Society of Collision Repair Specialists (SCRS) issued the following announcement on Dec. 15
Hyundai is making it easier for its customers to control access to their connected vehicle data and personal information, through controls that can be accessed through the MyHyundai.com website.
The controls allow the customer to turn on and off certain features, including the service that controls automatic crash notifications.
Hyundai Motor America said it was taking the action in response to its customers’ concerns about data privacy, as well as its own.
“Our customers care about privacy now more than ever, and so do we,” Manish Mehrotra, executive director, digital business planning and connected operations for Hyundai Motor North America, said in a Dec. 8 press release. “As a leader in providing next-generation connected car technologies, we are pleased to introduce user-friendly interfaces that allow owners to learn and control how connected vehicle data and personal information is collected, used, and shared.”
“Our goal was to make it as easy as possible for our customers to understand and control their data,” Alma Murray, assistant general counsel, privacy and cybersecurity, for Hyundai Motor America, said in the release.
Responding to questions from Repairer Driven News, Hyundai said that no telematics sharing is necessary, and turning off data sharing will not affect the safety, efficiency or driveability of the vehicle.
“Owner access to recalls and vehicle repairs is still available at our dealerships as it is for anyone with or without a connected services subscription,” the OEM said.
Murray said the enhancements were inspired by the research of the Carnegie Mellon University CyLab Usable Privacy and Security Laboratory (CUPS), and its efforts to make privacy more usable.
CUPS “brings together researchers working on a diverse set of projects related to understanding and improving the usability of privacy and security software and systems,” the organization’s website states.
Through the new “My Data and Privacy” page, accessible through “My Account,” anyone who owns or leases a Hyundai vehicle can manage privacy settings for their account, for data collection used to enable vehicle features and services, for communications preferences and for telematics services, such as the monitoring of vehicle health and diagnostics.
The page gives customers the ability to deactivate their “Hyundai Digital Key,” a featured introduced on the 2020 Sonata. The Digital Key allows a vehicle to be unlocked, locked, started and driven with a smartphone, and also allows the primary user to share Digital Key access with three other users.
Customers can also turn on or off Bluelink services, which use telematics to enable crash notifications, remote actions like remote start, diagnostic trouble code alerts and maintenance reminders, and Driving Score, which gives drivers feedback meant to help them improve their driving behavior.
“Turning off Bluelink connected services will stop all data sharing from the vehicle, but will also prevent owners from being able to access the convenience features offered as part of that enrollment,” Hyundai told RDN.
The Data and Privacy page also lets customers opt out of receiving marketing offers through Hyundai Financial Services and SiriusXM.
Lorrie Cranor, director of the CyLab Usable Privacy and Security Laboratory (CUPS) at Carnegie Mellon, said her organization was approached by Hyundai officials. She said the lab suggested approaches to “better privacy policies and privacy consent notices,” though it did not develop the Hyundai site.
In an interview Tuesday, she said Hyundai is one of a number of companies that are “trying to figure out how to be more transparent with the data that is being collected.” The ultimate goal, she said, is “to give people control over their personal information and have informed consent.”
“In general, companies want to comply with current and anticipated laws and also to be a trusted company with their customers,” Cranor said. “I assume that many of them are talking about these kinds of things.”
Companies no doubt have their eye on California, where the California Consumer Privacy Act of 2018 (CCPA) has given consumers more control over the personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law.
The CCPA, which could serve as a model for other states considering such laws, secures new privacy rights for California consumers, including the right to know about the personal information a business collects about them and how it is used and shared; the right to delete personal information collected from them (with some exceptions); the right to opt-out of the sale of their personal information; and the right to non-discrimination for exercising their CCPA rights.
“Other states are starting to talk about this,” Cranor said. For the most part, legislators are interested in permitting the collection of data essential for providing a service, while restricting the use of that data for other purposes.
For example, she said, a navigation system might use a driver’s GPS coordinates to tell them where they are, but might not be permitted to tell the driver that there’s a Starbucks just ahead without the driver’s consent for the use of their data in that way.
Currently, whether or not a customer’s data can be used without their consent varies from jurisdiction to jurisdiction.
Cranor noted that Hyundai’s approach was not a blanket yes or no to the collection and use of their data, but a series of permissions allowing the customer to tailor the settings.
Since customers tend to be suspicious about the use of their data, and tend to assume the worst, putting such policies and controls up front can give greater peace of mind, she said.
She said Hyundai was not the first company in the automotive sector to approach CUPS for help with the issue. Here.com, whose technology is used to power OEM navigation systems, also consulted with the lab.
By the way, Hyundai adopted a more accessible presentation of its general privacy policy on Nov. 1. Unlike the “10 pages of fine print” that Cranor said companies usually rely on, the site breaks down into blocks to describe “how we collect, use, and share your personal information, including, as applicable, your rights regarding access, deletion, opting-out, and correction of your personal information.”
Original source can be found here.