Connected car

from Wikipedia, the free encyclopedia
HSTools.svg

This article was entered on the quality assurance page of the car and motorcycle portal .
Please help improve it and join the discussion . ( + )

The articles Car2Car Communication , Networked Car and Connected Car thematically overlap. Help me to better differentiate or merge the articles (→  instructions ) . To do this, take part in the relevant redundancy discussion . Please remove this module only after the redundancy has been completely processed and do not forget to include the relevant entry on the redundancy discussion page{{ Done | 1 = ~~~~}}to mark. Tkarcher ( discussion ) 10:52, 11 Aug 2015 (CEST) and A. Abdel-Rahim ( discussion ) 16:58, 25 Jul 2016 (CEST)


A connected car is a vehicle that is connected to other vehicles and the environment via the Internet and can communicate in all directions.

definition

A legal definition or a generally accepted definition of the German or English terms “networked vehicle” or “connected car” does not yet exist.

In the journal Recht der Datenverarbeitung , the networked car is defined as follows: “The automobile of the future will be a rolling computer that is networked with the environment, the infrastructure and the Internet. Associated with this is the disclosure of a large number of personal data. "

In the journal Kriminalistik as follows: “The equipment of a vehicle with at least one module which connects the various sensors and / or storage capacities in the vehicle with at least one other device, network or service outside the vehicle. This includes connections to the Internet, to other vehicles ( Car-to-Car ), to houses (Car-to-Home), to the manufacturer or other companies (Car-to-Enterprise) or to other infrastructure components ( Car-to-X ) with a."

Properties of the connected car in the present and future

On-board computers (automobiles) , assistance and safety features as vehicle electronics (e.g. anti-lock braking system , electronic stability program , parking aids) and reversing cameras are already integrated components of the car today. In addition, the on-board diagnosis (OBD) vehicle system , for example, is already collecting data that was previously used as a source of information for workshops. The OBD was developed and introduced to monitor components relevant to emissions.

Accordingly, the connected car is no longer a phenomenon of the future. Because already today, installing a SIM card in the vehicle creates the possibility of constructing connections for data and voice communication and also relieving the driver with driver assistance systems . The use of sensors and the acquisition and evaluation of data by the on-board computer (automobile) are part of the internal networking. The external networking of the automobile is characterized by the use of telecommunications and telemedia services while driving. These include, for example, navigation services , location-based services and the linking of the car with cellular devices.

In the future, the connected car will develop into an autonomous vehicle ( self-driving motor vehicle ). Corresponding prototypes already exist today. Regardless of this, the networking of the car with the environment will initially be expanded even more. Information and communication technology merge more and more with automotive technology and thus form a unit. Vehicles should be able to communicate with each other ("Car-2-Car") as well as with their environment ("Car-2-X"). Communication with the environment can take place via the infrastructure, for example. By collecting the data, early warnings of black ice, traffic jams or other obstacles should be made possible and road traffic should be made safer and faster.

In the interior of the vehicle, the data should be collected via sensors, cameras, microphones, seat occupancy and temperature sensors. This results in information and messages about processes, events, drivers and passengers. Data about the surroundings of the vehicle are to be collected via sensors, cameras, infrared and ultrasound. These give information z. B. about the outside temperature and other weather phenomena and should also contribute to safety. At the same time z. B. GPS systems ensure that the location and route of the respective vehicle can be determined continuously. These different sensors generate high quality data streams because they can be recorded imperceptibly and omnipresent. If they are bundled, they can provide detailed insights into driving behavior and privacy.

Data categories

The data collected by the connected car can be classified under various aspects. A differentiation according to significant areas induces a possible division into the following data categories: vehicle-related data, direct occupant-related data, environmental-related data and third-party-related data.

Vehicle-related data Direct occupant-related data
  • Basic data
    • model
    • Mark
    • Vehicle identification number
  • current position / position changes
    • speed
    • Acceleration and braking processes
  • Condition of the vehicle
    • battery
    • Brakes and other components
  • Identification information
    • Pin / passwords
    • biometric data
    • Hardware token
    • Credit card information
  • personal preferences
    • Seat adjustments
    • temperature
    • Radio station
  • Information about the behavior
    • Driving behavior
    • Interests of the passengers
    • Sound or video recordings from the interior
  • physical and mental condition
    • Response times
    • fatigue
    • Alcohol or drug use
Environmental data Third party related data
  • other road users
    • vehicles
    • cyclist
    • pedestrian
  • Transport infrastructure
    • Road Signs
    • Road conditions
  • Traffic incidents
    • Accidents
    • traffic jams
  • Environmental features
    • shops
    • Attractions
    • Events
  • Weather
  • Data resulting from contracts with third parties, d. H. with other than the car manufacturers
    • Navigation service providers
    • Cellular
    • Internet apps
    • Car insurance

Possible use of the collected data

There are a large number of people and companies who have an interest in the data collected from the connected car for various reasons.

