Vehicle privacy is often a blind spot for industry, regulators, and the public alike.
It shouldn’t be.
A sample of Privacy4Cars’ submissions to regulatory agencies and industry associations
Cybersecurity Best Practices for the Safety of Modern Vehicles
Privacy4Cars founder Andrea Amico raises concerns to the lack of specific attention to consumer privacy and personal data security in Cybersecurity Best Practices for the Safety of Modern Vehicles
We point out the stated “Purpose” is “to ensure systems will be safe under expected real-world conditions”. Instead, NHTSA should make protecting drivers and other vehicle occupants as its goal, and the safety of the systems simply as a mean to achieve that goal – in line with the #1 canon of the National Society of Professional Engineers Code of Ethics
Furthermore, the document focuses exclusively on risks strictly affecting safety while driving. This is an incredibly narrow view of the capabilities of vehicles and a terrible anachronism: the most common cybersecurity incidents with vehicles in the last 11 years have been data/privacy breaches, which accounted for 36% of all incidents in 2020.
Autonomous Vehicles: Promises and Challenges of Evolving Vehicle Technologies
During the first Autonomous Vehicle hearing in 2016, E&C Ranking Member Frank Pallone, Jr. pointed out that such deployment needs three fundamental pillars: safety, cybersecurity, and privacy-by-design.
4 years later, we observe that not only AV deployment if dramatically lagging, but rapidly evolving Connected Vehicle technologies have not improved safety but are resulting in a dramatic worsening of cybersecurity and privacy issues.
We list a number of ways vehicle data is putting drivers and occupants at risk – including years after they have sold or returned a vehicle they no longer use, hence we ask the committee takes 5 actions, including expanding the 2015 Driver Privacy Act to to all vehicle systems, creating a Vehicle Privacy Rating, and requiring Privacy-By-Design standards (already a legal requirement in the EU)
Privacy4Cars submitted its comments to inform the discussion at the 2018 International Conference of Data Protection and Privacy Commissioners, which will be hosted this year by the EDPS and dedicated to Debating Ethics: dignity and respect in data-driven life.
Our submission outlined significant potential ethical issues arising from the collection and use of vehicle data, ranging from surveillance to algorithmic decisions which may unconsciously alter the behavior of vehicle users as well as disproportionately and inequitably affect certain segments of the population and discriminate (even if unintentionally) on class, gender, race, sexual orientation, religion, etc.