How Automakers Can Make Data Privacy an Advantage

How Automakers Can Make Data Privacy an Advantage

On the verge of the implementation day for the EU Data Act, it’s important to recognize the opportunities that it is intended to help unlock and the responsibilities that it is meant to instill. 

The potential areas of impact for automakers:

• Transparency into what data is collected and how it’s used

• Enabling third party access to vehicle data

• Vehicle data portability and interoperability

• Common and machine-readable formats for vehicle data

• Robust cybersecurity

Consumers, automakers, app developers, and service providers can (and want) to benefit from the data that connected vehicles generate today, but those benefits look different depending on which perspective you’re coming from. Consumers should financially benefit from the data their vehicles generate, or receive experiences or services that they find value in. Automakers should benefit from customer loyalty due to an improved ownership experience, as well as earn incremental revenue from those improvements. App developers and service providers should be able to extend existing products to utilize or improve from vehicle data, or create all new businesses that were never before possible.

The problem is that today, most connected vehicles, and current vehicle data aggregators, are designed to collect data, not securely share it so everyone can benefit. 

That’s how you end up in situations like the one that made headlines last year: an electric vehicle owner saw his insurance premium spike by 21%… only to find out later that his driving data had been sent to a third-party broker without his knowledge.

The customer had technically opted in. But like most people, he didn’t realize what that meant, or that his car was quietly sharing his data in the background - supposedly for his benefit. This is an issue across the global automotive industry. Automakers want to offer digital and data-driven services to help drivers, but they’re doing it without the transparency, privacy and consent that can earn their trust.

And what is often overlooked is that trust is what makes these services sustainable in the long run. New regulations are only making these goals harder to achieve.

The good news is that with the right tools and infrastructure, automakers can do this: create apps and services that people (and regulators!) want and feel good about it since they are built to earn trust.

At DIMO, we’ve built a better way forward for connected vehicles. One where privacy is built in. One where users get clear choices, developers get the access they need, and automakers don’t have to choose between innovation and trust.

The Current Model Doesn’t Work

There’s no doubt that vehicle data is valuable in a variety of ways. But, the status quo often leaves everyone dissatisfied. Owners don’t have a clear view of what’s collected or if and how they can benefit from it. Developers face hurdles accessing data. And automakers shoulder the reputational risk of getting it wrong.

Why can’t we all benefit from it?

I know many people reading this have likely worked on connected vehicle technologies for over a decade, and as an industry, it’s come a long way. But, there are new technologies and tools like blockchain, secure enclaves, zero-knowledge proofs (ZKPs) and cryptography that allow for precise, permissioned and secure access which can be verified and audited. You can run computations on vehicle data without ever exposing it. You can enable apps to respond to vehicle events by only sharing the precise data point required. And, especially important for automakers, it can be run as a neutral open protocol, like email or TCP/IP, that can run forever without any dependency on a big tech intermediary. In other words, we can design systems that give users meaningful control without sacrificing utility. 

What a Privacy-First Future Looks Like

We’ve spent the last few years building infrastructure that allows vehicle data to move, but under the user’s consent and direction.

The global shift towards data privacy is why this matters more than ever. With regulations like the EU’s General Data Protection Regulation (GDPR) setting a high bar for data privacy (and U.S. states like California following suit) automakers everywhere are being asked to design systems that prioritize transparency, consent, and user control. DIMO’s infrastructure is built to meet these expectations across markets, offering a flexible, open-source path forward.

Take a simple example: you want to connect your vehicle to a parking app. That shouldn’t require giving up your entire location history or authorizing ongoing tracking. It should be a one-time connection, with a clear scope, and the ability to revoke access at any time.

Or imagine an AI agent that helps you manage your vehicle: initiating charging, sending service alerts and coordinating repairs. Those functions don’t require blanket data exposure; they only require narrow, permissioned access to specific systems.

In our vision of the not-so-distant future, a robotaxi doesn’t just drive itself; it’s part of a mesh network where cars, sensors, smart roads, and city infrastructure communicate in real-time. This is what becomes possible when vehicles, infrastructure, and services can share data and transact together (all securely and under user discretion). 

That future requires a protocol layer like DIMO where identity, access, and data-sharing are portable and can be trusted. 

The Path Forward

There’s no shortage of headlines warning about vehicle data abuse, surveillance creep, or the erosion of personal privacy. We’re reaching the point where customers aren’t just going to press ‘Accept’ when asked to activate the connectivity features when they first drive their new car off a dealer’s lot. And second or third buyers of those vehicles are going to want - and deserve - to know the driving performance history of their vehicles, and not just the hard copies of maintenance or service invoices which is about all that is available today.

In addition, AI and automation are changing how people interact with vehicles. But without the right infrastructure, that future will feel clunky or invasive (and users will push back). 

We’ve moved past one-way data sharing and software-as-a-service aggregation models. Cars won’t just send data out. They’ll take action based on what comes in: commands, payments and real-time responses. To make that work, we need a system that respects privacy at every step - and can then be audited to verify it.

At DIMO, we’re building something better for everyone: an open protocol where vehicle owners can benefit, developers can create freely, and automakers have an easier path to improve the customer experience. 

The connected car future we’ve all talked about won’t work unless people trust the system behind it. That’s why we treat privacy as the foundation for everything else. That’s the real unlock for automakers.