Emerging Data Privacy Regulation Brings OEMs and Consumers Closer Together Than Ever Before


Recent data breaches, hacks and misuse of personal data following the emergence of the connected car, have increased public awareness to data privacy, and now, regulation is beginning to form globally in order to protect consumers’ data privacy in the automotive industry. This article discusses automotive OEMs‘ significant role in protecting consumers’ data privacy, and why the emerging robust regulation is actually good news for car makers around the world.

Connected cars are massive data generators by default: from engine performance to telematics, infotainment data, location, road conditions, and more– the connected car gathers data on the car, the driver, the ride itself, and its surroundings by design. After all, it is what enables the car to communicate with the Internet and IoT devices to improve our cars, our safety, and our experience. However, this reality raises some major concerns in the automotive industry over the past few years: 1. Who owns the collected data from the car? 2. Is the data collected from the car considered personal data? 3. Who is responsible for securing the data collected? 4. Who has access to the data collected?

Regulation and public opinion calling the shots on who owns the data

The answers to those burning questions carry great significance, since they determine who is ultimately responsible for the proper gathering, sending, analyzing, storing, and securing the data collected from the car, and who should be held responsible for any breaches, hacks or misuse of that data. Judging by the regulatory trends of recent years, especially in light of the upcoming GDPR, and in addition to increasing public awareness to data privacy due to recent high-profile data breaches (such as Uber’s major data breach, recurring incidents of remote car hacking, access to car owners’ data by previous owners, and so much more), it seems these questions have already been answered clearly by both legislators and consumers.

Legislation on data privacy in the automotive industry such as the European Parliament’s Transport Committee’s call for EU regulation on access to car data, the US Senators’ SPY Car Act, the UK’s Department for Transport’s principles of vehicle cybersecurity for connected cars and automated vehicles, Canada’s digital privacy law (PIPEDA), along with consumer campaigns such as My Car My Data, all indicate that lawmakers and consumers are coming together to generate a new culture of consumer-centric approach to data privacy in the connected-car era. From a legal perspective, studies suggest that all vehicle-generated data can be considered personal data. And as for the users- surveys show that 95% of them feel they need legislation to protect their data.

In light of this reality, where consumers are conceived as the owners of their car-generated data, and they want to be given control over who gets their data – then who is responsible for protecting it? Based on recent regulation and public pressure, it seems OEMs are the “right guys” for the job, and although it bears heavy duties, this job might benefit carmakers more than they think.

OEMs are the new data gatekeepers, and it might be the best thing that ever happened to them

Carmakers have a significant incentive in making data privacy a top concern, and join the legislators and consumers in calling for standardized data policies. As a vital component in the chain of handling personal information, they should be concerned about legal compliance more than ever. But putting legal ramifications aside, OEMs can also leverage their role and become the consumer’s most trusted ally in protecting their data.

Here are some of the benefits OEMs can reap from the emerging data regulation –

  • Boost customer relationship due to increased consumer trust
  • Avoid brand damage and maintain positive public relations due to fewer data breaches
  • Improve services thanks to ‘consumer consent’ based data
  • Lead greater market innovation and unleash new services due to standardized data sharing with high-quality after-market services

No wonder some of the biggest carmakers associations in the world are taking an active part in shaping the upcoming change

The European Automobile Manufacturers’ Association (ACEA), which represents the 15 Europe-based car, van, truck and bus makers, has established 5 key principles of data protection that were adopted by the European industry, and might signify OEM’s global role in shaping data privacy, including transparency, customer choice, ‘privacy by design’, data security and the proportionate use of data.

As Sebastian Zimmermann (Head of data services connected car, BMW Group) said himself, only through assigning clear responsibilities, adhering to customer’s consent to data sharing, and not allowing any unauthorized direct access to third parties, will OEMs be able to protect vehicle-generated data. In other words, OEMs are presented with a golden opportunity to provide protection and maintain customers’ trust more than ever before.

Giving OEMs the tools to leverage new data privacy regulations

In order for carmakers to embrace and leverage new data privacy standards, they need to implement robust security controls. In addition to compliance with new legislation, OEMs should adopt a comprehensive, wholesome approach to securing the connected car; one that is not focused on protecting the vehicle alone, but rather on preventing data breaches across the entire connected-car’s ecosystem. By collecting, combining, and analyzing data from multiple sources, OEMs can produce a comprehensive, intelligible view of the data, and monitor real-time data traffic to detect leakage and identify threats.

How Upstream Security can help OEMs protect data privacy

Upstream Security enables OEMs to protect and maintain their consumers’ data privacy by using Artificial Intelligence and Machine Learning technologies to analyze the data traffic across the entire connected-car ecosystem. By creating behavioral analyses of vehicle-generated data containing Personally Identifiable Information (PII), Upstream can identify if and where exactly any leakage of private information took place on the telematics channel.

To sum it up, consumers shouldn’t have to choose between using new technologies and protecting their privacy. OEMs can provide them with both ends by using Upstream’s proprietary cybersecurity technology.


Learn more about how Upstream protects connected vehicles and car fleets at upstream.auto.

Newsletter Icon

Upstream’s 2023 Global Automotive Cybersecurity Report

Newsletter Icon

to our newsletter

Sign up to receive updates delivered to your inbox

Follow the Data: Connected Vehicles & Beyond

Automotive OEMs executives deal every day with at least four strategic challenges: Reputational risk limitation Regulatory compliance Recall costs minimisation Reliability of service and customer…

Read more

The Future of Fleet Security: Are Autonomous Vehicles Secure?

In recent years, the delivery industry has seen a significant shift towards electrification and autonomous vehicles in an effort to streamline services and improve efficiency.…

Read more

The Race to Autonomous Mobility May Be Slowed Down by Hackers

Electric-driven and fully autonomous mobility services have the potential to solve some of the world’s biggest transportation challenges. They are bound to revolutionize the automotive…

Read more

The Power Grid Must Be Protected, But Are EV Charging Stations Secure?

The widespread adoption of electric vehicles (EVs) depends on a robust and reliable network of charging stations. However, as the number of EVs on the…

Read more