FEMA says motorcyclists – and car owners – must be able to be in control of the data that is generated by their vehicle.

Tourists’ organisations federation FIA Region 1 has used for years the slogan ‘My car, my data’. For years now, FIA has fought the rights of car owners to be in control of the repair- and maintenance information (RMI) of their vehicles. Now cars are developing in a kind of driving computers that are constantly connected this fight becomes more important. For this reason, several automotive organisations cooperate in the AFCAR conglomeration.

To protect the interests of car owners and of enterprises that deal with maintenance, roadside assistance, aftermarket parts, etcetera, AFCAR has developed the Secure On-board Telematics Platform (Secure OTP) that takes away the control of vehicle data from the manufacturers and gives the owners of vehicles (who are in FEMA’s view also the owners of the data that the vehicle generates) more control of what happens with the vehicle data. We have written about this before.

The European Union is also involved in the battle between car manufacturers and other stakeholders on data ownership and control. Recently, the European Commission launched a public consultation about Access to vehicle data, functions and resources. Although the this is still about cars, busses, and light and heavy goods vehicles (M- and N-category) and not about motorcycles and other L-category vehicles, we consider this as a very important issue for us too. History has learned that what happens with cars, sooner or later this will also become relevant for motorcycles. Think of all the techniques that are developed for cars (like ABS) that are later also fitted on motorcycles.

‘The owner of the motorcycle must be in control of the data and be able to decide who gets access to it.’

Motorcyclists must just as car owners be able to be in control of the data that is or in future will be generated by the motorcycle. History has also taught us, that if we wait until this becomes relevant, we are too late because an existing system for cars and trucks will just be extended to motorcycles.

Therefore FEMA has reacted to the European Commission and asked for protection of the interests of owners of motorcyclists in the same way as it should be with owners of other vehicles, have the ownership and use of the vehicle data protected in the best way, which is by governance of rules of access and the implementation of the Secure OTP for all L-, M- and N-category vehicles and make provisions in the Data Act for subsequent owners of vehicles.

This is the full letter FEMA has sent to the European Commission:

View of FEMA on the EC initiative Access to vehicle data, functions, and resources.

Data is becoming more important in connection with the manufacturing and use of motorised vehicles, including L-category vehicles. Guaranteeing the security, safety, privacy of the user and ownership of data by the user is crucial. As we have communicated on earlier occasions, we are concerned about the use of the data of vehicles, including motorcycles and other powered two- and three-wheeled vehicles, by motorcycle manufacturers and others and the privacy of their owners. We are also concerned that in the new initiative motorcycles and other L-category vehicles are not included, due to the connection that is made in the “Call for evidence” with the type-approval regulation (EU) 2018/858. Remote access to vehicle data offers opportunities and possibilities for vehicle manufacturers and vehicle users and -owners, but it also provides security, privacy, and safety risks and it raises questions about the property and right of use of the vehicle data.

Car manufacturers can design the car data architecture to ensure their exclusive access to the data. In fact, they have already done so with the “Extended Vehicle”-model. This gives give them a monopoly in the market for car data from their brand. They can use this to increase their leverage on aftersales services markets. The Extended Vehicle model ensures their data access monopoly and enables them to maximize revenue from data and data-driven aftersales services. This comes at the expense of the vehicle owner. The issue of data ownership is already also at stake with motorcycles. At least one manufacturer (BMW) has admitted to us that data is extracted from the OBD-system of motorcycle with maintenance and repair in BMW workshops without the explicit consent or knowledge and even at the cost of the vehicle owner to be send to and used by the BMW headquarters. Therefore, it is necessary that L-category vehicles are treated in the same way and that the interests of owners of L-category vehicles are protected in the same way as other vehicle owners must be.

In our view, the owner of the vehicle is the owner of the data that is produced by the vehicle and therefor the owner should be put at the centre in the Data Act and not the manufacturer of the vehicle. The owner must be in control of the data flows by convenient, interactive opt-in and opt-out and be able to decide who gets access to it. The way we read the Data Act, the manufacturer is primarily in control of the data and the owner of the vehicle must take action to control what happens to it. For us, this is the wrong way round. Also, we do not agree with the presumption that the basis for the manufacturer to use non-personal data should be a contractual agreement between the manufacturer and the user which may be part of the sale, rent or lease agreement relating to the product. As all vehicle manufacturers will have such stipulations, the user of the vehicle will have no choice than to agree. Furthermore, we miss in the proposed Data Act anything about subsequent owners of vehicles, who may or may not have rights and obligations of which they are not aware. In our view, data holders (be it the manufacturers through the Extended Vehicle system or other holders e.g., in the Secure OTP system), must have a new agreement with subsequent owners of vehicles about the use of the data that is generated by the vehicle.

After the above observations, we must conclude that the so-called “Extended Vehicle”, the vehicle manufacturers’ currently proposed data access model for ‘third parties’, is not in the interest of the owners of the vehicles. It does not secure the control of the data by the vehicle owner, it does not guarantee the privacy of the owner, it takes away the ownership and the right of use of the data from the vehicle owner, and in view of some incidents in the past, it does not protect the security and safety of the vehicle and its owner. We support the Secure On-board Telematics Platform (Secure OTP) that is developed by the AFCAR consortium with the interests of the vehicle owners in mind. With respect to the options that the Commission has formulated in the “Call for evidence”, we think that the third option (not only a minimum list of data, functions, and resources, but also governance rules on access) provides the best guarantees for the protection of the interests of the vehicle owners.

Requests:
We ask the European Commission to:

1. Have the interests of owners of two- and three-wheeled vehicles protected in the same way as should be with owners of M- and N-category vehicles.
2. Have the ownership and use of the vehicle data protected in the best way, which is by governance of rules of access and the implementation of the Secure OTP for all L-, M- and N-category vehicles.
3. Make provisions in the Data Act for subsequent owners of vehicles.

Written by Dolf Willigers

Top photograph courtesy of texa.com

This article is subject to FEMA’s copyright