Car makers commit to privacy for connected cars

19 makers of cars and trucks sold in the US committed to preserve the privacy of their customers in the view of the massive amount of personal data that are going to be processed through connected cars. 

I have already reviewed privacy issues affecting connected cars in this post and more recently I reported in this post about the findings on legal issues affecting connected cars from the Connected Automobiles conference.  But the relevance of such issues has been now acknowledged by the Alliance of Automobile Manufacturers, the Association of Global Automakers, and their members that adopted the ‘Consumer Privacy Protection Principles‘.

The companies that are signatories of these principles include Chrysler, Ford, General Motors, Volkswagen, Toyota which reppresent over 91% of US sales of vehicles.

Principles for connected car manufacturers

The principles adopted can be summarized as follows:

  1. Transparency: owners and registered users shall be provided with ready access to clear and meaningful notices about the collection, use and sharing of their information;
  2. Choice: owners and registered users shall be provided with certain choices regarding the collection, use and sharing of their information;
  3. Respect for Context: information shall be collected and shared in ways that are consistent with the context in which it was collected taking account of the likely impact on owners and registered users;
  4. Data Minimization, De-Identification & Retention: information shall be collected only as needed for legitimate business purposes and shall be retained no longer than they determine necessary for legitimate business purposes;
  5. Data Security: reasonable measures have to be implemented to protect information against loss and unauthorized access or use.

The reaction in Europe

The above principles sound quite familiar to European data protection experts and indeed are in line with what previously discussed.  In particular the need to provide information about the mechanics of processing of personal data collected and to provide a free choice to users on the processing of their data is a fundamental principle of EU privacy law.  Likewise the compliance with security measures in the processing and storage of data that has to be limited to what necessary to achieve the purposes of the processing notified to users is a consolidated milestone of EU data protection law.

The major difference between the US and Europe for connected cars is however that the breach of similar principles in Europe will lead to fines under the new EU Privacy Regulation will be equal to 5% of the global turnover of the breach entity.

We will see how such principles will be implemented by connected cars makers and as usual feel free to contact me, Giulio Coraggio, join the IoTLaw LinkedIn Group, follow me on TwitterGoogle+ and become one of my friends on LinkedIn.

One thought on “Car makers commit to privacy for connected cars

  1. Pingback: Connected cars are privacy and security threats? | IoTLAW

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.