The European auto industry, which is increasingly focused on connected cars and information services, is one of the main sectors intended to benefit from a European Union proposal last week to coax companies to share commercial data.
The legislation would create a system in the EU for intermediaries to help businesses share and monetize their data under conditions that protect privacy, security and intellectual property rights. These intermediaries must be legally established in the bloc and inform regulators about their activities. They must also process data in a secure environment that allows parties to withdraw their consent to share data, at any time. In addition, the intermediaries can’t use the data they handle for other purposes. The proposed legislation includes rules allowing companies to also access and process data from government bodies if it is anonymized, or stripped of information that could identify individuals.
Access to a wide pool of non-personal data could help auto makers develop consumer services using real-time vehicle location data, Margrethe Vestager, the EU’s vice president for digital policies and antitrust, said in presenting the legislation in Brussels last Wednesday.
Car companies have been reluctant to share data with competitors and business partners because they disagree about the conditions for doing so and don’t want to lose control over how customers access services such as car repairs or entertainment systems.
Despite nudging from EU authorities in recent years, car companies and other firms working on connected cars have disagreed over technologies and policies to enable secure data-sharing. The European Commission, the EU’s executive body, plans to propose additional legislation in 2021 that aims to expand access to vehicle data and help companies develop services based on that data. Next year’s proposal will address how car manufacturers make vehicle data accessible and how they could obtain data while respecting data protection rules and car owners’ rights, the Commission said in a strategy document published earlier this year.
The EU initiative is part of a broader effort to expand how the continent’s large businesses use data in the automotive, manufacturing and health-care sectors, among others.
A main component of the bloc’s data strategy is to “do it better than the [U.S.] and do it better than China” while still respecting personal data and European values, said Johanna Tzanidaki, director of innovation and deployment at Ertico, a Brussels-based association of companies, government authorities and research institutions working on digital transportation.
The draft legislation also includes measures to protect industrial data that is sensitive but not personal, such as intellectual property or confidential information. The EU’s 2018 General Data Protection Regulation applies only to personal information that identifies individuals.
European car manufacturers have said they would share data with other companies through remote servers, not directly from a driver’s vehicle, the European Automobile Manufacturers’ Association said in a policy paper published in 2016.
Separately, the Brussels-based lobbying group, whose members include BMW AG, Fiat Chrysler Automobiles NV and other big auto makers, has said cars could be exposed to hackers if companies can directly access vehicle data. “Every new external data interface increases the number of potential targets and entry points,” the group said on a website it created to clarify manufacturers’ views on the issue.
Last week’s EU proposal would prevent companies from providing data to government authorities in countries outside the bloc unless they receive law-enforcement requests that are subject to court review. The proposal also requires companies to guard against unauthorized access to data by using measures such as encryption or creating specific security policies.
European lawmakers and national governments will need to approve the legislation before it can take effect. They could push for changes during negotiations in the coming months.
More from WSJ Cybersecurity
Service providers and companies working on connected vehicles say manufacturers aren’t willing to share data in ways that help other businesses. “Part of the reason they’re not willing to share the data is because they want to get a head start in developing their own products,” said Laurianne Krid, director general of the Brussels office of the Fédération Internationale de l’Automobile, an association of national motoring clubs such as road service and safety organizations.
“The amount of data is critical to make sure whatever you’re designing, the algorithm or the system, works in real life,” she said. National motoring clubs might receive data from car companies too late, preventing them from developing some services that require high-quality data, she added.
In a study done for the European Commission, consulting firm McKinsey & Co. found that five unnamed European car manufacturers could save €25 billion ($30 billion) if they worked together on autonomous vehicle technology, sharing costs and technology developments.
The EU proposal could appeal to the auto industry if it leads to such cost savings, said Stephanie Lopes, a senior associate at law firm Bird & Bird LLP. But, she said, data sharing doesn’t come naturally to the car industry.
“It’s going to take some sort of cultural shift for companies to go from ‘This is our data, we don’t want to share it,’ to ‘Can we monetize it,’” she said.
Write to Catherine Stupp at Catherine.Stupp@wsj.com