Motorists have shown uncertainty about the transformation of car makers into tech companies and dealers could be left to explain their franchised partners’ ‘surveillance capitalism’, it has been claimed.

More than 75% of respondents to a survey of in-market car buyers, conducted by Parkers, said they do not want any kind of monitoring device in their vehicle.

But with OEMs currently working hard to source the semiconductor microchips that facilitate a new generation of connected cars, and with in-car e-commerce and customer data central to current and future profit streams, there is no scope for a u-turn.

“The automotive industry is in the midst of a massive transformation, where automakers are no longer hardware makers but are evolving into tech companies, and it represents the largest change to the automotive sector since the invention of the combustion engine,” said Mark Brown, the British Standards Institution’s (BSI) global managing director of cybersecurity and information resilience.

He added: “Connectivity is increasingly no longer an optional feature for vehicles, but embedded by design.”

E-COMMERCE AWARENESS

More than three-quarters of Parkers’ survey respondents stated they are averse to any connected car technology, making it clear that many are likely already unaware of the connected features in their current vehicle.

Parkers editor Keith Adams said franchised dealers would have to be more informative when giving advice about the capabilities of cars that track their owners’ behaviour on the road and the web as increasing numbers of OEMs look to monetise the data they gather.

Driving behaviour, location services, in-car internet access and cameras are all part of a growing list of data-gathering devices fitted to many modern cars.

However, Parkers found that just 10% of more than 550 people polled knew their car had a data agreement in place, as almost 90% asserted they would not like their car to share driving habit data with third parties.

National Franchised Dealers Association (NFDA) chief executive Sue Robinson said: “Consumers’ concerns over their personal data indicate the important role dealers play in the car-buying process both in terms of informing their customers about the data collected, the possible benefits of this to the driver, as well as clarifying any concerns the consumer may have.

“NFDA has always encouraged members to be transparent and as clear as possible with customers.

“Regarding personal data, the training received by retailers will depend on respective OEMs in line with type of data gathered by specific brands and the way this is done”.

Adams said: “With three-quarters of drivers uncertain about the implication of their car’s data-logging capabilities, I see a great opportunity for dealers to take a hands-on approach to advising consumers over the intricacies. Taking time to explain why their cars are logging data and the possible benefits of this is another touchpoint that dealers can be involved in, and a massive advantage over online sales.”

In a magazine for car dealers just after the 2016 US election, former Cambridge Analytica chief risk officer, Duke Perrucci, wrote that his analytic methods revealed “how a customer wants to be sold to, what their personality type is, and which methods of persuasion are most effective”.

He added: “It only takes small improvements in conversion rates for a dealership to see a dramatic shift in revenue.”

Parkers’ study of the current e-commerce landscape in connected cars showed the data usage intentions of the market’s key OEMs.

MG and Suzuki were the only brands to claim they gather no customer data from apps or their vehicles.

Many carmakers are using their connected car technology to offer paid-for vehicle upgrades through over-the-air updates, however.

These could include automatic high beam, adaptive cruise control or sat-nav updates delivered over-the-air.

Speaking at the Society of Motor Manufacturers and Traders’ (SMMT) recent SMMT Electrified event, Andreas Krüger, Volkswagen’s head of e-mobility, suggested that in-car e-commerce was already replacing the options list that had previously boosted dealer margins.

Over-the-air updates deliver a direct profit stream for OEMs and a direct link between the customer and the brand away from the traditional dealer/customer relationship.

“With ID.3 and ID.4 we are able to, in future, bring a refresh of a car every 12 weeks. We can do this like a mobile phone,” said Krüger.

“We can also sell a car and when, on a weekend perhaps, a customer desires sat-nav or more power, this can be ordered at a later date. This will change our car industry greatly.

“When we sell the car we may have a reduced margin, but, later, we have to see how we can bring a profit pool when we have the car in the market. This will be a change in lifecycle management.”

Mark Aryaeenia, the chief executive of vehicle data company, Verex – which manages the connected data for 13 car makers in the UK including Jaguar Land Rover (JLR), Renault and Mazda – told Parkers: “Car manufacturers are very much stuck in a product-centric approach, and they want to move away from it.

“They want to bring all different car ownership prospects, including electric charging, into one reference point – a brand’s app. This helps manufacturers transition into services too.”

CUSTOMER DATA CONCERNS

Consumer concerns are less likely to be about the impact on the relationship with their retailer, or the direct offer of relevant services – having become used to this via social media platforms – than the use of their personal data.

As Google and Apple prepare to update their own data policies – the former phasing out third-party online tracking cookies, the latter requiring app owners to ask for explicit permission to track users across other companies’ apps – Parkers highlighted the breadth of data that car makers already gather.

OEMs are increasingly embarking on “surveillance capitalism”, it said.

The term was coined by psychologist Shoshana Zuboff and describes a process which “unilaterally claims human experience as free raw material for translation into behavioural data”.

While some of this data is applied to service improvement, the rest is declared as a behavioural surplus and can be used to make predictions about motorists and their habits.

Otonomo, which works with BMW, ingests more than four billion data points per day from more than 40 million vehicles before interpreting the data to create new services.

Automotive manufacturers buy data from Otonomo to create “new revenue streams by enabling the utilisation of the vast amounts of data vehicles generate on a daily basis”, Parkers said.

Volvo, its sister company Polestar and Ford are among brands which have partnered with Google to extend the reach of their in-car systems into shopping and entertainment, meanwhile.

Parkers reported that Volvo discloses personal data to companies within the same group of companies and to different business partners, based on information found in the online owner manual of a recent XC90 test car.

It stated: “The business partners can be retailers, marketing research companies, research and development partners, social media companies and companies that Volvo makes use of for IT products and services.”

A Volvo spokesman said the brand was currently updating its policies, however, and added that all shared customer data would be anonymised.

CYBER SECURITY THREATS

In a clear response to the growing prevalence of data capture and sharing within the sector, this year has seen the introduction of the first connected automotive cybersecurity standard – ISO/SAE 21434.

Among other things, this demands an independently-audited cybersecurity management system (CSMS) for all vehicles in order for OEMs to gain Type Approval.

According to the BSI, keyless entry fobs account for just more than a quarter (26.6%) of cyber security threats against a vehicle.

While this is the second-largest threat, it’s clear that increased connectivity is creating potential issues elsewhere, with 32.9% of “common attack vectors” accounted for by a server, 9.9% from a mobile app and 7% from infotainment.

In his BSI whitepaper, Brown suggested the introduction of ISO/SAE 21434 in February this year could not have come soon enough, describing the list of recent hacking examples in automotive as “endless”.

Among the most notable data breaches were a ransomware attack on Honda in 2017, the 2018 theft of thousands of files of factory records from Tesla and an attack in the summer of 2018 which exposed secrets of the FCA Group, Ford, General Motors, Tesla, Toyota and Volkswagen.

In 2020, Tesla filed a lawsuit against a former employee after alleging that he uploaded code used in the company’s backend software system, WARP drive, exporting gigabytes of proprietary data to unknown third parties.