The internet is commonplace in modern cars. Modern cars are connected and record numerous data that can be made available to garages, manufactures and after-market producers. On the one hand this trend shows great potential for new services and business opportunities. On the other hand the collection of car and person related data bear privacy issues.
The discussions to date on data protection and data security in connected cars have taken place primarily among relevant expert circles. The vehicle users who are actually affected hardly appear in these circles.
The aim of the SeDaFa (Self-Data Protection in Networked Vehicles) project, funded by the Federal Ministry of Education and Research, is to develop solutions for the self-data protection of drivers and occupants that can be used by vehicle manufacturers and infrastructure providers as well as by developers of car apps to make their business models data protection-friendly.
Car users should be informed transparently and clearly which data can be sent and for which purposes – on this basis, vehicle users should be able to decide for themselves which data they want to disclose. The data flow is not to be completely blocked, but access to vehicle data is to be guaranteed.
In order to achieve this, experts from various disciplines work together in the SeDaFa project, taking into account not only technical but also legal aspects and user-friendliness of the solutions to be developed.
In close cooperation with the University of Hohenheim, the IAD is responsible for incorporating the user's view into the concept and module developments throughout the entire project period. If at the beginning of the project expectations as well as attitudes and behaviour patterns with regard to data collection and data protection are recorded in quantitative and qualitative studies, the IAD concentrates on the user-centred design, development and evaluation of a human-machine interface for self-determined data protection.
The IAD conducts qualitative interviews as well as quantitative surveys in order to collect expectations, attitudes and behaviour patterns with regard to data collection and data protection. On the basis of specially developed usage scenarios, the use-related advantages and data-protection-related disadvantages of so-called online value-added services in the networked vehicle are illustrated in detail using concrete examples.
Once suitable technical, legal and user-specific concepts have been developed, the SeDaFa consortium has set itself the goal of constructing concrete demonstrators for self-determined data protection. The IAD leads a user-centered product development according to DIN EN ISO 9241-210, which is based on the Lean UX approach. The aim of this approach is to test a large number of mock-ups very quickly with potential users of the later online value-added services, in order to avoid greater adaptation efforts at an interface that is already well developed. In the course of this, the following methods and techniques are used at the IAD:
- Low-fidelity Paper-Mock-Ups
- Thinking Aloud
- Participatory Design
- semi-structured Interviews
Finally, the developed solutions will be tested and evaluated in larger user studies in the driving simulator. The institute's own driving simulator will be used for this purpose.
The SeDaFa consortium has developed a data control system that ensures the maintenance of functions under the premise of data efficiency. In order to enable the user to control the disclosure of data, the PRICON data protection interface was developed under the direction of the IAD. It serves the user as the central administration for his data protection settings in the networked automobile.
The results of the user evaluation show that the use of PRICON increases the perceived control over the data and reduces data protection concerns among the users (Walter et al., 2018).
The PRICON data protection interface was implemented in a VW AG test vehicle at the end of the project.
Walter, J., & Abendroth, B. (2019). Die Rolle von Privatheit bei Self-Tracking und Lifelogging: Eine nutzerzentrierte Literaturreview. In: 65. GfA-Frühjahrskongress, 27. Februar – 01. März 2019, Dresden.
Walter, J., Abendroth, B., Pape, T. von, Plappert, C., Zelle, D., Krauß, C., Gagzow, G., & Decke, H. (2018). The user-centered privacy-aware control system PRICON: An interdisciplinary evaluation. In: ARES 2018 International Conference on Availability, Reliability and Security, 27.-30. August 2018, Hamburg.
Walter, J. (2018). Distracted by privacy? – Erfassung von Blickbewegungen zur Evaluation der Gebrauchstauglichkeit einer fahrzeugspezifischen Applikation zur selbstbestimmten Privatheit. In: 64. GfA-Frühjahrskongress, 21. bis 23. Februar 2018, Frankfurt.
Müller, A., Stockinger, C., Walter, J., Heuser, T., Abendroth, B., & Bruder, R. (2017). Einflussfaktoren auf die Akzeptanz des automatisierten Fahrens aus der Sicht von Fahrerinnen und Fahrern. In: Mensch und Fahrzeug, 07.-08. März 2017, Technische Universität Darmstadt.
Walter, J., Abendroth, B., & Agarwal, N. (2017). PRICON: Self-determined privacy in the connected car motivated by the privacy calculus model. In: Proceedings of the 16th International Conference on Mobile and Ubiquitous Multimedia, November 2017, Stuttgart, S. 421-427. https://doi.org/10.1145/3152832.3156627
Walter, J., Abendroth, B., Plappert, C., Zelle, D., Krauß, C., Lange, B., Mauthöfer, S., Robrahn, R., Pape, T. von, & Decke, H. (2017). A Privacy-aware Data Access System for Automotive Applications. In: 15th ESCAR Embedded Security in Cars Conference, 07.-08. November 2017, Berlin.
Walter, J., & Abendroth, B. (2017). Losing a private sphere? A glance on the user perspective on privacy in connected cars. In: C. Zachäus, B. Müller & G. Meyer (Hrsg.), Advanced Microsystems for Automotive Applications. Lecture Notes in Mobility. Springer, Cham, S. 237-247. https://doi.org/10.1007/978-3-319-66972-4_20