It has become fashionable in the auto industry to promise to protect customer privacy. Volkswagen’s Chairman of the Board of Management Martin Winterkorn pledged to do just that in a speech before the CeBIT fair in Hannover, Germany, earlier this year. But he was speaking for the entire industry. Car makers want to be perceived as protecting customer information and the security and privacy of the vehicle ownership experience.

The reality is precisely the opposite of these pledges. Car makers and their owned and franchised dealers routinely mine their customer data for valuable nuggets regarding shopping and buying behavior, vehicle ownership, credit scores, service history and anything else they can access.

The ignition switch recall plaguing GM highlights the twisted priorities of the car makers when it comes to the way they handle customer data vs. the manner in which they handle vehicle data. Customer data is more or less freely accessed and traded but vehicle data is guarded and walled off from even internal access at some car makers – but at GM in particular.

The so-called “Valukas Report,” named for report author, Anton Valukas, Chairman of Jenner & Block, a law firm representing GM, notes a culture of don’t-ask-don’t-tell at GM with regard to vehicle data. (Redacted report: http://tinyurl.com/l4htcq5) But the situation is even worse than these findings suggest. Investigators (and even internal GM users) have struggled over the years and even to this day to pry data out of GM’s OnStar division.

Seventeen years after OnStar’s founding president, Chet Huber, set the tone for protecting customer data accessed by OnStar, the division continues to guard both customer and vehicle data long past the point at which it is prudent to do so.  It is time to recognize that vehicle connectivity is no longer about automatic crash notification. 

The connected car has come to be defined by an experience enriched by the visibility of vehicle data to analytics for diagnostics, location awareness, driver behavior and, above all, safety.  It is a time for a change in privacy policy and that change can take one of five paths:

1. Government mandated and centralized data sharing for the purpose of enhancing traffic and transportation data, improving vehicle safety, road use taxation, and mitigating driver distraction, harmful emissions and overall highway congestion.

2. OEM-enabled customer opt-in scenarios with appropriate transparency and data access along with customer control.

3. Independent third-party access (ie. Google, Verizon, Apple, Amazon, AT&T, State Farm, Allstate, etc.) for commercial purposes – contextual advertising, connected insurance, e-commerce, etc.

4. A hybrid of the above scenarios.

5. Complete data shut down.

There is little doubt that consumers and auto makers would prefer to keep the government out of the connected car business.  So let’s assume that the most palatable option is #2 – OEM-managed data gathering, interpretation and commercialization.

If OEMs are going to manage all access to vehicle data (aside from EDR data which is always subject to subpoena) then it is time to define the architectures to enable data gathering and identify the types of data that will be gathered.  In light of GM’s ignition switch recall, auto industry executives in the future will have a difficult time arguing that they did not know about a particular flaw in their vehicles, especially if the flaw was contributing to fatalities.

Connected car technology confers an obligation on auto makers to scrutinize their vehicle data to diagnose and anticipate vehicle failures. Unbeknownst to GM, the company arguably lost its ability to look the other way 17 years ago with the launch of OnStar.

As more car makers follow GM along the path of connectivity, the expectations of consumers will increase along with their willingness to share data.  In a recent Strategy Analytics survey of consumer sentiment regarding privacy, respondents universally supported sharing their data if it meant that it would enhance safety.

Car makers that insist on protecting customer privacy – along with vehicle data security – will find themselves on the wrong side of history, if not on the wrong side of an investigation.  The moral of the story is clear:  Safety trumps privacy in the auto industry.