Navigating Data Privacy in the Automotive Industry: Insights by Praveen Sasidharan

The automotive industry is undergoing a significant transformation as connectivity and data analytics advancements are revolutionizing how vehicles interact with their surroundings and each other. This era of connected vehicles has brought about numerous benefits, including improved safety features and the development of autonomous driving technologies. However, with the surge in data collection, concerns regarding privacy and data protection have also been raised.

In the digital era, automotive companies are introducing tech-forward products that incorporate IoT technology, enabling communication between vehicles and connected devices. This advancement has led to remote diagnostics, real-time data monitoring, and the development of autonomous driving vehicles. Additionally, automotive companies are utilizing technology for supply chain management and enhancing customer interactions through digital platforms.

The collection of a large volume of data, including personal data of vehicle owners, has raised questions about data ownership and usage. According to the Deloitte Global Automotive Consumer Study, Indian customers are increasingly concerned about the security of data shared with connected vehicles. In response to these concerns, the Indian Parliament passed the Digital Personal Data Protection Act in 2023 to safeguard personal data.

The Act enforces personal data privacy in India and outlines the rights of data principals and penalties for non-compliance. Recognizing the privacy concerns surrounding connected vehicles, the Automotive Research Association of India developed AIS 189 (DRAFT), a technical standard for automotive security and data privacy in connected vehicles.

Auto OEMs face challenges in addressing privacy concerns effectively and must implement a robust privacy framework to ensure compliance with the DPDP Act. This framework involves data minimization, well-defined purposes for data collection, security mechanisms, data anonymization, guidelines for sharing data with third parties, and mechanisms for enforcing privacy regulations.

Investments in a privacy compliance program will pave the way for developing consumer trust and strengthening information security practices as the automotive industry continues to embrace connectivity and data-driven innovation. The Indian government’s DPDP Act and AIS 189 (DRAFT) provide a framework for safeguarding privacy in the automotive industry.