I'm the co-founder of https://smartcar.com and we are in an adjacent space. We provide an API for cars to make it easy for developers to integrate with vehicles. Part of that process is to let consumers go through an Oauth flow and accept permissions before an app has access to a vehicle.
In my opinion, it's possible put privacy in the hands of consumers and enable developers to buidl apps for cars easily. I'm hoping this consortium adheres to these principles too.
Letting users hand over their data with just an OAuth prompt ceased to be acceptable in 2018 when Cambridge Analytica extracted data from millions of naieve Facebook users who just clicked "accept" to hand over data...
I hope your platform only allows users to hand over data to thoroughly data-security-audited companies or your platform might be in for a rude awakening...
That's a great point. In that particular case, there was also the matter of a Facebook users unknowingly having the ability to share not just their own data, but data about their friends to a third party.
In our case, a car owner can link their car to a app of their choice. It's a lot like how you can link your bank to an app like Venmo or Robinhood. We do vet all businesses using our APIs, but a data/security audit of customers seems challenging and uncommon.
Are you aware of any services that help facilitiate this or any platforms that do this today?
will it merely be a generic initial 'i agree to terms and conditions' or a fully transparent, ongoing process of transferring data, with the user having ultimate control. If the latter is true, i salute you and wish you luck.
P.S. There's no other way for developers/apps/businesses to obtain access to a APIs for a car. The owner of the car has to explicitly go through this flow.
In my opinion, it's possible put privacy in the hands of consumers and enable developers to buidl apps for cars easily. I'm hoping this consortium adheres to these principles too.