Skip to Main Content
Ahead of the Curve Auto Supplier
BlogsPublications | May 15, 2017
3 minute read
Ahead of the Curve Auto Supplier

When Cars Talk to Each Other, Will Driver Privacy Suffer?

Your privacy interest in the data collected by your car may seem like an abstract issue. After all, we typically think of such data being stored, if at all, within the vehicle itself. But what about when cars begin shouting their identifying information to the world? That’s exactly what’s about to start happening.

In December 2016, the U.S. Department of Transportation proposed a rule requiring automobile manufacturers to include vehicle-to-vehicle (V2V) communication capability in all new models. The 2017 Cadillac CTS is set to become the first mass-production vehicle to include V2V as a standard feature. Many more will soon follow.
 
The motivation behind requiring V2V communication is straightforward. It is part of the infrastructure needed to lay the groundwork for increasingly autonomous driving. To be safe and reliable, computer-controlled vehicles must rely on multiple sources of data input in order to avoid collisions. In addition to video cameras, radar and LIDAR (light detection and ranging), autonomous vehicles will rely on transmissions from other vehicles—and will be broadcasting their own data as well—to help the vehicles stay out of the others’ way. And since planners contemplate the autonomous driving infrastructure keeping track of multiple vehicles in real time for traffic-control purposes, V2V is quickly morphing into vehicle-to-everything, or V2X.
 
A couple of weeks ago, I was among those from the Warner Norcross Privacy and Cybersecurity team to attend the annual IAPP Global Privacy Summit in Washington, D.C. One of the most interesting panels there included speakers from the DOT and Federal Trade Commission on privacy interests in V2V communications.
 
As in many areas of privacy law, there is nothing close to a comprehensive set of rules in this area, but there are various sources of legal guidance. The Driver’s Privacy Protection Act of 1994 applies primarily to state DMVs and does not govern location data. A handful of states require disclosure of location tracking devices in cars. The Consumer Privacy Bill of Rights issued by the Obama White House in 2012 and the Federal Trade Commission’s Fair Information Practice Principles provide the basic guidelines for federal agencies to follow. A 2014 agreement between automakers called “Privacy Principles for Vehicle Technologies and Services” went into effect with 2016 model year.
 
But Claire Barrett, Chief Privacy Officer at the DOT, admitted that it’s unclear how much V2V data should be considered “personal” information. She also conceded that allowing individual drivers to opt in or out of the system will be difficult to administer—except, perhaps, when buying a V2V-capable vehicle in the first place. Barrett also expressed a preference for not overly securing or anonymizing V2V broadcasts, because a broad range of devices within the transportation infrastructure will need to understand and react to V2V information.
 
The effort to protect individual privacy, she said, will instead need to focus on transparency—that is, making it plain to drivers what information is being shared and how it is used. This applies not only to vehicles but also to roadside equipment, which could easily be used to track a vehicle’s movements by collecting V2V broadcasts. Getting privacy right is important, Barrett said, because the nation cannot have a viable transportation data system if the public does not trust it.
 
Karen Jagielski, a senior attorney in the FTC’s Division of Privacy and Identity Protection, Federal Trade Commission, agreed. She made it clear that the FTC has its eye on the connected car ecosystem as one facet of its larger interest in regulating the Internet of Things. Even though the 2014 agreement between automakers is only a self-regulatory agreement between OEMs, for example, the FTC’s very broad jurisdiction over unfair and deceptive trade practices empowers it to hold automakers to their pledges. Where the FTC goes from here and what its enforcement priorities will be with respect to V2V data, however, remains to be seen.
 
Further insight into the FTC’s thinking on V2V and connected cars in general will be available on June 28, 2017, when it holds a one-day workshop on the topic with the National Highway Traffic and Safety Administration.