Who owns the data and how can it be kept secure are two important questions facing fleet. The race for control of information is rapidly gaining momentum

Vehicle data from connected and autonomous cars offers risk and rewards to fleet operators and suppliers alike.

Modern vehicles generate gigabytes of data every day, with information covering the vehicle, the road and the journey.

This information offers valuable insight about vehicle use, road conditions, vehicle status, driver inputs and a range of other data feeds.

For fleets, there is a wealth of insight that will help them understand vehicle use and driver performance, but the vehicles’ sensors could also power an entire industry of support services.

This includes servicing, tailored to the exact requirements of the vehicle, location-based advertising and driver support services.

In addition, the in-vehicle sensors could power a wealth of other third-party services, ranging from traffic information to weather data.

This has raised two important questions. First, who owns the data? Second, how can it be kept secure?

In the battle over data ownership, manufacturers hold the strongest cards, as it is ‘their’ vehicles that are generating insight on a daily basis.

However, those vehicles have often been sold to leasing companies who, as the new owners, want to control the customer relationship and the data from their assets.

In turn fleets, as the party generating the data, argue they should have a say in how any data is used, while drivers may contend their vehicle use is a private matter.

Additionally, third-party service suppliers are pushing EU legislators to force manufacturers to give them full access to vehicle data so they can develop new services, claiming anything less is anti-competitive.

Transport Systems Catapult aims to resolve the issue with the launch of an intelligent mobility data hub, an open data platform where information is securely shared.

Paul Campion, CEO of the Transport Systems Catapult, says: “It is a collection of data sets, relatively small today and it needs to grow. data we can provide to SMEs and companies to explore new alternatives for delivering business value, new platforms and new services.”

The debate is going to become more complex with the arrival of the EU General Data Protection Regulation (GDPR).

When the regulation is implemented in 2018, automotive manufacturers will have to comply with standards that define how consumer data is processed, shared and stored.

It also raises the issue of data security, particularly when it comes to managing personal information about drivers.

Legal expert Ashley Winton told a recent British Vehicle Rental and Leasing Association (BVRLA) conference that the complexity and scale of GDPR meant it was unlikely companies could be fully compliant in time.

Winton said: “There is no longer a requirement for monetary loss before you can bring a claim.

"If you suffer distress, you can bring a claim. Imagine you have thousands of fleet drivers suddenly distressed about their information being disclosed to a third-party.

"That will be quite an interesting case and that is where the risk will lie.”

The consequences of inadequate data management processes have been revealed in recent data breaches.

Most recently, credit agency Equifax revealed that data from 143 million customers may have been compromised in a security breach earlier this year. 

And recently a security expert reported a massive increase in large-scale personal data theft, involving individual cases where more than one million records were stolen.

Inga Goddijn, executive vice president for Risk Based Security, which revealed the figures in its mid-year Data Breach QuickView report, says: “In the first six months of 2013, 2014 and 2015, the number of large breaches hovered in the mid-teens.

"Last year that number jumped to 28, and now, for the first six months of this year, we’re tracking 50 incidents.”

Hacking accounted for 41% of disclosed breaches, with Goddijn warning: “There are a lot of moving parts to an effective patch management programme, but no matter how strong that process might be, it can be undermined when known vulnerabilities are missed simply because the organisation was not aware to look for them.”

Despite the risks, Campion says the industry is in a race to control data before it is lost to rivals, such as Uber.

He says: “Uber doesn’t want to be a taxi company any more than Amazon wanted to be a bookshop in 1997.

“Uber wants data. It wants to be the portal for your transport outcomes, last mile delivery and personal mobility. 

“I have nothing against Uber, it is fantastic. But if Uber is successful, then your data and my data is going to be locked up offshore and it is never coming back.”