3rd ICAI 2024

International Conference on Automotive Industry 2024

Mladá Boleslav, Czech Republic

a similar basis (Samuelson and Zeckhauser, 1988; Syrmoudis and Mager et al., 2021); (b) the necessity of a B2B agreement between the manufacturer and the aftermarket data buyer (concerning the actual disclosure of a certain volume and content of data and the related protection of IPR and trade secrets, the transfer of liability for damage or misuse of the data, the format of the data and the technical aspects of its disclosure, the payment for it...), which may not be easy to negotiate, as it is the most valuable and sensitive data that enables individually targeted advertising and service offerings; (c) the delay that the aftermarket will have in developing and offering its services behind the manufacturer and providers integrated into its eco-system, where the necessary data will be available well before the user decides with whom his data should be shared and before the conditions under which the independent operator can actually access it are subsequently agreed (CLEPA, 2023). Although we have no experience at the moment of how the Data Act will work in practice, the suspicion that aftermarket access to in-vehicle data, functions and resources will not be effectively addressed by it and that the regulation will therefore not sufficiently cover what was left uncovered by Regulation 2018/585 seems justified. Finding an optimal solution for sharing data generated by connected cars is not easy for several reasons, all of which have been outlined above. From an impartial point of view, it is a question of how to simultaneously protect the privacy of its users as well as the rights and legitimate interests of car manufacturers, and on the other hand to ensure that this data is shared to a potentially large number of downstream service providers, thereby achieving healthy competition with all the expected benefits. Clearly, the greater and more automated the sharing of a wide range of data (including access to vehicle functions and resources), the more threats to user privacy and security and, conversely, the less incentives for car manufacturers to invest in technological innovation. It may be possible to bridge this divide with some ideal regulation mindful of the interests of all stakeholders (i.e., manufacturers, aftermarkets, and car owners and drivers), but beyond reconciling the hard-to-conciliate, such regulation should do so at an affordable cost. If all-round secure yet data-open cars are not to become unaffordable, the chosen ‘perfect’ regulation must not be prohibitively expensive (Šmejkal, 2023). At least it is clear from the analysis that new sectoral regulation (whether in the form of the amended Regulation 2018/858 or new specific legislation) should be targeted: • Mandatorily open up direct access for the aftermarket to data that is not strictly necessary for repair and maintenance, but at the same time does not pose a threat to the privacy and security of car users. It is therefore primarily data that can be anonymised or aggregated and will serve the development of new services and technical innovations in general (including e.g. AI training driving cars, their fleets, urban traffic), but not services individualized according to the personal driver profile created. The data released in this way should not be in the main possession of the manufacturers, although independent management 5. Conclusion: specific regulation for in-vehicle data is still needed for the EU aftermarket

156