News Our Feedback to EC 2 August 2022

Have your say - Access to vehicle data

You can also get involved in forming EU laws. The European Commission would like to hear your views on laws and policies currently in development. They offer a platform "Have your say" with the list of all new EU initiatives open for public consultation. You need to register to write your feedback.

https://ec.europa.eu/info/law/better-regulation/have-your-say

There are always 5 stages of each EU initiative, each stage is open for public consultation for a specific time frame:

  1. In preparation

  2. Call for evidence

  3. Public consultation

  4. Draft act

  5. Commission adoption

Access to vehicle data, functions and resources

About this initiative: Modern vehicles have features that allow a wide range of data that they generate when driving to be collected. This initiative sets the conditions for accessing and using such in-vehicle generated data. 

Feedback period: for stage 3 it is 29 March 2022 - 02 August 2022

Link: https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/13180-Access-to-vehicle-data-functions-and-resources_en

Feedback from Europeans for Safe Connections

We, The Europeans for Safe Connections, welcome this initiative because many drivers are not informed that their connected cars store or record so much data quietly, often inadvertently including very sensitive personal information.

A lot of personal data is copied to the car's infotainment console as soon as any smartphone is interconnected to the car. If a vehicle has built-in Internet connections, it can become car-based surveillance due to telematic data from hundreds of sensors or in-car cameras. Cars collect more data than our smartphones but consumers do deserve to have privacy in their vehicles.

Car manufacturers are preying on consumer ignorance. They collect customers' personal data, but they usually don't inform them which sensitive data they are gathering. The data is sent to the automakers' cloud and can be shared with other companies. A total consumer profile is created and passengers could see targeted advertising for „driver’s or passenger´s seat.
https://www.telenav.com/blog/why-in-car-advertising-works

While companies track customers in their cars, they often claim to collect 'anonymised data', but when all the telematics data such as car performance, driver behaviour, location data is combined with other data points, then customers can be personalised and profiled.

Automakers and insurance companies are claiming that they need such data for their products to work (such as emergency services). But they are weaponizing safety and using the same tracking consent form for a host of reasons. Consumers do not have to choose between their safety and having their data used for third party tracking purposes. Cars don't need to share our private data to allow us to drive.

When it comes to consumer privacy and security, Tesla's e-cars have some gaps in data protection. In June 2022 the Berlin police reacted to this and prohibited Teslas from driving on police property. The reason for this is the fear of being spied on by the e-cars. As the Berliner Zeitung reports, these worries are based on the built-in cameras in each vehicle. According to an internal letter from the police, the Stromers permanently film their surroundings and forward this data to the company's servers. What happens to the data afterwards remains unclear. A German ZDF television report has prompted the Berlin authorities to ban Teslas from police areas. The ZDF report shows that the vehicles record more videos than the car manufacturer claims.

Some experts say, that technology does not make driving safer. According to the National Safety Council, the number of deaths per 100,000 miles driven in the U.S. has increased by nearly 25% in 2020, marking the highest annual increase the organization has documented in nearly 100 years. The number of traffic fatalities increased in 2021, which prompted the federal government to take executive action. And the death toll could rise even higher if companies increasingly turn our vehicles into vessels of consumerism while simultaneously making them vulnerable to hackers.
https://injuryfacts.nsc.org/motor-vehicle/overview/preliminary-estimates/

In the recent years, the international press has reported a number of disturbing incidents where cloud storage and services of multinational telecommunications giants have been attacked and sensitive data of tens or hundreds of millions of users have been compromised. Even in the case of connected cars, there have been announced many security incidents and it has become apparent that many car developers have not taken a responsible approach to fixing security issues and protecting sensitive customer data. This data could be resold to third parties or appear on the dark web and end up in untrustful hands.

Unless the leakage or disclosure of sensitive customer data can be reliably prevented, the collection of customer information (whether authorised or unauthorised) poses a significant threat to privacy. The large number of unresolved security risks and incidents associated with remote hijacking of critical vehicle functions by an attacker and endangering the lives of drivers or passengers also undermines our confidence in the connected vehicle market.

