How the Data Act is Impacting the Connected Car World

The Data Act aims to promote the sharing and transparency of data through the introduction of standards. Following a political agreement between the European Parliament and the EU Council in June this year, the Act is now ready for formal approval. In a recent Car Repair 4.0 webinar, automotive and legal experts discussed the impact of the Act on non-personal data. What will change in the three-way relationship between manufacturers, car repair shops and vehicle customers as a result of the new act? What will the legal framework look like in terms of data protection, trade secret protection and compliance?

Who actually benefits from fairer access rights to vehicle data under the Data Act? What is meant by a better distribution of added value in the exploitation of non-personal data? Are the legal guidelines of the planned law sufficient? These were the key questions posed by the speakers and participants in the webinar hosted by Car Repair 4.0 (CR 4.0) and the eco Association.

How the Data Act promotes data sharing and cooperation

Michael Dittmar, co-owner of Dittmar und Stachowiak GmbH and head master craftsman of the Bochum guild, used the first brief impulse and a subsequent discussion round to approach the aspect of data sharing and cooperation. He explored the thesis that the law can ensure a fairer distribution of added value in the use of non-personal data. And that there is an opportunity for car repair shops to share data and cooperate.

“In the current situation, data produced by a vehicle is sent to the manufacturer, who uses it for themselves. Car repair shops that are not part of the group have problems accessing it. If a car is due for a service, car repair shops do not have the opportunity to contact the customer directly,” says Dittmar.

Car repair shops would no longer be able to share data collected by a repair shop and contribute to the repair solution only in chats or specialist groups. The data could also be made available in a pool. Other car repair shops would thus receive comprehensive information, tips or, in the best case, diagnoses, says Dittmar. As the Data Act can force manufacturers to make data available to independent car repair shops, the result is improved data access and fairer data distribution. These, in turn, strengthen the relationship between car repair shops and customers - and the competitive situation of independent repair shops as a whole.

Challenges for data space operators

The Data Act deals with the interoperability of data and places requirements on operators of data spaces in Europe. A central question is how data must be provided in such a way that it is compatible and usable for everyone in order to enable the exchange of data between different players. Michael Dittmar: “Manufacturers must make data available in a standardized form so that car repair shops can search for specific solutions. At the moment, you have to make five requests to five different manufacturers.”

Innovation and quality through the Data Act

Magnus Komesker, research assistant in the Laboratory for Intelligent Agricultural Systems at Osnabrück University of Applied Sciences and contact person for CR 4.0 measurements, agreed with the thesis: “that encouraging data sharing can drive research and innovation in the automotive industry and more accessible data could lead to developers being able to develop and test new technologies faster.” In order to increase the added value of the Data Act for research and innovation, Komesker would like to see a sharpening of the Data Act. “The Data Act enables us to investigate megatrends at CR 4.0. The General Data Protection Regulation (GDPR) still prohibits individual user vehicle data that can be broken down into personal data.”

Magnus Komesker continues: “I, therefore, support the thesis. Just think of the topic of “artificial intelligence”, which we deal with at Car Repair 4.0 and which is currently on everyone’s lips.” A broad data situation is the essential basis for AI. Especially when you think of highly automated driving, data for the sensors that detect the environment and collected driving data are of enormous importance, according to the expert. If this data can only be assigned to one car manufacturer, this is not conducive to general development progress, says Komesker. Only permanent access as a workshop owner leads to bundled knowledge and, therefore, to faster and better solutions. A concrete example: a workshop supervisor who knows that the lambda sensor upstream of the catalytic converter on a certain vehicle model will fail after five years has information that a newly hired apprentice does not yet have. A pool of knowledge from which they can acquire a broad basic knowledge increases the level and speed at which specialist knowledge can be circulated. This increases the quality of repairs and the quality of work carried out by employees.

Relationships between data owners, users and recipients

Marco Müller-ter Jung, Partner and specialist lawyer for IT and technology law at Grant Thornton Rechtsanwaltsgesellschaft, illustrated who has to provide data to whom, what is meant by data and how exactly the provision of data works. The data protection expert used the three-way relationship between data owners, users and data recipients to explain the legal network of relationships. The starting point is the user, who can be a natural or legal person. The user owns, rents or leases a product or uses a service that generates data when used. Examples include smart devices, household appliances, consumer goods, medical devices, industrial machines and connected cars.

“The manufacturer or provider of this product or connected service in B2B or B2C is considered the data controller,” explains the lawyer. “They have the authorization and obligation to provide personal or non-personal data over which they have control. In the case of CR 4.0, the data recipient is the car repair shop,” says Müller-ter Jung. In order for them to offer maintenance and repairs, they need data from the owner for their commercial purposes, whereby the user must instruct the owner. In this triangular relationship, there is a right of access, which is triggered, in particular if the product is not designed in such a way that the user cannot automatically access the generated data. In the relationship between data owner and third party, there is an obligation to provide data. In short, the user of the data is the central figure in the Data Act. They determine whether and how access to the data is granted.

Fairer distribution and easier access

Data protection expert Müller-ter Jung, therefore, comes to the following conclusion: “The Data Act is intended to bring about a fairer distribution of the value created from data, easier access to and sharing of data, and a strengthening of small and medium-sized enterprises. These objectives on the one hand and data protection and trade secret protection on the other are in a state of tension.” The GDPR applies without restriction alongside the Data Act. As the aim of the latter is to break up the market position of certain players and achieve greater data transparency, access and exchange, it is contrary to data protection. Its principles include minimizing data, limiting the storage period, deleting data after use, purpose limitation and much more.

The user-centered focus of the Data Act raises a conflict with trade secret protection. It remains to be seen whether manufacturers will release information as data owners or invoke this law. Müller-ter Jung believes: “The Data Act will soften this law and the Trade Secrets Directive.” Tensions are, therefore, inevitable. Even though the Data Act only requires manufacturers' raw data to be shared and prohibits the use of data for competing products, there are major concerns on the manufacturer side.

Impact on company compliance

For Marco Müller-ter Jung, the implementation of the Data Act is a management task and requires governance structures. This applies to manufacturers of products and connected services that generate data during use - both in terms of design and contractual arrangements. “Data Access by Design” is enshrined in law as a compliance requirement and is an obligation for manufacturers. Products and services must be designed and manufactured from the outset in such a way that data can be accessed easily, securely and in real time as standard.

The contract must be drafted by the manufacturer in such a way that the right of disposal is assigned to them by the user. The relationship between data owner and recipient must also be contractually regulated. This concerns the costs of providing and binding the data. Data owners are obliged to document that the licenses have been obtained from all data users. In this respect, the legal expert advises establishing governance structures and a risk management system within the company.

Even if there are still many unanswered questions regarding the Data Act, how far the objectives can be achieved with the concept of the law remains to be seen. Nevertheless, it does present opportunities, in particular because the CJEU has ruled that independent economic operators, such as independent car repair shops and parts suppliers, must have unrestricted, standardized and non-discriminatory access to vehicle repair, maintenance and OBD information. This means that vehicle manufacturers may no longer make access dependent on conditions other than those laid down in Regulation 2018/858.

Ralf Schädel is a freelance IT editor. He was an IT Editor and Project Manager Cloud Services and Gaia-X at eco – Association of the Internet Industry at the time of writing.