Earlier this year, in an open letter to the European Commission, the European Consumer Organisation (BEUC) advocated for urgent action to regulate the sharing of in-vehicle automotive data, with a warning that a failure to act could create a “data dystopian scenario”.  The BEUC’s letter painted a future where car manufacturers and owners of in-vehicle application platforms become the sole gate keepers of huge quantities of valuable data generated by ‘smart’ cars and autonomous vehicles (AVs).

It’s intrinsic to the operation of AVs and ‘smart’ cars that they collect and consume large amounts of data. The types of in-vehicle data generated by vehicles range from location/route data and telematics, to data that is unique to AVs, its occupants and the environment in which it is operating, such as external and internal image and audio data, and crash and vehicle control data.

Making in-vehicle data more widely available could be commercially useful for a range of applications. For example, insurance companies may benefit from audio and image data which identifies the cause of a crash or breach of road traffic rules. Location and route data could also prove useful for traffic management, road safety, and infrastructure and network planning.

The European Commission’s February 2022 publication of the Data Act: Proposal for a Regulation on harmonised rules on fair access to and use of data  (the Data Act) has the potential to unlock in-vehicle data for commercialisation and research.  With this new development on the EU landscape, it’s a good time to take stock of the position in Australia.

EU Data Act

The aim of the new proposed Data Act is to enhance access to and use of data, particularly data that is held in products or ‘things’. That is, tangible, movable items that obtain, generate or collect, data and are able to communicate the data, but whose primary function is not the storing and processing of data.

The Data Act is highly applicable to the automotive sector.  In fact, the Explanatory Memorandum that accompanies the Data Act notes that the development and potential for increased adoption of AVs is a compelling reason why this new legislation is needed. 

Under the Data Act, users of AVs and ‘smart’ cars will have a primary right to access all data generated by products and related services and this data will be directly accessible to the user by default or made available to the user without charge. At the request of the user, third parties will have a derived right to have access to data generated by products and related services. Data holders may also be required to make data available to public sector bodies in some exceptional circumstances. For example, where the data is needed to respond to a public emergency.

However, there are some concerns that the Data Act does not go far enough to require data sharing with third parties. The Alliance for the Freedom of Car Repair in Europe (AFCAR) is particularly concerned that the Data Act allows companies to block access to important information on the basis that the information is a trade secret, IP protected or otherwise detrimental to their commercial interests. AFCAR suggests that automotive specific legislation should be passed to overcome these issues.

Unlocking the vault in Australia

In Australia, there are currently no obligations for vehicle manufacturers to share the data generated or stored by AVs and other ‘smart’ vehicles. However, there are a number of potential avenues for the liberalisation of in-vehicle data.

1. The Motor Vehicle Information Scheme

The Motor Vehicle Information Scheme (MVIS) will provide a new avenue for Australian vehicle repairers to access data required to diagnose faults, service or repair vehicles.  When the Competition and Consumer Amendment (Motor Vehicle Services and Repair Information Sharing Scheme) Act 2021 commences on 1 July 2022, Australian manufacturers of light goods vehicles and passenger vehicles manufactured on or after 1 January 2002 (scheme vehicles) will be required to offer for supply “scheme information” at a price that does not exceed fair market value.

“Scheme information” is information prepared by or for manufacturers of scheme vehicles for use in diagnosing faults with, servicing or repairing those vehicles.  In certain circumstances, repairers may also access “safety information” (information relating to the hydrogen, high-voltage, hybrid or electric propulsion systems of the scheme vehicle, or any other systems prescribed by the scheme rules) and “security information” (information relating to the scheme vehicle’s mechanical and electrical security systems, or any other systems prescribed by the scheme rules).

On their face, these definitions could allow repairers to access the valuable datasets of telematics and geospatial data held by manufacturers.  However, the MVIS contains a series of exceptions that drastically limit the scope of data that can be accessed.  The following categories of data are excluded from access under the MVIS (amongst other exclusions):

  • data automatically generated and transmitted by a scheme vehicle, while it is being driven, regarding driver or vehicle performance (i.e. telematics data);
  • global positioning system data (i.e. driver location data); and
  • information relating to an automated driving system of a scheme vehicle.

The MVIS implements a scheme of information sharing which will allow independent repairers to compete fairly with manufacturers for car servicing and repair work by giving them fair access to the information needed to service and repair cars. However, further legislative reform is needed to unlock the valuable telematic and geospatial data generated by AVs and other ‘smart’ cars.

2. Consumer Data Right implementation in the automotive sector

Currently, the Consumer Data Right is only active in the banking sector; and it is expected to be extended to the energy and telecommunications sectors shortly.  If some form of the CDR were rolled out to the automotive industry, it could become a valuable tool to facilitate data sharing for ‘smart cars’ and AVs.

The CDR enables: (1) consumers to require information relating to themselves to be disclosed to them or to accredited third parties (a “consumer data request”); and (2) any person to request information about goods, products or services (a “product data request”).  Ultimately, the extent to which the CDR will enable data sharing in the automotive industry will depend on the future drafting of the CDR Rules and designation instruments for the automotive sector.  However, it’s feasible based on the structure of the legislation, that:

  • information relating to driver performance, GPS data, data from biometric, biological or health sensors and crash data could be nominated as “required consumer data” under the CDR Rules, and therefore accessible to consumers via a consumer data request; and
  • information relating to AV and ‘smart’ car specifications, vehicle performance and diagnostics, could be nominated as “required product data” under the CDR Rules, and therefore accessible to third parties via a product data request.

Although this is all dependent on the drafting of the future CDR Rules for the automotive industry, the CDR does provide one possible starting point for what data sharing reforms in the automotive industry might look like. 

3. The National Transport Commission’s Automated Vehicle Safety Law

In parallel, the National Transport Commission is formulating a framework for AV data sharing as part of its proposed Automated Vehicle Safety Law (AVSL).  Under the NTC’s proposed AVSL, it will establish a new regulator for in-service AVs, and the regulator will have the power to request data from automated driving system entities (which includes manufacturers of AVs).

The NTC’s 2021 Policy Paper on the AVSL recommends that the new in-service regulator for AVs should have the power to request the following categories of information:

  • product and technical information about compliance with the general safety duty proposed by the AVSL;
  • information regarding the parties involved in the AV’s operation, which may include information about the identities of the fall-back ready user for each AV, the driver, the registered owner, any remote driver and the occupants of each automated vehicle; and
  • information about the operation of the AV, which may include information generated by the vehicle about who was in control at a point in time, the vehicle’s location, speed, brake activation and acceleration, and any other information on the circumstances that may have caused or contributed to a crash.

The NTC is expected to propose draft legislation for the AVSL in 2022 which will provide more details about the data collection scope of the new proposed regulator.


Authors: Andrew Hii, Claire Harris, Joy Kim, Astan Ure and Lauren Arthur

Expertise Area