How to manage consent and connect fleet vehicles? OpenDevTalk#5

November 29, 2022
Live car data has been utilised for fleet management purposes for decades. The most recent technology shift makes it much easier to onboard vehicles in an efficient and scalable way which is at the same time compliant with all GDPR directives. High Mobility’s Auto API supports companies transitioning to a modern and dynamic fleet management approach where brand-independent and VIN-specific vehicle data is used for thoughtful decision making. In our 5th Open Dev Talk we have covered the concepts on how to set up a legal framework for fleet use cases and we have demonstrated which steps are necessary to activate cars technically.

Activating cars for fleet-related use cases 

With more than 300 data points available, fleet operators can easily receive updates about the vehicle's health state, automatically charge their customers based on odometer readings and even track logistical processes with help of geolocation data by using a live fleet dashboard. By considering VIN-specific vehicle data, fleet optimisation measures can always be applied to individual vehicles and specific drivers. Consequently, data protection requirements need to be met in order to process the corresponding personal data items. 

In order to start working with driver consent or related concepts, we are recommending going through each of the following steps. Every underlying aspect will be explained in more detail both in the video of our 5th Open Dev Talk and this blog post.

  • Learn about GDPR requirements
  • Check out which agreement model might apply
  • Prepare your account and get an authorisation token 
  • Activate, monitor and revoke cars via API endpoints

Implementing GDPR for connected car data in a fleet context

Before activating vehicles for transmitting data fleet operators generally must ask their drivers for permission. In GDPR, this concept is called consent and it reflects that all customers and users need to be free to decide if they would like to share the generated data or not. It also must be transparent who is processing the data, what kind of data points will be collected and why the data is being monitored. If you for instance operate a fleet of rental cars you need to outline the name of the company, the data points (e.g. odometer, vehicle location) and the purpose of the data transmission like billing automation or car theft recovery.

At the same time drivers are required to take specific action to signal their consent. This can be fully digitised by offering a confirmation checkbox in your rental car app or you can add a new passage to the car rental contract that needs to be agreed on and signed by the driver. Since individuals always need to have an option to withdraw their consent fleet operators must have a technical measure in place to revoke access to the associated car. 

Consent is not the only lawful ground where data processing is granted. Personal vehicle data can be utilised on the basis of “legitimate interests”. This can be applicable when the data processing is absolutely necessary for the purpose for which your customers have signed up for and when there is really no other way to achieve the expected results. It needs to be ensured that the data processing does not harm any fundamental rights and freedoms of the individuals you are working with. While legitimate interest might be the most flexible option for collecting personalised vehicle data it is not always the best one. The data processing must be expected and its impact on the driver’s privacy should be as minimal as possible. Additionally, the full context must be carefully documented. Fleet operators need to point out why legitimate interests are given and they also must explain why those interests are not in conflict with any driver’s rights.

At High Mobility, we recommend seeking professional legal advice in order to determine if legitimate interests can be the basis for data processing or if individual driver consent is required to be fully GDPR-compliant.

Contractual framework and agreement models

Our contractual framework is represented by a 3-sided relationship: Cars send data to the OEMs and High Mobility makes use of the OEM backend system to provide telematics information to its data customers in a harmonised and unified form. Every relationship is based on terms and conditions stated in underlying contracts. 

To better understand the duties of the contractual parties it is important to know that GDPR defines roles and responsibilities. If a company acts as a Data Controller, they have the overall responsibility to setup the reason and purposes behind the data usage. They must be fully compliant with the GDPR data protection principles which include for example that they need to execute organisational and technical security measures to manage data related risks. 

If a company takes the role of a Data Processor, it usually is involved in the more technical elements. They also implement appropriate organisational and technical measures to meet GDPR requirements but they do not decide on the purpose of the data collection and are generally instructed by the Data Controllers. 

