How a Massachusetts law could help IoT data privacy

Posted On

By Phil Keys

Share


The U.S. elections in November of 2020 included a result that could greatly affect the technology industry going forward. No, it’s not the one that you are probably thinking of right now, but the passage of Question 1 in Massachusetts. This new Massachusetts law actually points to a potential path forward on the vexing issue of data privacy and IoT.

First a bit of background. Massachusetts has a “Right to Repair” law that gives car owners the right to have their cars repaired at a third-party repair shop. As digital technologies become ever more central to cars, this law was amended to give third-party repair shops the right to access necessary repair data from the car, but excluded telematics data, i.e., data transmitted wirelessly from the car. 

Then came the rise of EVs, specifically Tesla. Tesla now transmits this data via a wireless link to their servers, making it very difficult, if not impossible, for a third-party repair shop to access. In many ways, EVs are computers on wheels and cloud access is expected to play an increasing role in their operation. This reliance on computing and the cloud threatens to severely restrict the types of repairs that third-party repair shops could do, potentially giving OEM-affiliated dealers an effective monopoly on repairs. 

Question 1 is designed to help solve this issue. Specifically, it gives car owners and third-party repair shops the right to access data from the car via a mobile app. To supply this data stream, manufacturers need to implement a “standardized open data platform” that these mobile apps can access.

At this point you might be asking: so what does this have to do with data privacy? For some time now, the quantity and types of intimate data collected by IoT devices have raised understandable privacy concerns among both privacy advocates and consumers. One issue is that for consumers, the data collected by their devices is the proverbial blackbox: something very difficult, if not impossible, to check on. 

One proposed solution to this problem is to give consumers ownership over the data transmitted by their devices. While there are merits to this approach, manufacturers rely heavily on this data for their business models and have fought this tooth and nail. Even if consumers were given ownership of the data, the problem of being able to view it in an easy-to-understand manner would still need to be solved.

A connected car is a type of IoT device, one that produces potentially sensitive data such as the driver’s location. While Question 1 refers specifically to mechanical data, the open data platform called for should be able to provide usage data as well. In fact, it’s a reasonable assumption that Massachusetts voters will demand access to this data once they get access to the mechanical data. Opening up usage data to mobile apps would also allow developers to innovate on ways to make that data easy for consumers to understand. The ability to easily view and understand the data should also lead to consumers gaining control over how this data is used and go a long way towards satisfying their desire for reasonable data privacy. According to a press report, similar right-to-repair laws are being considered in 20 states. If this happens, the open data platform required under Massachusetts law could be used to satisfy these legal requirements and hopefully would be rolled out nationwide. …Oh, and by the way, Intertrust just happens to have the perfect platform to build it!

Share

platform CTA Banner

Related blog posts

Blog

Let’s not forget community energy and trust

Read more

Blog

All about GDPR data segregation

Read more

Blog

How to avoid data migration

Read more