Navigating data ownership, security and privacy in electric vehicle ecosystem • EVreporter

The EV ecosystem of tomorrow is paved with data. The standardization of data ownership, robust security protocols, and clear data privacy regulations will be the cornerstones of this future.

Ravikiran Annaswamy, CEO and co-founder of Numocity, writes about initiating dialogue and action to ensure data privacy and protection as the ecosystem evolves.

Imagine hitting the road in your shiny new electric vehicle (EV). The battery purrs silently, and the GPS guides you effortlessly. But behind the scenes, a hidden world of data whirs to life. There is a continuous flow of data, from your vehicle’s battery health to vehicle performance, to the visited charging stations, payment details & some Personally Identifiable Information (PII), all moving into data centres or cloud systems for storage and processing.

Most companies believe data is the key to monetization. The amount of data collected is staggering. Experts predict a nearly sevenfold increase by 2030 up to 5 Exa Bytes (5000 million GB). This data will provide valuable insights but also present numerous challenges. This stored data paints a detailed picture: battery performance monitored by vehicle manufacturers (OEMs), charging grid details and usage managed by charger manufacturers, and even the location, payment and user information stored by charging stations.

The question remains: who owns this data, and how safe is it?

Currently, the data landscape is an open field. Vehicle companies traditionally lay claim to the data their vehicles generate. However, fleet operators with large numbers of EVs are increasingly challenging them as the data generated by the fleets as their own which will help them to operate the business much more efficiently.

This challenge over data ownership remains unresolved due to the lack of clear policies, guidance, and regulations. A lack of clear global policies adds another layer of complexity. Many countries, including India, are pushing for data localization, wanting EV data to be stored securely within their borders.

Upcoming regulations for data privacy

Privacy is paramount. Imagine someone knowing about your every move on the road, combined with your payment details and other personal information. This is why regions like the EU have strict data protection regulations like GDPR (General Data Protection Regulation).

India is on the cusp of introducing its own data protection legislation, the Data Protection and Data Privacy (DPDP) bill, which is expected to be enacted in the coming years. This bill will include key provisions to safeguard individual privacy, enforce data localization, and impose penalties for data breaches. This will mandate data minimization, requiring EV operators to collect only necessary data with masked information and not monetise stored data. It emphasizes explicit user consent for data collection, enhancing transparency and trust. The Act also grants users rights to access, correct, and erase their data, obliging EV service providers to facilitate effective data management.

Cybersecurity measures are essential

Data security is just as crucial as information; as data zips through the air, robust cybersecurity measures are essential. Think of them as digital guardrails protecting the data flow.

In the EV Charging ecosystem, newer standards like OCPP 2.0.1 act like a vigilant patrol car, constantly checking IDs and encrypting messages to ensure only authorized parties access your data. ISO 15118 offers secure, automatic EV identification and authorization through its Plug & Charge feature. It ensures secure communication with digital certificates and protects data integrity and confidentiality with robust encryption and signing mechanisms. Both OCPP and ISO 15118 use strong encryption, scrambling the data into an unreadable code. This makes it impossible for anyone snooping to steal your information, just like a locked safe keeps your valuables secure at home. These standards also enhance the user experience and provide advanced management functionalities, including user-friendly interfaces, intelligent charging features like load management and remote diagnostics, and comprehensive monitoring tools for CPOs. Additionally, securing the On-Board Diagnostics (OBD) port in your vehicles acts as a digital lock, preventing unauthorized access.

Looking ahead

The future of data security in the EV ecosystem hinges on the development and implementation of comprehensive data privacy and security frameworks. Imagine all the involved stakeholders – vehicle and charger manufacturers, governments and others – working together. Standardization of data ownership, robust security protocols, and clear data privacy regulations will be the
cornerstones of this future.

Governments worldwide are beginning to recognize the importance of data security, and they are expected to introduce new policies aimed at protecting the vast amounts of data generated by the EV ecosystem. These policies will likely focus on data localization, cybersecurity, and privacy, ensuring that data remains secure and is used responsibly. As we navigate the challenges and opportunities of the EV revolution, securing the vast and diverse data within the ecosystem will be crucial. By prioritizing data privacy and security and fostering collaboration between all stakeholders, we can build a resilient and trustworthy EV ecosystem for the future.

The EV ecosystem of tomorrow is paved with data. By prioritizing privacy, implementing robust security, and establishing clear ownership, we can ensure a smooth and secure journey for everyone.

This article was first published in EVreporter July 2024 magazine.

Also read: ABB acquires a controlling stake in Bangalore based Numocity