July 7, 2016

New code of practice for collecting data from connected vehicles

BVRLA’s code provides guidance about ownership and collection of data

As the connectivity of company cars and vans increases, there is growing debate over the ownership and collection of data from these connected vehicles, and the definition and protection of personal data.

Today’s generation of new cars and vans have increasing points of connectivity designed to provide greater information about the condition of the vehicle, to monitor its performance and to identify when some form of remedial action or intervention may be required.

Once we enter the realm of telematics, this may also relate to the performance and driving behaviours of the driver, and the fuel consumption and emissions levels of the vehicles concerned.

Connectivity in cars and vans is becoming more common-place and the majority of drivers already use apps like Google Maps and sat-navs to plan journeys. But with experts predicting 90% of new cars will be connected by 2020, sharing real-time information on an increasing scale may soon become the norm.

Vehicle manufacturers (OEMs) say this has the potential to offer significant economic, environmental and societal benefits and have invested huge sums in making it a reality.

Who owns the data?

This is the key question in the whole issue. The OEMs are very keen to get their hands on the data generated for a number of reasons. These include the monitoring of the vehicle’s performance and the ability to influence the vehicle’s life in terms of servicing, maintenance and repair (SMR) plus other factors, such as emissions, component life and fuel consumption.

To collect such data should seemingly require the permission of the owner or driver of the vehicle, especially when the terms of the latest data protection legislation are taken into account.

However, in a large number of instances, the vehicle may not be owned by the driver and may be owned by a third party which provides the vehicle for the driver’s use.

The most common of these scenarios is when a car or van is provided by a leasing supplier to a client company, which then provides the vehicle for the use of a company car or van driver in the performance of their business activities.

What happens then?

To try and provide a framework for data collection from connected vehicles in this instance, the leasing industry’s trade association, the BVRLA, has developed a code of best practice to outline the key principles in respect of data collected from leased vehicles.

This is intended as guidance for the leasing company, its customers and its customers’ drivers, and for use in negotiations with OEMs when they are introducing new terms for connected vehicles.

The BVRLA also suggests the code could be used as a starting point for discussions between leasing companies and their customers over what data could and should be collected, and how it is being used in leased and rented connected vehicles.

It is also intended to raise awareness amongst all parties of the importance of protecting personal data and, in the case of the leasing company owner, the asset itself.

Obtaining agreement first

The best practice code states that the starting point to the data collection process should be that the OEM seeks agreement and approval with each leasing company, before contacting the leasing company’s customers and drivers.

In addition, to collect any personal data which may involve the name of the driver, the written permission of the driver must first be obtained. This personal data may include, but is not restricted to, any data collected via in-built real time connectivity devices or automatic and periodic vehicle data downloads.

Where the data collected is specific to the vehicle rather than the driver, the BVRLA guidance suggests that the leasing company should agree to its collection by the OEM, provided the data is then shared with the leasing company in an agreed electronic format.

Any personal data relating to the driver collected at the same time should be held in an anonymous form so that the identity or any personal data about the driver or vehicle occupants cannot be established, the code suggests.

Driver data – dos and don’ts

Once the driver has given permission in writing for data to be collected from their vehicle, the BVRLA code of practice makes several further recommendations.

For example, should the vehicle owner, the leasing company, receive a complaint from the driver about the inappropriate use of their specific data, the OEM should to immediately stop contacting the driver, through all channels, for anything other than safety related services.

Furthermore, the OEM should not sell or provide access to the driver or vehicle data without the owner’s prior written consent, or a court order in the case of criminal proceedings.

When it comes to vehicle servicing, the code of practice suggests the OEM should not provide any direction to the driver for where to place SMR work or any incident management services.

These include tyre or glass replacement or repair, vehicle serving and maintenance, mechanical repairs, MOT, safety recall or service update, or accident management services.

Leasing companies typically have their own third party suppliers for these services, and the code of practice therefore suggests safeguards for their use instead of the OEM’s own preferences.

The BVRLA code of practice is currently being adopted by the European federation of leasing companies, Leaseurope, which also sees benefits in having a framework which allows drivers to enjoy the benefits of new technology, whilst having access to leasing company services and appropriate data protection.

If you would like to discuss the topic of data collection and connected cars and how it might affect your fleet, please get in touch.