Internet of Things
Connected Cars are Here. The Good News Is That Privacy Is Being Taken Seriously
Note from the Editor:
Joshua Harris will moderate the breakout session “From 0-60: Privacy and the New Generation of Connected Cars,” which will include insight from FordDirect General Counsel and Chief Compliance Officer Beth Hill, CIPP/US, and Scheja und Partner, Bonn (Germany) External Data Protection Officer Boris Reibach, at the IAPP Global Privacy Summit in Washington, DC, this March.
The big news out of this year’s Consumer Electronics Show was the wide range of autos offering connected technologies, so-called “connected cars.” This latest introduction to the Internet of Things is already reshaping the auto industry. AAA recently estimated that one in five new cars sold this year will collect and transmit data outside the vehicle. According to one survey, cars may make up over five percent of connected devices by 2025.
The benefit of these technologies is hard to overstate.
Connected cars can provide critical safety and security functions along with enhanced consumer convenience. GPS-based navigation devices are now increasingly two-way devices, allowing for more accurate and comprehensive map data. Vehicle diagnostics, previously limited to indicator lamps and “service-by” labels can now provide real-time feedback to drivers and even direct them to the nearest service station. And these diagnostic tools aren’t just assessing the conditions under your hood but in the next lane as well. Vehicle-to-vehicle communications enhance drivers' awareness of their surrounding environment, including the actions of other drivers. Infotainment options have also increased. In-car apps can now provide everything from nearby food suggestions to streaming music services. Connected cars may even provide environmental benefits. It has been estimated that the fuel efficiencies gained through broad implementation of connected car technologies could reduce carbon dioxide emissions by three percent.
Some of these benefits depend on the collection, analysis and use of personal data, and data privacy issues have figured prominently in the recent discussions.
The recent Government Accounting Office (GAO) report on in-car, location-based services assessed industry practices regarding connected car location data against the Fair Information Practice Principles. This report focused specifically on disclosures, consumer consent and control, data safeguards and retention policies and company accountability. The GAO’s report was generally positive, reflecting the obvious attention companies in the connected car ecosystem are paying to privacy issues. The companies understand that consumer adoption of the new technologies requires consumer trust, and consumer trust requires a demonstration of robust privacy and security controls.
As the GAO report makes clear, there still are open issues. For example, what consumer disclosures are appropriate and effective?
Similarly, the categories of information that might trigger such disclosures have yet to be uniformly agreed upon. Relatedly, the scope of consumer controls that should apply to these categories of information is variable. It also remains to be seen what types of retention and de-identification policies are optimal. Finally, the contours of organizational accountability, both internal—such as employee training and education—and external—including establishing binding third-party obligations on collected data—of course need to be further considered.
As Chris Wolf recently pointed out, with most new technologies, there is no “one-size-fits-all” prescription for privacy and security, and the fact that existing technologies are being deployed in new ways does not necessarily mean there is a need for new rules. Indeed, a 2014 prescription could well become outmoded quickly with the rapidly changing environment.
Achieving consensus on these and related issues will require the involvement of a range of stakeholders across the connected cars ecosystem, including, of course, consumers as well as Original Equipment Manufacturers, telematics providers, app developers and streaming content providers, to name just a few. Lawmakers and regulators are helping to highlight the issues requiring attention. The Future of Privacy Forum, where I have just become policy director, is leading the discussion with our Connected Cars Project.
The good news is that issues of data privacy and security are being taken seriously by industry, as the GAO report shows. Consumers—and those acting in their interests—can look forward to continued progress in ensuring privacy and security for connected cars.
About the Author
Josh Harris is the Policy Director for the Future of Privacy Forum. Prior to this, Josh worked as an Associate Director at the United States Department of Commerce's International Trade Administration. In this capacity, Josh worked to develop and implement the Asia Pacific Economic Cooperation’s (APEC) Cross Border Privacy Rules (CBPR) System. In 2012, Josh received the United States Department of Commerce Gold Medal–the highest award offered by the Department–for his work in this area. In 2004, he was selected to the White House’s Presidential Management Fellowship program. Previously, Josh served as the Vice-Chair of the American Bar Association’s Privacy and Information Security Committee. Josh is a 2004 graduate of the George Washington University Law School and a 2000 graduate of the State University of New York at Geneseo.