EU proposal for automated car emergency calls addresses privacy concerns

There are still some data protection concerns though, an opposing party in the EU Parliament said

The European Union has ironed out privacy concerns in a proposed law that would make it mandatory for vehicles to have systems that automatically call emergency services in case of a crash.

Called "eCall", the system would enable an audio channel between vehicles and emergency services via a public mobile wireless communications network that would be triggered automatically by sensors in the event of an accident. The system, which would be dormant when the vehicle is being used, could also be triggered manually and is designed to also send data to emergency services.

It would also enable emergency services to decide immediately which type of rescue operation is needed, helping them to arrive faster and potentially saving 2,500 lives a year while reducing the severity of injuries and cutting the costs of traffic jams, according to the European Parliament.

A law that would require all new car models and light commercial vehicles to be equipped with the technology from March 2018 was backed by a committee of Members of the European Parliament (MEPs) on Thursday. Parliament had in 2012 called for the system to be implemented by next year, but the proposal was delayed for various reasons, including privacy concerns.

While such a system could save lives, not every driver in the EU is delighted by the idea of a government mandated in-vehicle system that makes automatic calls. Some have expressed worries about potential misuses of a system that tracks a vehicle's location and have raised privacy concerns.

However, these concerns were addressed in the new eCall proposal hammered out in a deal between the European Parliament and the Council of the EU, where national ministers from each EU country meet to adopt laws and coordinate policies.

"As a public service, eCall will be free of charge for all citizens, whatever car they drive and whatever its purchase price. The new rules will ensure that eCall works only as a safety device. It will be illegal to use it to track a driver's movements or to misuse location data, which must be sent only to the emergency services," said MEP Olga Sehnalova, rapporteur on the issue.

MEPs strengthened the draft law's data protection clause to preclude tracking of eCall-equipped vehicles before an accident occurs. Under the agreed-to deal, the automatic call would give emergency services "only a basic minimum data such as the class of vehicle, the type of fuel used, the time of the accident and the exact location."

The draft law was further amended to ensure data gathered by emergency centers or their service partners will not be transferred to others without explicit consent. Moreover, manufacturers will have to ensure that the design of eCall permits for the full and permanent deletion of gathered data.

But the eCall system could still have data protection problems, said Judith Sargentini, a MEP for the green party, which still opposes the plan and thinks an eCall system should be voluntary.

Even though the system is "dormant" it still has to be active in some way to be able to send a signal with location data based on GPS, she said, adding that you never know who might be able to hack this and read out the data from a distance. Moreover, the system has to coexist with commercial eCall-type systems that probably will be able to sell data to third parties. And under the new proposal it is still unclear whether an eCall made in case of an accident is handled by the commercial system or the noncommercial system and thus who will be responsible for the data, Sargentini said.

Besides, the plan is expensive and the Green Party isn't so sure that ambulance response times will be shortened as a result of the system, she said.

It is very unlikely, though, that those arguments will stick as the Green Party seems to be the only party opposing the plan. The agreement was approved by the Internal Market Committee, 30-1, with two abstentions. The proposed law has to be formally approved by all EU member states, after which it would be voted on by the whole Parliament, which is expected to happen in March next year.

A separate decision that obliges member states to prepare their infrastructure to receive and handle eCall no later than October 2017 entered into force in June.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to

Join the CSO newsletter!

Error: Please check your email address.

Tags Council of the European UnionregulationsecuritygovernmentEuropean Parliamentprivacy

More about EUEuropean ParliamentIDGNews

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Loek Essers

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts