Connected cars today send data to vehicle manufacturers, garages, insurance companies and spare part providers. These data are the basis for many new applications and business models. However, surrendering such data to sometimes unknown third parties poses risks endangers privacy protection. With the recently launched project SeDaFa, the Fraunhofer Institute for Secure Information Systems (SIT) is aiming at a solution to solve these problems. The guiding principle is enabling the driver to determine who can access which data.
Many electronic units in the vehicle store and transmit data, enabling new solutions to increase the driver’s safety and comfort. The downside is that they sometimes can also be used against the driver: Data on braking behaviour or driving speed can tell a lot about the driver’s preferences. Insurances who have access to these data can offer a more favourable tariff – or more unfavourable, depending on the data. Employers can monitor who, how and where company cars are driven. Many scenarios are conceivable that affect the driver’s personal privacy. In Germany, this is subject to public discussion; as recently as this week the automotive industry association VDA has signed an agreement with data protection offices that establishes certain rules on how to handle privacy data in and from the car.
The goal of the SeDaFa project is developing solutions that on one hand protect privacy-relevant data while on the other hand enabling OEMs and third parties to develop applications that make use of these data. The solutions will inform the driver in a transparent way about which data have been sent and for which purposes they can be used. Based on these informations, drivers will be able to decide themselves which data they want to disclose. Towards this end, the project brings experts from multiple disciplines to the table.
“Initially we investigate all data streams from control units, telematics devices, sensors and infotainment systems and where they go to,” explains Christoph Krauß, coordinator of the SeDaFa project and department manager at the Fraunhofer Institute for Secure Information Technology. “In the next step we analyse which consequences this can have to the driver and whether the data contain personal details or not.”
Data on speed, for example, allow interested parties to investigate where exactly the driver moved – simply through information on road conditions, traffic lights, crossroads etc, even if these data do not contain any navigation data. Within the project, the experts develop concepts how a customer can reveal insights to vehicle data without affecting his privacy. An example is wearing parts: Parts suppliers have an interested in knowing how fast certain parts wear away. For this purpose, it is possible to attach random data to the driver’s data so that not the exact driving behaviour of a person is transferred but instead an average value that does not affect the wear prediction.