At High Mobility, there are two contractual scenarios within the fleet management context: When the data customer is at the same time the fleet operator or vehicle owner the company decides directly on the data points and purposes. They also act as a Data Controller and instruct High Mobility and the OEMs (both are Data Processors) to transmit the data based on our contract model named Fleet Operator Direct. The fleet operator is required to obtain consent before activating and connecting vehicles. They also can inform their drivers and collect data based on legitimate interests if the concept is applicable in the specific circumstance. The second scenario is given when our data customers is a software provider that offers its services to fleet owners or fleet operators. In this case the software company designs a set of features for its customers and therefore decides on the data points and purposes accordingly. High Mobility and the OEMs are again instructed as Data Processors to provide the telematics information for the targeted use cases. We use a contract type that we call 3rd Party Direct for this specific relationship. Additionally, the data customer needs to setup separate contractual agreements with its fleet customers that also outline obligations such as obtaining driver consent. 

Technical requirements for activating fleet cars

To activate cars with help of our API you need to have an account on our High Mobility platform, an approved and activated data container and a valid authorization token. You can find the corresponding tutorial in our publicly available docs

If you have not already signed up at High Mobility you need to create a free account on our platform. Since the fleet clearance can only be performed with real vehicles you must make sure to switch to the “Live data” environment on our platform. Create a new data container or use an existing one and select the data points that you want to utilise for activated cars. As soon as you have finalised this step, push the green button to submit your data container. Please make sure to select “Fleet Management” as your primary application purpose. Our High Mobility support team will review your use case, check if the corresponding fleet agreements have been signed  and we will also activate selected brands according to your needs.

Once your application has been approved and published you will be able to use the Service Account API for generating a short-lived token that is used for authenticaiotn when performing the clearances for vehicles. If you do not like to start from scratch you are free to reuse our implementation example or download the associated node.js script from our GitHub repository. Account configuration parameters such as the API Key and Private Key need to be replaced with your own individual keys. Those can be downloaded from our platform in the respective “Service Account Keys” section of your app container. Furthermore, the Base URL needs to be set to “https://api.high-mobility.com/v1” to refer to the production environment. As soon as the request has been triggered you will receive back the Auth Token and additional information about its validity. With the help of the Auth Token you can move on to the next step and call our endpoints for adding and revoking access to cars of your fleet.

Activate, monitor or revoke connected cars via API endpoints

In our 5th Open Dev Talk our Customer Success Manager Anissa demonstrates how to add and deactivate a real Peugeot test car based on the Fleet Clearance API which is documented in our API References. In order to submit the vehicle you need to send a POST request to the /fleets/vehicles endpoint. The request must include the Auth Token which has been generated previously, the Vehicle Identification Number (VIN) of the corresponding car as well as brand name (e.g. “peugeot”). Please be aware that for Mercedes-Benz cars we ask you to fulfill an advanced security measure by adding the current odometer reading as an additional parameter to the request. After having sent the request you will receive a return statement that includes the activation state “pending”. Depending on the brand and model vehicles need one or several Over-The-Air (OTA) updates that trigger the data upload and the overall activation process. Some vehicles also might need to be driven before the OTA update can be downloaded. Consequently, it needs to be taken into account that the activation process can take a few seconds and up to several hours and days considering the individual usage of the car. 

Meanwhile, you can use the GET /fleets/vehicles/VIN endpoint in order to monitor the activation state of a specific car or all vehicles that have been added to the fleet. For this request you again need to pass the Auth Token and the respective VIN. The result will highlight the current activation state as well as the history of status changes with corresponding timestamps. As soon as the current status is switched to “approved” you will have access to live data via our pull interfaces or automatically receive data via the MQTT stream. 

If the vehicle has been sold, driver consent has been withdrawn or if it has been decided that the car should not send data any longer you must use the DELETE /fleets/vehicles/VIN in order to revoke access. The structure is similar to the previous calls as a valid Auth Token and the VIN need to be passed to make the desired change. Once the request was triggered you will receive the status “revoking” indicating that the deactivation process has been started. By again utilising the same GET endpoint you can find out if the status has switched to “revoked” and if the process has been finalised accordingly. We also offer automated webhooks to track any state changes of a clearance.

-------------------------------
High Mobility Open Dev Talks 

At High Mobility, we are passionate about new technology. We offer free open source tools and developer friendly documentation for any projects to be integrated smoothly. More than 800 developers and product managers have already signed up for our moderated community platform and we are hosting connected car competitions for your innovative, connected car ideas. 

In our free monthly, 30-minute Open Dev Talk online session we are explaining exciting connected car related topics in 15 minutes and dedicate the rest of the time to your questions and ideas.

Join our community on Slack