Worldwide Group of Data Privacy Regulators Issues Guidance on Connected-Car Technologies

Edward McAndrew, Justin Shiroff, Neal Walters, Philip Yannella
Ballard Spahr LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Ballard Spahr LLP

A global group of data privacy regulators has, for the first time, set forth data privacy and security guidance on the development of automated and connected-car technologies. The Resolution on Data Protection in Automated and Connected Vehicles was announced at the recently convened International Conference of Data Protection and Privacy Commissioners (ICDPPC). The resolution sets forth 16 data privacy and security principles to guide automotive manufacturers, transportation-service providers, car rental companies, and providers of data-driven services (e.g., speech recognition, navigation remote maintenance, or motor insurance telematics services) in the development of connected-car technologies.

Of note, the Commissioners recommend that automotive manufacturers and other relevant parties:

  • utilize anonymization measures to "minimize the amount of personal data or use pseudonymization when the former is not feasible;"
  • minimize collection and retention of personal data;
  • implement easy-to-use privacy controls for vehicle users, enabling them to grant or withhold access to different data categories, where appropriate;
  • implement secure data storage technologies;
  • develop and implement technologies to prevent unauthorized access to and interception of collected personal data;
  • provide safeguards against unlawful tracking/tracing of drivers, and limit the possibility of illegitimate vehicle tracking and driver identification;
  • commission an assessment by an independent third party of potential discriminatory automated decisions arising from self-learning algorithms, and;
  • conduct data impact assessments for new, innovative, or risky development or implementation of these data technologies.

The ICDPPC is composed of dozens of member entities from around the world, and includes representative organizations from the European Union as well as the Federal Trade Commission (FTC).

The non-binding resolution was adopted in a closed session at the conference and represents the first—and by far the most granular—data privacy and security guidance for connected-car manufacturers. Notably, the FTC abstained from the resolution, leaving open the question of applicability to connected-car manufacturers, application developers, and car rental companies in the United States.

Implementation of the resolution will require a substantial investment of technological resources by connected-car manufacturers (and other original equipment manufacturers) as well as careful legal consideration of the potential impact on privacy of these technologies.

 

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Ballard Spahr LLP | Attorney Advertising

Written by:

Ballard Spahr LLP
Ballard Spahr LLP
Contact
more
less

Ballard Spahr LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide