Data Privacy on the Road: How to Keep Car Data Safe

Since 2007, policymakers, regulators, NGOs, and businesses from all over the world have gathered on January 28 – Data Privacy Day – to raise awareness on data privacy and to promote the latest practices and technologies used to safeguard privacy in this digital world.

As the world enters the IoT (Internet of Things) age, concerns on data privacy are no longer limited to traditional IT environments. Connected devices like CCTV cameras, AI speakers, and now even cars, all collect and stores data from our daily activities.

As cars become increasingly digitalized and connected, ensuring data privacy becomes a new challenge for the automotive industry. Cars today are computers on wheels. Just as a computer stores data inputted by its user, a car collects data generated from the drivers’ behaviours. A typical car today generates exceedingly large amounts of data from cameras and sensors, electronic control units (ECU), and in-vehicle infotainment systems.

Data from Electronic Control Units

There is no need to explain how cameras, sensors, or infotainment systems generate data, as they work just like any other digital devices. Instead, we will discuss how electronic control units (ECU) generate and store data.

ECUs are embedded minicomputers in a vehicle that control its electrical systems, which then determine the vehicle’s movement. A modern car today contains around 80 of these units. Some of the ECUs include the engine control module (ECM), powertrain control module (PCM), and transmission control module (TCM). These units serve as the car’s computer. In most vehicles, each ECU operates separately on its own. However, some manufacturers such as Tesla are looking for a new approach to combine all ECUs into a central computer.

How do ECUs generate data? Let us look at the engine control module (ECM) as an example. A mixture of air and fuel is needed for an engine to operate. Too much air and fuel will overpower the engine, while too little of this mixture will not be enough to power the car. The ratio of air and fuel is also important. Too much air would make the car slow, while too much fuel would be pollutive.

Traditionally, an analog metering device was used to measure and determine the injection mechanically. However, tighter environmental regulations and rising oil prices meant that relying on analog means was no longer sufficient to reach to high fuel efficiency needed today. This had led to the digitalization of cars. Today, instead of using analog measures, the ECM uses optimization equations stored in its chips to calculate the optimized amount and ratio needed and injects the perfect mixture into the engine.

Since the ECUs are computers that send signals to control the car, these signals can be tracked and stored in the form of data and later used for a variety of purposes, from vehicle maintenance, driving experience optimization, as well as fleet management.

Then, what are some of the types of data generated by cars?

Types of Car Data and Their Uses

1) Driving behaviour
The cameras, radars, and lidar sensors equipped around the vehicles contain information on the vehicle’s speed, acceleration, braking, and steering. Such big data can be collected and used to enhance the driving assistance systems and improve responsiveness in emergency situations. These can also be used by taxi and rental companies to manage their fleet, making sure that drivers operate the vehicles safely. Lastly, insurance companies can use them to calculate highly accurate insurance premiums to better serve its customers.

2) Vehicle condition
The ECUs can provide critical data on a vehicle’s health condition. Information on tire pressure, wheel alignment, engine status, as well as other measures can be used to indicate the vehicle’s health, so that maintenance and repairs can be done immediately, eliminating any underlying safety hazards. Such information can also be collected by OEMs to improve their vehicles’ quality and performance.

3) In-vehicle services
Other data generated from in-vehicle infotainment systems may not be directly related to driving, but do contain sensitive personal information such as contacts, calls, and messages. Data on the usage pattern of mobility services, such as frequently visited locations, parking lots, gas stations, are also collected so that third-party service providers can use them to offer more personalized services and seek for new business models, such as smart parking and pay-as-you-go services.

How Are Car Data Shared with Outside Entities?

Many OEMs would ask consent for the car owner to share the data generated by the cameras, sensors, and ECUs to enable better driving experiences for the future. For example, the BMW Group collects telematics data generated from BMW and Mini vehicles (only under consent), and stores them in its data center to further expands its services.

Cars can also connect to the Internet directly. Many cars today are equipped with a SIM card slot, allowing the owner to subscribe to cellular internet service for in-vehicle infotainment. This allows the vehicle to receive live updates for its navigation system, allows the passengers to stream music with the car, as well as using it as a Wi-Fi hotspot to power other mobile devices on board.

Lastly, car data are a crucial asset for autonomous driving. V2X (vehicle-to-everything) systems not only shares the vehicle’s location, speed, and direction with other vehicles on the road, C-V2X technology will soon allow the onboard units (OBU) to communicate directly with the cellular network. This would lead to an explosion of transportation and mobility data.

How to Keep Car Data Safe?

Due to the sensitivity of car data, safeguarding data privacy comes as a prerequisite for connected cars. This means that drivers can rest assured knowing that their cars are much better at protecting their data than their computers at home. To protect car data from unauthorized access, authentication and encryption technologies are used to ensure that the sender and receiver of car data are properly authenticated, and that the data stored in the servers are safely encrypted. These security technologies are usually embedded in the ECUs and other onboard units such as the infotainment system to not only ensure data privacy, but also to make sure that these data are not altered or manipulated to cause physical harm.

AutoCrypt V2X and AutoCrypt PnC are software-based security solutions that are built into the chipsets during the manufacturing stage, protecting data privacy in the age of connected mobility. Working with chipmakers around the world, AUTOCRYPT is a major mobility security supplier for some of the world’s largest OEMs.

To keep informed with the latest news on mobility tech and automotive cybersecurity, subscribe to AUTOCRYPT’s monthly newsletter.

Related Articles