L'elettronica della moto, i dati e la privacy dei motociclisti

I sistemi di assistenza alla guida possono raccogliere le informazioni sui percorsi fatti e anche questo potrebbe essere utilizzato senza autorizzazione.
Tanto che per proteggere gli interessi dei proprietari, come di chi si occupano di manutenzione, assistenza stradale, ricambi, eccetera, la società Afcar ha sviluppato la piattaforma Secure OTP che dà il controllo dei dati in primo luogo al proprietario del mezzo.

Il problema dell'utilizzo delle informazioni quale leva per fornire servizi a pagamento è finito sotto la lente della Commissione Europea. Ma, in tutto questa attenzione, sono al momento escluse le moto e tutti i veicoli della categoria L, dai ciclomotori ai quadricicli.

Per questa ragione una sollecitazione alla Commissione Europea è stata portata avanti dalla FEMA (la federazione europea delle associazioni motociclistiche), affinché i motociclisti siano in grado di controllare i dati generati dall'uso dei loro mezzi.

BMW Motorrad ha ammesso che i dati della diagnosi di bordo vengono scaricati senza l'autorizzazione dei proprietari, e sono forniti alla casa madre assieme alle spese e all'elenco degli interventi effettuati.

Una procedura che, in mancanza di una precisa normativa, resta in un limbo e che probabilmente è attuata anche da altri costruttori per rafforzare il loro monopolio.
Possono usare queste informazioni – afferma Fema - per aumentare la loro leva sull'offerta dei servizi post vendita. Il modello Extended Vehicle (già introdotto in campo auto) garantisce il monopolio all'accesso ai dati e consente alle Case di massimizzare le entrate derivanti dai dati e dai servizi, a spese del proprietario del veicolo.

FEMA ha inviato una lettera alla Commissione Europea (il testo integrale lo trovate qui sotto) chiedendo che vengano tutelati gli interessi dei proprietari dei motociclisti, così come si sta facendo per quelli di altri veicoli.

fonte FEMA

View of FEMA on the EC initiative Access to vehicle data, functions, and resources.

Data is becoming more important in connection with the manufacturing and use of motorised vehicles, including L-category vehicles. Guaranteeing the security, safety, privacy of the user and ownership of data by the user is crucial. As we have communicated on earlier occasions, we are concerned about the use of the data of vehicles, including motorcycles and other powered two- and three-wheeled vehicles, by motorcycle manufacturers and others and the privacy of their owners. We are also concerned that in the new initiative motorcycles and other L-category vehicles are not included, due to the connection that is made in the “Call for evidence” with the type-approval regulation (EU) 2018/858. Remote access to vehicle data offers opportunities and possibilities for vehicle manufacturers and vehicle users and -owners, but it also provides security, privacy, and safety risks and it raises questions about the property and right of use of the vehicle data.

Car manufacturers can design the car data architecture to ensure their exclusive access to the data. In fact, they have already done so with the “Extended Vehicle”-model. This gives give them a monopoly in the market for car data from their brand. They can use this to increase their leverage on aftersales services markets. The Extended Vehicle model ensures their data access monopoly and enables them to maximize revenue from data and data-driven aftersales services. This comes at the expense of the vehicle owner. The issue of data ownership is already also at stake with motorcycles. At least one manufacturer (BMW) has admitted to us that data is extracted from the OBD-system of motorcycle with maintenance and repair in BMW workshops without the explicit consent or knowledge and even at the cost of the vehicle owner to be send to and used by the BMW headquarters. Therefore, it is necessary that L-category vehicles are treated in the same way and that the interests of owners of L-category vehicles are protected in the same way as other vehicle owners must be.

In our view, the owner of the vehicle is the owner of the data that is produced by the vehicle and therefor the owner should be put at the centre in the Data Act and not the manufacturer of the vehicle. The owner must be in control of the data flows by convenient, interactive opt-in and opt-out and be able to decide who gets access to it. The way we read the Data Act, the manufacturer is primarily in control of the data and the owner of the vehicle must take action to control what happens to it. For us, this is the wrong way round. Also, we do not agree with the presumption that the basis for the manufacturer to use non-personal data should be a contractual agreement between the manufacturer and the user which may be part of the sale, rent or lease agreement relating to the product. As all vehicle manufacturers will have such stipulations, the user of the vehicle will have no choice than to agree. Furthermore, we miss in the proposed Data Act anything about subsequent owners of vehicles, who may or may not have rights and obligations of which they are not aware. In our view, data holders (be it the manufacturers through the Extended Vehicle system or other holders e.g., in the Secure OTP system), must have a new agreement with subsequent owners of vehicles about the use of the data that is generated by the vehicle.

After the above observations, we must conclude that the so-called “Extended Vehicle”, the vehicle manufacturers’ currently proposed data access model for ‘third parties’, is not in the interest of the owners of the vehicles. It does not secure the control of the data by the vehicle owner, it does not guarantee the privacy of the owner, it takes away the ownership and the right of use of the data from the vehicle owner, and in view of some incidents in the past, it does not protect the security and safety of the vehicle and its owner. We support the Secure On-board Telematics Platform (Secure OTP) that is developed by the AFCAR consortium with the interests of the vehicle owners in mind. With respect to the options that the Commission has formulated in the “Call for evidence”, we think that the third option (not only a minimum list of data, functions, and resources, but also governance rules on access) provides the best guarantees for the protection of the interests of the vehicle owners.

Requests:
We ask the European Commission to:

1. Have the interests of owners of two- and three-wheeled vehicles protected in the same way as should be with owners of M- and N-category vehicles.
2. Have the ownership and use of the vehicle data protected in the best way, which is by governance of rules of access and the implementation of the Secure OTP for all L-, M- and N-category vehicles.
3. Make provisions in the Data Act for subsequent owners of vehicles.