Consumer Demands Outracing Connected Cars Regulation

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Nora Macaluso

Oct. 7 — Governments are beginning work on developing privacy and security standards specific to the auto industry, with Group of Seven transport ministers agreeing to coordinate research and promote international regulatory standardization, but connected cars technology and consumer demand for connectivity threaten to outrace regulatory efforts.

“Mobility will assume a completely new dimension,” the G7 ministers, representing an informal group of industrialized democracies—the U.S., Canada, France, Germany, Italy, Japan and the U.K.—said in a recent declaration released in conjunction with the Frankfurt Auto Show.

Vehicles will become the important “third place” for connected environments, joining homes and offices, they said. The ministers pledged to take steps to “establish a harmonized regulatory framework” to enable the safe deployment of new technologies across national borders.

(Click image to enlarge.)

pvlr story image 10/13/2015

The transport ministers plan to meet in 2016 in Karuizawa, Japan, to continue talks on connected-cars and Internet of things harmonization.

Japan, meanwhile, recently released an update to its overall cybersecurity policy, in a pledge to examine vulnerabilities in the Internet of things, including automotive systems. The Japanese government said it will collaborate with industry and academia to set “comprehensive guidelines and standards” for Internet of things security in the automotive and other sectors. Having guidelines will enable companies to produce safer systems more easily, the government said.

Meanwhile, the Japanese government said it will encourage auto suppliers to “take necessary actions to modify detected vulnerabilities” and to inform users about ways to guard against those vulnerabilities.

U.S. Cybersecurity Focus 

Although the U.S. State Department hasn't held auto-specific cybersecurity discussions, privacy and security are part of “almost every discussion we have in every international venue right now,” Leonard Hause, senior technology adviser in the department's Office of the Coordinator for Cyber Issues told Bloomberg BNA.

“It's obviously risen to the level of an add-on item to every conversation,” he said.

“The connection between the policy people and the technology developers is going to have to grow stronger, and the conversation back and forth is going to have to be more robust,” Hause said. “I think we're starting to see that.” Companies like Google Inc. and Facebook Inc., he said, are becoming involved in policy discussions as technology evolves along with regulation.

The State Department is aiming for multi-stakeholder involvement on cybersecurity, Hause said. “We want to keep the Internet developed and innovative in the way it was originally deployed and developed,” he said. “It's not going to be just a government-level discussion.”

Consumers will shape much of the conversation, Hause said. Brand image is “going to be a huge driver on this discussion for standards,” Hause said. “Consumers have to feel safe, but they want the latest gadgets, too,” he said. “It's a very important thing for these companies to make sure they've got a roadmap.”

Auto Cybersecurity Front and Center 

Also at the Frankfort auto show, the European Automobile Manufacturers Association released a set of “principles” for data collection in connected vehicles and services, promising, among other things, to be transparent and to protect data security when selling cars or services in the European Union.

Data protection is an issue automakers take very seriously, as we are committed to providing our customers with a high level of protection and maintaining their trust,” Carlos Ghosn, chairman and chief executive officer of Renault SA and Nissan Motor Co. and president of the manufacturers' group, said in announcing the principles.

Separately, Volkswagen AG said it had partnered with insurer Allianz AG, pharmaceuticals maker Bayer SE and chemical company BASF SE to sell information-technology security services to companies in Germany.

The announcements show that cybersecurity was front and center at the auto show, along with new-product unveilings.

Nobody Providing Clear Guidance 

“Connected cars are becoming one of the hottest topics for the automotive industry globally,” Thilo Koslowski, vice president and automotive practice leader at Gartner Inc., told Bloomberg BNA.

“Everybody's trying to figure out the magic sauce to be able to be better than their competitors. Unfortunately, this goes counter to the idea of harmonizing and standardizing.”

“Governments at this point are still taking a kind of wait-and-see approach,” Koslowski said. That could delay the introduction of new technologies if it drags on too long, he said. “As long as we don't even have clear guidance or understanding of the individual countries' support for these technologies, I think it will be difficult to bring it up to a higher level,” he said.

“At this point, nobody really is providing clear guidance on this,” leaving it up to individual companies to decide what products to offer and how to coordinate on standardization, which is “difficult in a competitive mode,” he said.

Technology Outpacing Oversight 

Koslowski noted the European Union's eCall technology, which requires cars built beginning in 2018 to have the ability to automatically dial for emergency help.

Some EU privacy regulators questioned whether the system could meet data protection requirements.

The eCall system was discussed for more than a decade before the European Parliament approved it in April, Koslowski said. “It would be unfortunate” if regulations for connected cars took that long, he said. However, he said, “I think technology won't wait to put itself into people's hands.”

The G7's statement is a “good sign,” Koslowski said. “It means there's enough of an understanding that the different politicians are taking this serious enough that they start to investigate and explore it, but that's really just the first step.”

Governments have an opportunity to capitalize on automotive technology and put in place regulations that make roads safer and the environment cleaner, Koslowski said. “Once governments understand the power than comes from connected vehicles and the data they can collect, it will become crucial for them,” he said.

“Governments can really benefit from the connectivity of automobiles. We have autos around the world. If you connect those, you can become much smarter about traffic flow and reducing accidents, which would have real implications for GDP. Those opportunities, in my eyes, are really the motivator for governments to accelerate their point of view on this.” he said

The State Department's Hause, who has been in the technology business since the 1960s, said he has faith that companies will find a way to work things out. The scenario is much like the concerns about auto quality that arose during the 1970s, Hause said. “There's this general consumer awareness that starts happening, and industry responds to that.” If companies sense that brand image is at stake in relation to the security of connected-cars, they come together and start standardizing features, he said.

To contact the reporter on this story: Nora Macaluso in Lansing, Mich. at

To contact the editor responsible for this story: Donald G. Aplin at

The “declaration on automated and connected driving” is available at





Request Bloomberg Law: Privacy & Data Security