, publicly identifying the individual with the telematics data could be a serious breach of privacy that may set a poor precedent for the EV industry.
“One can argue that the company has the right to disclose personal information in the public domain since its legitimacy was being questioned as a brand. But it is not an ethical practice because if a customer is complaining from a grievance perspective, the company should have handled it better.
However, these actions are still not illegal. If India actually had a data protection law, then it’s up to the data protection authority to evaluate whether Ola was in breach of privacy,” said Kazim Rizvi, founding director, The Dialogue which is a public policy think-tank based in Delhi.
Rizvi also added that publishing users’ personal information may build unfavourable circumstances for OEMs and their customers. “Just because users have a grievance, it is not a healthy practice for manufacturers to violate privacy,” he added.
Singh who met with the accident while riding the Ola S1 Pro told FE that he is considering taking Ola to court, and has already served a formal notice to the company.
“By publishing the telematics data, and identifying me on it, they (Ola) are trying to create a perception that I’m a dubious character, who was driving at high speeds. I never went at 115Kmph. How can I verify Ola’s statements when they haven’t supplied me with a copy of my own data. How do I know that they didn’t fudge with the data to prove their point?” Singh added.
Vinod Joseph, partner, at Argus Partners Solicitors and advocates said that rider is unlikely to receive damages from a court of law unless he proves that OEM has fudged the data. “Ola doesn’t have the power or the right to disclose the customer’s personal data and ideally, shouldn’t have done so. However, if the customer is taking the company to court, the customer is unlikely to gain much sympathy since the customer placed defamatory allegations in the public domain. Ola used the personal data in its possession to defend its reputation. Section 43A of the IT Act provides for compensation only if a data fiduciary does not have reasonable security practices and processes in place. Which is not the case here. Also, let’s not forget that the personal data which was disclosed by Ola wasn’t sensitive personal data,” added Joseph.
Irfan Khan, CEO and co-founder of e-scooter manufacturers eBikeGo which supplies EVs to businesses said that in a B2B setting, companies usually have access to full telematics data for safety purposes. But even in those ground, the data collected is anonymized by stripping away the rider’s identification, since the telematics data is only used for battery and scooter optimization.
“The OEM has to take additional care to ensure that the purpose of this data collection is to improve the vehicle and not to spy on the users. Sensitive information like location is captured for the user, and then aggregated once the user provides consent to do so. Telematics is a boon for OEMs if they can learn from the captured data and improve their knowledge and in turn their vehicles. The OEMs carry the moral responsibility to strip off the user’s personal information before it can be analyzed and consumed,” added Khan.