A Legal Right to Control Your Data: A Step in the Right Direction for Privacy


Intertrust is certainly not the only actor pointing out the need for digital privacy protection in the world of the connected car. US politicians are also voicing their concerns. On March 18th, 2014, California State Senator Bill Monning also joined the fray by introducing a bill entitled “Consumer Vehicle Information Choice and Control Act (SB-994)”. This bill has many interesting aspects to it, but addressing data privacy concerns are front and center. From a digital privacy perspective, one of the key points is it puts into law what we see as a indispensable underpinning of ensuring personal data privacy, making it clear that the person who creates the data, the consumer, has the right to determine where that data goes and how it is used. As Senator Monning noted in a press conference announcing the bill, “It is your car, it is your data, and it should be your choice”.

A bit of background: automobiles are increasingly being connected to networks, particularly the Internet. In fact, according to SB-994, in 2014 it is expected that one of every five cars sold in California will wirelessly transmit data, rising to all cars in 2025. This data contains potentially sensitive personal data about the driver and passengers, not limited to location but can also include speed, number of passengers and driving patterns. All sorts of sensors are continuing to be integrated into the automobile; in fact there are already prototypes which gather driver health data as well in addition to vehicle related data.

SB-994 is still new and the US activist organization EFF (Electronic Frontier Foundation) said they were still studying it and have some reservations. However, the EFF does say “(the bill is) intended to put the keys to your car's data in your hands where they belong,” and we agree. Of the various potential choices of methods to protect data privacy, we think Senator Monning made an effective choice. One of the key issues in the current environment around personal data collection is that consumers generally have little knowledge about exactly what personal data is being collected by organizations and even less control about how and where this data is being used. Given this lack of clarity, consumers are understandably nervous about their privacy. Senator Monning’s decision to make it clear, at least in the case of data coming from the connected car, that the consumer should be in charge of where and how data is used is a refreshing first step. By giving the person who generates the data the right and ability to control it, we believe many consumers will feel empowered and be more comfortable with providing this data to entities when they feel it will provide benefits to them.

There is another goal to SB-994. While it is a bit tangential to digital privacy, but still relevant, and that is maintaining competition. Senator Monning claims, and is probably right, that most of the current data from connected cars goes directly to the automobile manufacturer. Since naturally the manufacturer is likely to use telematics data to steer car owners towards their dealers for repairs and other services, another goal behind the legislation is to make sure owners have the right to allow this information to go to a service provider, such as an independent mechanic, of their choice. This sort of data control can also lead to “lock in” in a variety of other industries and one can foresee the potential for this bill to become a catalyst for broader acceptance of consumer data control in areas beyond the connected car.

As a company constantly exploring the leading edge in online digital security, Intertrust has been considering data privacy and technology for some time. In fact, we have worked on a product expressly designed to give consumers the ability to control their personal data. Personagraph, an Intertrust company, gives cutting edge user analytics capabilities to mobile app developers, but it also has a feature called PG Protect designed to make sure these analytics can be provided without comprising consumer privacy.PG Protect works by collecting profile information, location, interests and demographics, from a consumer’s smartphone. Instead of directly feeding this information to marketers, Personagraph provides a trusted intermediary service, using this information to create anonymized profiles while leaving any personally identifiable information in control of the consumer on their device. Personagraph matches these profiles with interested marketers, but goes a step further by giving the consumer control over which brands they wish to receive offers from. We believe that this not only benefits the consumer, but also marketers since they can address a potential customers who have pre-selected themselves as being interested in their message. While PG Protect currently works on smartphones, the software and service can be modified to work on a variety of connected devices, including, of course, the automobile.

Comment