FEMA a difesa della privacy dei motociclisti

Flusso di dati a senso unico

FEMA, per chi non lo sapesse, è la Federazione Europea delle Associazioni Motociclistiche. A fine aprile ha inviato una richiesta alla Commissione Europea con cui ha chiesto di osare ai singoli proprietari di moto e scooter la disponibilità dei propri dati privati ​​​​(legati allo stato di uso e manutentivo del mezzo e, di conseguenza, anche su come si utilizza il proprio mezzo, dove si va, le strade più frequentate, i dati degli smartphone…) che ogni giorno vengono prelevati dalle nostre moto attraverso i vari sensori presenti in numero sempre crescente.

Una richiesta che, in verità, nasce a seguito di quello che avviene già nel mondo delle quattro ruote, dove la FIA (Federazione Internazionale dell'Automobile) è da tempo che si batte per i diritti dei proprietari di auto di avere il controllo dei dati e delle informazioni "prodotte" dai propri veicoli che vengono acquisiti a senso unico dalle aziende produttrici.

Una problematica, questa dei flussi di informazione dei privati ​​che vengono presi e utilizzati dalle Case automobilistiche senza consenso (a cui vanno aggiunti anche tutti quelli relativi ai riparatori, meccanici e fornitori terzi facenti parte la filiera della manutenzione in generale), che sta diventando ogni giorno più concreto con l'aumentare della tecnologia per rendere utilizzabili una serie di servizi di controllo e automazione del veicolo. Tecnologia che anche nel mondo delle moto si sta facendo sempre più presente e pressante , anche con l'entrata in vigore della Euro5, che ha portato con sé l'introduzione all'interno delle nostre moto e nuovi dei nostri scooter di una serie di sensori .

Per quanto ne sa FEMA, tra i produttori di motociclette solo BMW trasferisce i dati dal computer di bordo della motocicletta alla sede centrale di Monaco, attraverso l'apparecchiatura di analisi utilizzata durante i controlli dalla concessionaria. E da qui le problematiche legate alla salvaguardia della privacy del privato e l'utilizzo di tutte queste informazioni da parte delle aziende produttrici (dati sensibili che potrebbero anche venire alle terze parti).

Per questi motivi, la FEMA (in scia alle azioni messe in atto dalla controparte FIA) si è mossa a difesa della privacy dei motociclisti, che devono essere messi a conoscenza dei dati che il proprio veicolo produce, dare il consenso o meno al loro utilizzo e di sapere come eventualmente vengono - e verranno - utilizzati.

FEMA, la lettera (fonte FEMA)

View of FEMA on the EC initiative Access to vehicle data, functions, and resources.

Data is becoming more important in connection with the manufacturing and use of motorised vehicles, including L-category vehicles. Guaranteeing the security, safety, privacy of the user and ownership of data by the user is crucial.

As we have communicated on earlier occasions, we are concerned about the use of the data of vehicles, including motorcycles and other powered two- and three-wheeled vehicles, by motorcycle manufacturers and others and the privacy of their owners. We are also concerned that in the new initiative motorcycles and other L-category vehicles are not included, due to the connection that is made in the “Call for evidence” with the type-approval regulation (EU) 2018/858.

Remote access to vehicle data offers opportunities and possibilities for vehicle manufacturers and vehicle users and -owners, but it also provides security, privacy, and safety risks and it raises questions about the property and right of use of the vehicle data.

Car manufacturers can design the car data architecture to ensure their exclusive access to the data. In fact, they have already done so with the “Extended Vehicle”-model. This gives give them a monopoly in the market for car data from their brand. They can use this to increase their leverage on aftersales services markets. The Extended Vehicle model ensures their data access monopoly and enables them to maximize revenue from data and data-driven aftersales services.

This comes at the expense of the vehicle owner. The issue of data ownership is already also at stake with motorcycles. At least one manufacturer (BMW) has admitted to us that data is extracted from the OBD-system of motorcycle with maintenance and repair in BMW workshops without the explicit consent or knowledge and even at the cost of the vehicle owner to be send to and used by the BMW headquarters.

Therefore, it is necessary that L-category vehicles are treated in the same way and that the interests of owners of L-category vehicles are protected in the same way as other vehicle owners must be.

In our view, the owner of the vehicle is the owner of the data that is produced by the vehicle and therefor the owner should be put at the centre in the Data Act and not the manufacturer of the vehicle. The owner must be in control of the data flows by convenient, interactive opt-in and opt-out and be able to decide who gets access to it.

The way we read the Data Act, the manufacturer is primarily in control of the data and the owner of the vehicle must take action to control what happens to it. For us, this is the wrong way round. Also, we do not agree with the presumption that the basis for the manufacturer to use non-personal data should be a contractual agreement between the manufacturer and the user which may be part of the sale, rent or lease agreement relating to the product. As all vehicle manufacturers will have such stipulations, the user of the vehicle will have no choice than to agree.

Furthermore, we miss in the proposed Data Act anything about subsequent owners of vehicles, who may or may not have rights and obligations of which they are not aware. In our view, data holders (be it the manufacturers through the Extended Vehicle system or other holders e.g., in the Secure OTP system), must have a new agreement with subsequent owners of vehicles about the use of the data that is generated by the vehicle.

After the above observations, we must conclude that the so-called “Extended Vehicle”, the vehicle manufacturers’ currently proposed data access model for ‘third parties’, is not in the interest of the owners of the vehicles. It does not secure the control of the data by the vehicle owner, it does not guarantee the privacy of the owner, it takes away the ownership and the right of use of the data from the vehicle owner, and in view of some incidents in the past, it does not protect the security and safety of the vehicle and its owner.

We support the Secure On-board Telematics Platform (Secure OTP) that is developed by the AFCAR consortium with the interests of the vehicle owners in mind. With respect to the options that the Commission has formulated in the “Call for evidence”, we think that the third option (not only a minimum list of data, functions, and resources, but also governance rules on access) provides the best guarantees for the protection of the interests of the vehicle owners.

Requests:
We ask the European Commission to:

• Have the interests of owners of two- and three-wheeled vehicles protected in the same way as should be with owners of M- and N-category vehicles.
• Have the ownership and use of the vehicle data protected in the best way, which is by governance of rules of access and the implementation of the Secure OTP for all L-, M- and N-category vehicles.
• Make provisions in the Data Act for subsequent owners of vehicles.