FTC’s Takeaways from Connected Car Workshop
The Federal Trade Commission released an issue paper, referred to as a “Staff Perspective,” summarizing a June workshop the agency hosted with NHTSA to examine privacy and security issues presented by automated and connected vehicles.
The Staff Perspective acknowledges that privacy and cybersecurity are complicated issues. Advancements in connected vehicle technology are poised to transform the consumer driving experience and dramatically improve safety. However, connected technologies enabling these transformative benefits also pose inherent privacy and security risks. Minimizing these risks, FTC staff observe, is critical to consumer acceptance and adoption of automated and connected vehicle technology.
FTC staff identified five key takeaways from the workshop—three concerning privacy and two on cybersecurity.
On Privacy:
1. Collecting, storing, transmitting, and sharing data is essential to realizing the full potential of connected vehicle technology. Parties throughout the connected vehicle ecosystem will be gathering and using information for a myriad of purposes.
2. The types of data collected will vary. It will include sensitive and non-sensitive data, as well as aggregate and individualized data, about the vehicle and the people inside.
3. Consumers may have concerns regarding the collection and use of data. These concerns could affect the adoption of connected vehicles.
FTC staff note that participants suggested that different approaches to information privacy and consumer opt-out could be employed, depending upon whether the data is necessary for the safety of vehicle operations.
On Cybersecurity:
1. Connected vehicles will have cybersecurity risks. Cyber attacks are increasingly sophisticated and coordinated.
2. Best practices for mitigating these risks include information sharing, strategic network design, regular risk assessment and mitigation, and industry standard setting.
The Staff Perspective also acknowledges developments on connected car privacy and security issues since the June workshop. The Department of Transportation and NHTSA released new federal guidance focused on cybersecurity best practices for automated vehicles in September entitled “Automated Driving Systems 2.0: A Vision for Safety.” And Congress is considering two bills—the SELF DRIVE Act (H.R.3388) and the AV START Act (S.1885)—that would, among other things, require manufacturers to consider privacy and cybersecurity in the development of self-driving vehicles. Additional information on these items is available here.
The FTC concludes by saying the agency will continue its role as the cop on the beat for consumer protection issues, including unfair or deceptive practices relating to connected vehicles. Industry should therefore continue to develop connected vehicles with privacy and security in mind, using voluntary guidance and industry best practices.