There is a joint sales system of manufacturers, authorized dealers and authorized workshops, to which specialized services related to certain vehicle brands are assigned. Therefore, these entities are interested in the data collected from the connected car both to improve the vehicles and to check warranty cases, discover vehicle defects, guarantee vehicle maintenance and to enable documentation and evidence of incidents relating to product and contractual liability.

By precisely defining the problem on the basis of the data collected by the on-board system, independent workshops and breakdown services are able to carry out more precise and more thorough repairs.

Company car owners, fleet managers, car rental companies and car sharing companies are other potential buyers. Using the data from the networked vehicle, they can obtain knowledge of the location, nature of the vehicle and the driver's driving style.

Other potential data recipients can be insurance companies that are interested in the information from the networked car under the aspect of " Pay as you drive " (amount of the insurance premium to be paid depending on the driving style of the driver). The data of the connected car can also be of importance to government agencies such as the police and courts, if z. B. Traffic violations or accidents should be investigated.

Affected people

Networking the car means that data from various groups of people is recorded and used.

First and foremost, data is collected about the owner of the car. The owner of a vehicle is usually the buyer and owner. In the case of leasing or retention of title (Germany) , the owner of the vehicle is called the keeper.

Data is also collected on the driver of the connected car, who is only partially identical to the owner. For example, several people are involved and affected at the same time via the alternating users within families, companies, car rental companies or car sharing.

Under certain circumstances, data about passengers can also be collected. The same applies to third parties outside the vehicle, for example when dash cams are used.

Data protection according to the Federal Data Protection Act (BDSG)

Collection, processing and use of personal data

The BDSG only applies if personal data is collected, processed or used. The pure storage of data in the electronics of the vehicle is therefore to be regarded as unproblematic. The reading out of the data as well as the networking of the electronics are included in the survey.

Personal data / personal data

In the context of the right to informational self-determination , the simple statutory data protection law according to § 1 para. 1 i. V. m. Section 3 (1) BDSG continues to apply whenever personal data is available. "Personal data are individual details about the personal or factual circumstances of a specific or identifiable natural person (person concerned)." Basically, all data can be personal or personal, just as drivers, owners, owners, occupants and people outside the vehicle can be affected. Whether the data is evaluated as personal or vehicle-related data ultimately depends on the collecting authority. If this point has additional information so that the data can be assigned to a specific person, it is personal / personal data. Without such additional information, there would be no personal reference. One example would be the motor vehicle workshop, which reads out corresponding data for the purpose of diagnosis and at the same time has information about the vehicle owner.

If data is neither directly nor indirectly related to a specific person, it does not fall under the BDSG and may be freely collected and used. An example of this would be if data from several end devices are combined in such a way that the individual data record can no longer be related to a specific person or only with a disproportionately large amount of time, cost and manpower. The data would thus be anonymized. Another possibility is pseudonymization .

Permission by legal regulation or consent

In addition, the so-called prohibition with reservation of permission must be observed. According to this, the collection, processing and use of personal data is fundamentally forbidden, unless this is permitted or ordered by law or the person concerned has given his consent . The responsible body must therefore be authorized by law to collect the data or have the consent of the person concerned. If this is not the case, there is a risk of high fines, administrative sanctions or claims for damages by those affected (§§ 7, 38, 43 BDSG).

Permission on a legal basis exists, for example, in the form of Section 28 Paragraph 1 Sentence 1 No. 1 BDSG. According to this, data processing is permitted if this is necessary for the establishment, implementation and termination of a legal or legal obligation relationship with the data subject” . The data processing must therefore be necessary for the fulfillment of a contract or the implementation of pre-contractual measures. The criterion of necessity, which applies in general, is, however, to be regarded as problematic in this case, as it is closely linked to the contractual content and thus, depending on the design of the contract, can justify comprehensive data processing on the basis of legal permission. Further legal bases for data processing can be found in §§ 27–32 BDSG. In addition to the BDSG, other legal provisions can of course be found that legitimize data processing on the basis of law. Another well-known example in this context is the much discussed eCall system, which will be mandatory for every newly registered car from 2018. In the event of an accident, for example, the last known geographical position of the vehicle, the vehicle identification and the direction of travel are transmitted automatically or at the push of a button in order to enable the fastest possible rescue. Here, data processing for the purpose of hazard prevention is legally regulated on the basis of an EU regulation.

Consent, on the other hand, is only effective if it is based on the free, specific and conscious decision of the person concerned. The data subject must also be informed transparently and completely about the data processing.

