The recent report from the US Senator Ed Markey raises issues on the future of connected cars because of the privacy issues and the potential cybercrimes that might affect the security of vehicles. This happens when the recent regulatory developments show that privacy and cybersecurity is on the top of the agenda of car makers and US and EU regulators are negotiating common rules.
The report on connected cars
The report is the result of responses provided by 16 major automobile on how prevalent connected cars technologies
are, what is being done to secure them against hacking attacks, and how personal driving information is managed.
The report shows that nearly 100% of cars on the market is equipped with some connected cars technologies, but a quite inconsistent approach is followed on
- how to protect the privacy of drivers making them aware of the collection of personal data about them and enabling them to provide an informed privacy consent; and
- how the cyber security of vehicles should be protected against cyber attacks.
The recent commitment from car makers
This report comes a few months after that 19 makers of cars and trucks sold in the US committed to preserve the privacy of their customers in the view of the massive amount of personal data that are going to be processed through connected cars. I covered the matter in this post and basically car makers undertook to comply with the following principles:
- Transparency: owners and registered users shall be provided with ready access to clear and meaningful notices about the collection, use and sharing of their information;
- Choice: owners and registered users shall be provided with certain choices regarding the collection, use and sharing of their information;
- Respect for Context: information shall be collected and shared in ways that are consistent with the context in which it was collected taking account of the likely impact on owners and registered users;
- Data Minimization, De-Identification & Retention: information shall be collected only as needed for legitimate business purposes and shall be retained no longer than they determine necessary for legitimate business purposes;
- Data Security: reasonable measures have to be implemented to protect information against loss and unauthorized access or use.
Additionally, this report is published only a few days after the publication by the US Federal Trade Commission of recommendations on the Internet of Things covered in this post.
European and US privacy laws are getting closer?
This new approach from US authorities to privacy related issues in relation to connected cars and in general the Internet of Things occurs during very active negotiations between US and EU officials on the identification of common privacy related principles.
These negotiations will be a crucial step for the growth of Internet of Things technologies including connected cars since such negotiations might also help European regulators to identify ways of ensuring privacy compliance in a manner that is not disruptive for businesses. At the same time, European regulators might attempt to push US authorities to set more stringent rules on privacy compliance rather than general principles such as those to which car makers committed with reference to connected cars.
There is no doubt that the Internet of Things represents a major test for privacy laws. The issue is whether such laws will be able to keep pace with the technology developments.
This is a fascinating topic, but the future of the sector might considerably change as a consequence of the position to be taken by the privacy regulator on the Internet of Things following the consultation covered in this blog post.