Similarly, connected cars collect a lot of data about their owner and occupants alike constantly. But who owns this data and what can be done with it, are questions that do not have a clear answer to yet. Hence, we got in a conversation with Praveen Sasidharan, Partner, Risk Advisory, Deloitte India as he walks us through the current state of privacy of Internet-connected car data and how can it be secured.
A swift change in lifestyle has acted as a trigger for popularisation of IoT in cars as it now lets people, for instance, have their mails or news read out to them on the go, heat the seat before they get in, etc. Plus, Internet connection in cars lets OEMs offer differentiating features in their products. A recent study by Deloitte states that car buyers in India are willing to shell out an additional amount of up to Rs 50,000 for Internet-connected features in their car.
So, this a trend that will only grow bigger from here. But what about data security?
If we’re willing to share personal details and other preference data with a car manufacturer or a telecom service provider, a degree of compromise is involved. A Deloitte survey found that only 35 percent of customers in India say that they would trust their car to manage their data. The rest of them are interested in knowing first-hand how the OEM would use their data.
In a global study, Deloitte found that 80 percent of buyers are willing to share personal details with OEMs. With this, the onus lies on the manufacturer to keep customer data secure and assure them on the matter since data privacy and security is a factor affecting buying decisions, Sasidharan explains.
He further underlines that there are two components of cybersecurity in terms of connected cars – vehicle & passenger security (for example, in July 2015, two cybersecurity experts demonstrated that they were able to remotely disable the brakes on a Jeep Cherokee equipped with WiFi), and privacy of data (for example, sharing location data with Ola or Uber).
What happens to the data collected by connected cars in India largely depends on the contract agreed upon between the customer and the OEM. Currently, there are no written rules or laws on how or for how long is the data to be collected and what can be done with it.
However, the Draft Personal Data Protection Bill which is set to be tabled for a discussion in the Parliament soon is expected to chart out a clearer picture of what happens with IoT car data. This bill would clarify who would own the data, what can they do with it, can they sell it to a third party, etc.
When the bill becomes a law, the customer will have the right to take a legal position against the OEM if they feel their rights are not protected. The OEM will have to serve an agreement for consent management and explicitly share with customers details about what data will be collected, how long will it be collected for, will it be shared and what are the risks involved.
The manufacturer will be required to educate the user and an agreement will need to be signed between the OEM and customer at the time of sale for consent management.
Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, Check out latest IPO News, Best Performing IPOs, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.