Information requirements and rights of data subjects

The BDSG continues to try to guarantee transparency in data processing with various information obligations and data subject rights. This includes corresponding rights to information (§§ 19, 34 BDSG), information and notification obligations (§§ 4 Paragraph 3, 19a, 33 BDSG) in order to gain knowledge of which data is stored about the person concerned, rights for the purpose of correction, deletion and to block data (§§ 20, 35 BSDG) and information obligations according to § 42a BDSG in the event of unlawful knowledge of data.

outlook

Necessary design

Data protection in the connected car will not only become more relevant from a legal perspective in the future. In times of big data and data scandals, a successful concept will above all be accompanied by a significant competitive advantage for companies. In the future, it will be necessary to enable innovative technologies, services and business models through appropriate contractual design and appropriate technical implementation, while at the same time protecting the personal rights of consumers.

Concrete concepts are to be developed that reduce the need for personal data as much as possible and keep it to a minimum in the interests of customers. Personal data should only be collected and processed if they are absolutely necessary to fulfill the function. The persons authorized to process should also be restricted as much as possible. Particular attention will also have to be paid to the transparency of the data transmitted. Ideally, the data should only be stored temporarily in the vehicle.

The consent of those affected will probably serve as the basis for data handling in the networked car in the future. The information and clarification obligations of the vehicle manufacturer could be reflected in far-reaching and extensive contracts or leaflets. The question remains to what extent this can be shaped by those affected and, above all, also transparent without overburdening the affected person. However, the consent of third parties (occupants, other road users, etc.), who, as the owner or driver, cannot decide on a contract or settings and usually have no knowledge of a possible data transfer, also poses a challenge. The same applies to questions about the responsible body, which often cannot be clearly assigned.

In order to ultimately make the concepts user-friendly and at the same time legally compliant, a further development of the law on data protection seems inevitable, even if data is currently mainly still processed within the car. The future concept for data protection and data security will have to relate in particular to the basic right of informational self-determination. The legislature is required to create a balanced data protection regime that creates legal security for consumers and industry when using connected cars. The further development of the connected car and the EU data protection reform , which will be based on the principles of “privacy by design” and “privacy by default”, must also be awaited .

Privacy by Design (data protection through technology)

The privacy by design principle checks, takes into account and integrates data protection requirements as well as data security in the development phase of new technologies so that errors and gaps can be proactively avoided. During the development of technical solutions and their integration, it is checked in the planning process to what extent personal data can be restricted overall. Data protection is therefore included and ensured in the overall concept right from the start during design and manufacture. This consideration and implementation of security technologies at the earliest possible point in time promotes a coherent overall concept for privacy protection and prevents complex, incomplete and possibly faulty or even impossible retrofits that might be necessary. It enables the data subject to easily control and restrict the processing of their data. Even if § 9 BDSG has been regulating this for a long time, the practical implementation is now taking place with the privacy by design principle in the form of the new data protection reform.

The privacy by design principle includes, for example:

  • Anonymization and pseudonymization techniques
  • integrated encryption methods
  • User authentication
  • basic data economy
  • the separation of identification and content data (e.g. when using location-based services)

Privacy by Default

"Privacy by default" means a data protection-friendly basic setting of the information technology systems. Standard settings are preset here, which comply with the basic data protection requirements. These should be guaranteed from the first use and even if the factory settings are not changed and the technical initial configuration is used, so that the user can assume that his privacy will be preserved at all times. The settings should be preprogrammed to be as privacy-friendly as possible. This would be achieved if the standard settings initially did not process any personal data.

Possible implementation of privacy by design and privacy by default in the connected car

The privacy-by-design and privacy-by-default principles could also be implemented sensibly in connected cars. The decision about data processing would therefore have to be made by the driver himself. Mere information about data collection and transmission, as would be the case in pre-arranged contracts, would not be sufficient. The generous display options and displays that are already available in the car offer good implementation options. Each individual driver would have to be able to make individual data protection settings and thus consciously declare or deny their consent. This would at least address the problem with the consent of different drivers. A registration (authentication) of the individual drivers on the vehicle is conceivable here, after which the desired settings can then be made. The handling of the resulting data (recording, display, deletion, forwarding) should be controllable at all times and the settings made should be reset. In addition, of course, user-friendly factory settings in the sense of privacy by default should also be preprogrammed, which can then be changed accordingly.

