Lifesaver with integrated data protection
The new emergency call system eCall may help reduce the number of people killed and gravely injured in traffic accidents through fast and efficiently activated rescue measures.
It is up to the automobile manufacturers to implement the system. Compliance with the new data protection regulations will also play an important role.
Data and services already accompany connected vehicles in almost any situation. This includes traffic accidents as a field of application for electronic systems that are supposed to activate quick and efficient emergency aid when necessary.
At the very least, data protectionists will be on site when the rescue services arrive. After all, personal information of the victims must always be accessible in case of emergencies.
Saving lives and protecting data — how does that fit together? Quite well, as the example of the new emergency call system eCall demonstrates. The acronym stands for “emergency call” and is a satellite-based emergency call system usually permanently installed in the car.
In the case of a major accident, it automatically establishes a connection to an emergency call center, reachable through 112, and transmits the exact position of the vehicle involved in the accident.
eCall is already being offered for retrofitting by several suppiers on the accessory market. But people thinking about getting a new vehicle don’t need to consider whether they want the system on board or not. In a specially issued regulation, Europe has pronounced eCall mandatory for future vehicles.
According to the regulation, vehicle manufacturers must equip all new passenger cars and light commercial vehicles with an automatic emergency call system from March 31, 2018 onwards.
eCall seems comparatively easy to realize
The automobile industry does not seem to be too worried about the regulation. The components for the eCall are already available in the suppliers’ assembly units. Amongst other things, the system requires a GPS receiver to determine the vehicle’s position, a GSM antenna to send the emergency call to the call center, as well as a handful of crash sensors to detect the accident.
The control unit making an emergency call and transmitting the exact location in the case of an accident, seems a comparatively easy task. Modern passenger cars have mastered many different data streams long ago.
Next to the vehicle identification number, they also send sensor data, as well as information like date, time of day, mileage, fuel consumption, fuel levels and tire pressure to their suppliers’ backend while they are on the road.
But this collection of data is surrounded by a lot of potential for conflict. Accumulated in the right way, the data may provide information about the vehicle’s movements, driving behavior and the driver’s personality.
It could be possible to find out if they buckled themselves in, whether they were driving too fast or whether they were feeling fit at the time of the accident. The automotive industry agrees that all machine data collected in the vehicle, which isn’t immediately deleted but saved, and which is therefore open to access by third parties, belongs in the category of personal data.
The protection of this data, or rather: the protection of the person connected to this data, is data protection’s main challenge.
Suppliers are able to offer their own eCall system
eCall seamlessly inserts itself into this predicament. Europe grants suppliers the possibility of offering the customer a choice of the supplier’s own emergency call system next to the obligatory one.
Data protectionists have no problem with the statutory version. It nearly lies dormant in standby mode until a crash triggers the release of the airbags. Only then does it send a defined set of data to the emergency call center.
Suppliers’ in-house emergency call systems, on the other hand, might put forward additional services and functions that deliberately utilize the potential of the vehicle’s big data.
A scenario is conceivable in which automotive manufacturers, together with exclusive partners, set up a rescue chain that stretches from private emergency services over treatments in hospitals all the way to the regulation of accidents.
As an example, a tow service commissioned by the manufacturer could arrive at the scene of the accident. The damaged vehicle could be transferred to the next brand workshop, which in turn immediately provides a replacement vehicle. The crucial question for the vehicle user at this point is whether they really want to make use of these services. In any case, it could be possible for the manufacturers to make money off the emergency call.
However, there are tangible rules in place here. “If a manufacturer doesn’t collect the data legally, he isn’t allowed to use it,” Volker Lüdemann, professor for commercial- and competition law at Osnabrück University and scientific director of Low Saxony’s data protection center, explains.
Carefully examining eCall’s launch regulation in regard to data protection shows that the legislature is fully up to date. It mirrors the latest state of the art legislation, as expressed in the European Data Protection Regulation (EU-DSGVO) which takes effect on May 25, 2018.
As a matter of fact, privacy and data protection are central components in the eCall regulation. Automotive manufacturers must lay their cards on the table for the installed emergency call system. They must explain which functions and services they offer, which third parties are involved and what costs arise for the use of these services.
The regulation also provides clear stipulations from a technical point of view. The data set for emergency calls may at most contain the information necessary for proper processing. eCall is furthermore no carte blanche to track a vehicle’s position data during normal operation.
Manufacturers must ensure the automatic and continuous deletion of data from the emergency call system’s memory. Only the vehicle’s last three positions may remain in the system’s memory, from which the current location and the vehicle’s direction of travel at the time of an accident can be determined.
Regular system or the manufacturer’s? The user decides
The vehicle owners and drivers are also called upon to do their part in regard to data protection. If the manufacturer offers its own in-house system as a choice, vehicle owners and drivers must explicitly agree to the processing of their data.
If this consent isn’t given, the manufacturer cannot pass the data on to third parties. Important to know: if you don’t agree to your data being processed, you don’t have to fear for any disadvantages. The usual emergency call system will always be in place.
Another specification of the EU regulation: manufacturers must provide comprehensive technical documentation of the installed eCall system in the vehicle’s manual. In a sense, this obligation of transparency competes with a request for information from the drivers. They have the chance to obtain information about the collection and processing of their data via the eCall system and can decide freely on its usage. However, in the end, they are called upon to seize this opportunity themselves.
For more information go to www.dekra-product-safety.com/connected-car