For example:

- According to Stout's 2018 Automotive Warranty & Recall Report, companies had to recall nearly 8 million vehicles in 2017 because of software-related issues.
https://www.stout.com/-/media/pdf/automotive-warranty-recall-report-2018.pdf

- Security researchers proved they could hack a Jeep through the Internet to hijack its brakes and transmission which represented such a critical security risk that Chrysler recalled 1.4 million vehicles to fix the flaw that made the attack possible.
https://www.wired.com/2015/07/jeep-hack-chrysler-recalls-1-4m-vehicles-bug-fix

- For almost half a decade, millions of GM cars and trucks were vulnerable to a remote exploit that was capable of everything from tracking vehicles to engaging vehicle brakes at high speed to disabling brakes altogether.
https://www.wired.com/2015/09/gm-took-5-years-fix-full-takeover-hack-millions-onstar-cars/

- The infotainment system of Tesla Model S’ contained a four-year-old vulnerability that could potentially allow an attacker execute a fully remote hacking attack to start the car or shut off the engine.
https://www.wired.com/2015/08/researchers-hacked-model-s-teslas-already

- By exploiting the Bluetooth technology in Tesla cars, hackers in 2022 could obtain remote control of the door locks of millions of vehicles.
https://www.cybertalk.org/2022/05/19/new-bluetooth-hack-demonstrated-on-tesla-affects-millions-of-devices/

- A woman’s stalker used an app that allowed him to stop, start and track her car.
https://www.washingtonpost.com/technology/2019/11/06/womans-stalker-used-an-app-that-allowed-him-stop-start-track-her-car/?itid=lk_interstitial_manual_17

Blanket regulations without choice create discrimination and restrictions on freedom. Certain public do not want to purchase connected vehicles for privacy or health reasons.

Transparency, protection from discrimination and right to information should not be just empty words. If there is really aim to address discrimination at its source, we need to ensure that connected vehicles are not an obligation but a free choice for customers who will be fully informed before buying a connected vehicles that collect specific sensitive information and also emit electromagnetic fields/wireless radiation through specific assistance systems or specific wireless communication antennas placed in the vehicle.

In Proposal 8 we ask for wireless free and radiation free options for the transportation. The customer must not be discriminated against and must have the right to choose the option of a non-connected vehicle that does not include wireless connectivity.
https://signstop5g.eu/en/solutions/protection-of-all-life-on-earth/proposal-8

People don't want spies in their cars!

In the area of mobility, the Data Act falls short, especially when it comes to the exchange of vehicle data. So far, it has not been regulated how authorities or testing organisations can gain access to vehicle data in order to be able to perform their sovereign tasks for road safety as well as environmental and climate protection.

Much of the data collected by the car provide information about the technical condition of the vehicle as well as the mobility habits of the user. Personal data is a subject to special protection. In order to give drivers control over their data, a legal framework for access to the data generated in the car should be created at EU level as soon as possible.

There is a need for political action with regard to customers, who wish to use connected cars:
- Data transparency: consumers need to know what data their car generates, stores and sends.
- Data sovereignty: Drivers must be able to simply switch off data processing and sharing.
- Data security: To protect consumers, IT security must be guaranteed throughout the life of the connected car.
- Freedom of choice: Drivers should decide who gets access to their vehicle data.

In Proposal 19 we ask for an an impact assessment of the effects of wireless technologies on personal data protection and evaluate compliance against current data protection laws.
https://signstop5g.eu/en/solutions/protection-of-our-data/proposal-19

In Proposal 20 we want to protect citizens against the increasing vulnerability to cybercrime by applying the principle of data minimization to collection via wireless.
https://signstop5g.eu/en/solutions/protection-of-our-data/proposal-20

Best regards
Kamil Bartošák
on behalf of the Europeans for Safe Connections

https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/13180-Access-to-vehicle-data-functions-and-resources/F3332136_en

vehicle feedback
Facebook post available for sharing:
https://www.facebook.com/permalink.php?story_fbid=pfbid02c9qHDc3uxUMfSfD7uAoJ3TUb41ZQW5SkBw2EBX8vK4uPiAvsXijXg2X1oQPvWqxRl&id=247379643832902
© 2022 Europeans for safe connections.