Navigating the Privacy Landscape in Automated Vehicles
Navigating the Privacy Landscape in Automated Vehicles Joseph Jerome Future of Privacy Forum
Privacy Perceptions Matter
75% surveyed concerned AV technology could be used to collect personal data
70% surveyed worried AV data could be shared with government/law enforcement
81% surveyed concerned about security and hacking of AVs.
-2013 Auto Alliance survey
Governmental Concern . . . “[A]lthough the security system under development is being designed to ensure data privacy … the potential perception of a lack of privacy is a challenge.” GAO
2013 V2V Report
“Risks to consumer privacy, whether actual or perceived, are intertwined with consumer and industry acceptance of V2V technologies. For this reason, privacy considerations are critical to the analysis underlying NHTSA’s decision about whether and, if so, how to proceed with V2V research or regulation.” NHTSA 2014
V2V Report
“In order to address consumer concerns about privacy and enhance consumer acceptance, V2I applications should contain sufficient controls to mitigate potential privacy and security risks appropriately. Two critical controls [are] transparency and consent.” 2015
FHWA V2I Guidance Draft
Enter the Federal Trade Commission FTC Internet of Things workshop in November 2013 examined privacy and security issues with smart cars, including EDRs and other telematics devices. Questions it considered: Who has access to the data, and for what purpose? What type(s) of information is collected? How long is the data stored, and with whom is it shared? What are the benefits of collecting and using the information? What security measures are in place to protect the data? What are the risks if the data is not reasonably secured?
Federal Highway Administration suggests V2I should be guided by the FIPPs:
2015 FHWA Vehicle to Infrastructure Deployment Guidance and Products
Industry Efforts on Privacy In November 2014, 19 OEMs agreed to a set of Automotive Privacy Principles:
Principles cover a wide variety of vehicular data and address privacy concerns raised by new in-car technologies; Principles cover geolocation information, driver biometrics, and other driver behavioral data like seatbelt use or hard-braking; Requires opt-in consent before any of these sensitive data can be used for marketing purposes or shared with independent third parties; Principles also include a warrant requirement for geolocation information; Go into effect 2016 Model Year.
Apply to future in-car technologies including AV tech.
General Themes on Data Collection: What and Where?
Technical Data (e.g., OBD/EDR)
Location Location Location
Biometrics & Driver Behavior
In-car Data Generation Necessary for Vehicle Operation/Required by Law
Individualized Data Transmitted Outside of Vehicle (e.g., crash notification)
“Anonymous” Data Transmitted Outside of Vehicle (e.g., V2V, V2I)
Data Transmitted In-and-Out of Vehicle (e.g., navigating traffic)
Going back to the FIPPs . . .
Transparency: what does this look like?
Choice: is this an option?
Respect for Context: what are “driver” expectations in autonomous cars?
Data Minimization, De-Identification & Retention: is this possible?
Recalls? Valuable revenue streams? Much work to be done . . . BSM a start?
Data Security: a top concern with no easy answer
Integrity & Access: how much access do drivers get?
Accountability: how will industry respond?
New Privacy . . . And Autonomy Challenges
Do AVs equal persistent surveillance? Of both drivers and surrounding environmental maps?
New Privacy . . . And Autonomy Challenges
How will the Fourth Amendment apply to AVs?
New Privacy . . . And Autonomy Challenges
What sort of privacy expectations will AVs afford drivers? How do we rethink car design? Where are the boundaries for marketing and good taste?
Privacy Pros at the Table The
V2V ANPRM and the FHWA’s V2I Guidance are good starts, but where are the privacy voices?
Thank you! Joseph Jerome Policy Counsel [email protected] @joejerome
Privacy Perceptions Matter
75% surveyed concerned AV technology could be used to collect personal data
70% surveyed worried AV data could be shared with government/law enforcement
81% surveyed concerned about security and hacking of AVs.
-2013 Auto Alliance survey
Governmental Concern . . . “[A]lthough the security system under development is being designed to ensure data privacy … the potential perception of a lack of privacy is a challenge.” GAO
2013 V2V Report
“Risks to consumer privacy, whether actual or perceived, are intertwined with consumer and industry acceptance of V2V technologies. For this reason, privacy considerations are critical to the analysis underlying NHTSA’s decision about whether and, if so, how to proceed with V2V research or regulation.” NHTSA 2014
V2V Report
“In order to address consumer concerns about privacy and enhance consumer acceptance, V2I applications should contain sufficient controls to mitigate potential privacy and security risks appropriately. Two critical controls [are] transparency and consent.” 2015
FHWA V2I Guidance Draft
Enter the Federal Trade Commission FTC Internet of Things workshop in November 2013 examined privacy and security issues with smart cars, including EDRs and other telematics devices. Questions it considered: Who has access to the data, and for what purpose? What type(s) of information is collected? How long is the data stored, and with whom is it shared? What are the benefits of collecting and using the information? What security measures are in place to protect the data? What are the risks if the data is not reasonably secured?
Federal Highway Administration suggests V2I should be guided by the FIPPs:
2015 FHWA Vehicle to Infrastructure Deployment Guidance and Products
Industry Efforts on Privacy In November 2014, 19 OEMs agreed to a set of Automotive Privacy Principles:
Principles cover a wide variety of vehicular data and address privacy concerns raised by new in-car technologies; Principles cover geolocation information, driver biometrics, and other driver behavioral data like seatbelt use or hard-braking; Requires opt-in consent before any of these sensitive data can be used for marketing purposes or shared with independent third parties; Principles also include a warrant requirement for geolocation information; Go into effect 2016 Model Year.
Apply to future in-car technologies including AV tech.
General Themes on Data Collection: What and Where?
Technical Data (e.g., OBD/EDR)
Location Location Location
Biometrics & Driver Behavior
In-car Data Generation Necessary for Vehicle Operation/Required by Law
Individualized Data Transmitted Outside of Vehicle (e.g., crash notification)
“Anonymous” Data Transmitted Outside of Vehicle (e.g., V2V, V2I)
Data Transmitted In-and-Out of Vehicle (e.g., navigating traffic)
Going back to the FIPPs . . .
Transparency: what does this look like?
Choice: is this an option?
Respect for Context: what are “driver” expectations in autonomous cars?
Data Minimization, De-Identification & Retention: is this possible?
Recalls? Valuable revenue streams? Much work to be done . . . BSM a start?
Data Security: a top concern with no easy answer
Integrity & Access: how much access do drivers get?
Accountability: how will industry respond?
New Privacy . . . And Autonomy Challenges
Do AVs equal persistent surveillance? Of both drivers and surrounding environmental maps?
New Privacy . . . And Autonomy Challenges
How will the Fourth Amendment apply to AVs?
New Privacy . . . And Autonomy Challenges
What sort of privacy expectations will AVs afford drivers? How do we rethink car design? Where are the boundaries for marketing and good taste?
Privacy Pros at the Table The
V2V ANPRM and the FHWA’s V2I Guidance are good starts, but where are the privacy voices?
Thank you! Joseph Jerome Policy Counsel [email protected] @joejerome