literature

  • Jürgen Bönninger: Mobility in the 21st century: safe, clean, data-protected . In: DuD data protection and data security . No. 06/2015 , 2015, p. 388-389 .
  • Benedikt Buchner: Data protection in the networked automobile . In: DuD data protection and data security . No. 06/2015 , 2015, p. 372-376 .
  • Tobias Grabowski: Connected Vehicles: New Investigative Approaches in Criminal Proceedings? . In: Kriminalistik , No. 4/2018, 2018, pp. 208–215.
  • Marit Hansen: The network in the car & the car in the network. Challenges for a data protection-compliant design of connected vehicles . In: DuD data protection and data security . No. 06/2015 , 2015, p. 367 .
  • Gerrit Hornung : Rights of disposal to vehicle-related data . In: DuD data protection and data security . No. 06/2015 , 2015, p. 359-366 .
  • Dennis-Kenji Kipker: Privacy by Default and Privacy by Design . In: DuD data protection and data security . No. 06/2015 , 2015, p. 410 .
  • Joachim Rieß / Sebastian Greß: Privacy by Design for automobiles on the information superhighway . In: DuD data protection and data security . No. 06/2015 , 2015, p. 392-395 .
  • Alexander Roßnagel: Equalization of basic rights in the networked automobile . In: DuD data protection and data security . No. 06/2015 , 2015, p. 354 f .
  • Sebastian Schwichtenberg: "Pay as you drive" - ​​new and well-known problems of data protection-compliant design of networked vehicles . In: DuD data protection and data security . No. 06/2015 , 2015, p. 379 .

Web links

Individual evidence

  1. Quoted from RDV online: Data protection in networked cars, part 1. Scurrying computers and limping data protection ( memento of the original from May 22, 2015 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. . In: RDV online , May 12, 2015. Retrieved July 19, 2015. @1@ 2Template: Webachiv / IABot / www.rdv-online.com
  2. Grabowski: Networked Vehicles: New Investigative Approaches in Criminal Proceedings? In: Kriminalistik 4/2018 . CF Müller GmbH, Heidelberg April 13, 2018, p. 209 ( kriminalistik.de ).
  3. ^ A b Hansen: "The network in the car & the car in the network." 2015, p. 367.
  4. Hornung: "Rights of disposal to vehicle-related data." 2015, p. 359.
  5. Roßnagel: "Equalization of basic rights in the networked automobile." 2015, p. 354.
  6. Volker Lüdemann: Connected Cars . In: ZD 06/2015, pp. 247-254.
  7. Harald Kaiser: data acquisition in the car, spies on board Stern. Retrieved July 16, 2016
  8. Roßnagel: “Equalization of basic rights in the networked automobile.” 2015, p. 355 f.
  9. Roßnagel: “Equalization of basic rights in the networked automobile.” 2015, p. 355.
  10. Note: The TMG is relevant for multimedia applications in networked cars, which will be telemedia on a regular basis. In the case of telecommunications services, the TKG takes precedence. For content data, the BDSG remains applicable.
  11. Federal Data Protection Act (BDSG) aF §§ 1 (2), 3 (3) (4) (5)
  12. a b c The connected car as a challenge for data protection . Michael Kamps. Retrieved July 10, 2015. p. 18.
  13. a b c Hornung: "Rights of disposal to vehicle-related data." 2015, p. 364.
  14. § 3 Paragraph 1 BDSG old version
  15. Hornung: "Rights of disposal to vehicle-related data." 2015, p. 361.
  16. § 3 Paragraph 6 BDSG old version
  17. § 4 Paragraph 1 BDSG old version
  18. Buchner: "Data protection in the networked automobile." 2015, p. 375 f.
  19. Bönninger: "Mobility in the 21st century: safe, clean, data-protected." 2015 p. 389.
  20. Note: For eCall and other telecommunications services, the TKG is relevant instead of the BDSG.
  21. § 4a BDSG old version
  22. The connected car as a challenge for data protection . Michael Kamps. Retrieved July 10, 2015. p. 19.
  23. Buchner: "Data protection in the networked automobile." 2015, p. 376.
  24. Buchner: "Data protection in the networked automobile." 2015, p. 372.
  25. Schwichtenberg: "Pay as you drive" - ​​new and well-known problems. 2015, p. 379.
  26. Hornung: "Rights of disposal to vehicle-related data." 2015, p. 366.
  27. ^ A b Roßnagel: Equalization of basic rights in the networked automobile. 2015, p. 358.
  28. The connected car as a challenge for data protection . Michael Kamps. Retrieved July 10, 2015. p. 19.
  29. Rieß / Greß: Privacy by Design for Automobiles on the Information Highway. 2015, p. 395.
  30. Bönninger: Mobility in the 21st century: safe, clean, data-protected. 2015, p. 388.
  31. Volker Lüdemann: Connected Cars . In: ZD 06/2015, pp. 247-254.
  32. a b c Kipker: Privacy by Default and Privacy by Design. 2015, p. 410.
  33. a b Bönninger: Mobility in the 21st century: safe, clean, data-protected. 2015, p. 389.
  34. Rieß / Greß: Privacy by Design for Automobiles on the Information Highway. 2015, p. 392.