The automotive sector is making great strides in the IoT space. Cars increasingly include sensors which produce a stream of data, creating a phenomenon called the “connected car,” which uses web APIs to feed information to the consumer and manufacturer. This produces a huge amount of data which must be managed. In addition, APIs are used to control vehicle functionality.
For example, a car owner can use a mobile application to remotely lock/unlock their vehicle and activate the air conditioning five minutes before they get in. This mobile app connects to an API in order to interact with the connected car. In addition, within the transportation industry, an organization can remotely monitor its fleet to ensure its drivers are not driving longer than permitted, potentially falling asleep at the wheel. Car manufacturers such as Ford, Audi, Toyota, and BMW have already jumped on board the connected car trend, and it's only going to grow as car companies start collaborating with external developers. In fact, cars are on track to soon outnumber mobile apps as API consumers. The sheer amount of data sent to APIs by sensors in cars is staggering.
The rise of the connected car promises a host of benefits, but as with the rise of any new Internet-connected device, data privacy could become a stumbling block to adoption. When it comes to data ownership, the lines between the driver and the manufacturer have the potential to become increasingly blurred. Indeed, in the case of data collected for maintenance purposes and to ensure good service from the manufacturer, it may be assumed that the data belongs to the manufacturer. But what happens for connected cars that provide access “through” the car to Internet services? Whom should the user grant ownership of his/her data to? And consider the scenario of someone driving a car across national borders – how will the car/user, producing a stream of data including sensitive information