EPIC Recommends Privacy Standards For Automated Vehicles


On November 23, 2016, the Electronic Privacy Information Center (“EPIC”) issued a 17-page comment document to the National Highway Traffic Safety Administration (“NHTSA”) to highlight the privacy risks of automated vehicles and to recommend revisions to NHTSA’s Federal Automated Vehicle Policy (the “Policy”).  EPIC is a public interest research group established in 1994 to “focus public attention on emerging privacy and civil liberties issues and to protect privacy, freedom of expression, and democratic values in the information age.”

NHTSA published the Policy on September 19, 2016, as a “starting point that provides needed initial guidance to industry, government, and consumers” over how best to address the variety of challenges posed by automated vehicle technology.  (See Request for Comment on “Federal Automated Vehicles Policy,” 81 Fed. Reg. 65,703 (Sept. 23, 2016).)  The Policy added definition to NHTSA’s future handling of automated vehicles in several areas, for example, by classifying vehicles according to their level of automated function.  Public comments to the Policy were due by November 22, 2016.  (Id.) 

In making its comments, EPIC urged NHTSA to revise the Policy to mandate compliance with the Consumer Privacy Bill of Rights (“CPBR”), establish new oversight authority, and protect state privacy rules for autonomous vehicles.  EPIC cited the “troves” of sensitive personal data that automated vehicles collect and disclose and how such data can be used by advertisers:  “advertisers are eager to know, for example, how long a car has been running to determine ‘from the navigation system, they’re about to pass a McDonald’s, the car’s been running for three hours and the child’s probably hungry.’”

EPIC continued by citing what it views as deficiencies in the notices provided by car manufacturers to consumers regarding data collection practices, stating that notices “fail to inform consumers about the true scope of data collection, and none give consumers true control over their data.”

Noting that NHTSA endorsed the CPBR, EPIC recommended that NHTSA revise the Policy in a manner consistent with the CPBR:  “Specifically, NHTSA should remove references to [‘]data privacy notices/agreements[’] in order to restore substantive rights to consumers and limit carmakers’ ability to hide behind incomprehensible privacy policies.  Most importantly, NHTSA should promulgate mandatory, legally enforceable privacy rules for automated vehicle manufacturers.  Voluntary codes of conduct and industry self-regulation simply cannot provide realistic privacy  protections when they are not supported by enforceable legal standards.”

The NHTSA Federal Automated Vehicle Policy can be found here. The request for comments can be found here. The EPIC comments can be found here.


Written by:


King & Spalding on:

Popular Topics
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.