Skip to content

Discerning Data

  • About Us
  • Additional Resources
  • Contact Us

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy
  • Privacy
  • Cybersecurity
  • Data Strategy
  • Disruptionware

Connected Car Resolution adopted by the International Conference of Data Protection and Privacy Commissioners

Share

Connected car data protection generated significant discussion amongst people at the International Conference of Data Protection and Privacy Commissioners. The 39th annual conference brought together privacy and data protection authorities (DPAs) from around the world in Hong Kong in September.  Consistent with prior tradition, the “closed sessions” produced three separate nonbinding resolutions.

There is rapid advancement in the development of automated and connected vehicles which will improve traffic efficiency and safety, but will also collected vast amounts of consumer data. The connected car nonbinding resolution both acknowledges the rapid advancement of vehicle automation and connected vehicle technologies and expresses concern about the possible lack of available information, user choice, data control, and valid consent mechanisms associated with the collection and use of vehicle and driving-related data.

For the most part, the resolution holds no surprises – the majority of the DPAs have repeatedly taken general positions that transparency regarding personal data use and user control with respect to those uses, will, in their perspective, be critical in connected vehicles.

The resolution calls upon all relevant parties to fully-respect the users’ rights to protection of personal data.  This includes standardization bodies; public authorities; vehicle and equipment manufacturers, personal transportation services and car rental providers; and providers of data driven services such as speech recognition, navigation, remote maintenance or motor insurance telematics services. The resolution strongly encourages incorporation of privacy by design and default in each stage of the development and creation of new autonomous devices or services.

In addition, the resolution urges that the relevant parties, among other things:

  • Give data subjects comprehensive information about what data is collected, for what purposes and by whom and provide granular and easy to use privacy controls for vehicle users enabling them to, where appropriate, grant or withhold access to different data categories in vehicles;
  • Utilize anonymization measures to minimize the amount of personal data collected;
  • Retain personal data no longer than necessary and provide technical means to erase personal data when a vehicle is sold or returned to its owner and restrict the collection of data;
  • Provide secure data storage devices that put vehicle users in full control regarding the access to the data collected by their vehicles and provide technical measures to protect against cyber-attacks and prevent unauthorized access to and interception of personal data;
  • Respect the principles of privacy by default and privacy by design;
  • Guarantee that self-learning algorithms needed for automated and connected cars are made transparent in their functionality and have been subject to prior assessment by an independent body in order to reduce the risk of discrimination by automated decisions;
  • Provide vehicle users with privacy-friendly driving modes with default settings; and
  • Enter into a dialogue with the data protection and privacy commissioners to develop compliance tools to accompany and provide legal certainty to connected vehicles’ related processing.

While the resolution created a bit of buzz in Hong Kong, most observers believed that nothing surprising was provided. There was a general feeling that quite a bit of progress remains to be made with regulators and the expectations they may have regarding the connected vehicle industry.

The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.

Receive Email Alerts to New Articles

SUBSCRIBE

October 9, 2017
Written by: Discerning Data Editorial Board
Category: Privacy
Tags: Connected Cars, Data Protection, International, IoT

Post navigation

Previous Previous post: A Top-5 Panel Round-up of the Mobile World Congress Americas
Next Next post: Legislative Spotlight: Self-Driving Cars Part 1

Search the Blog

Sign Up for Email Alerts

PODCASTS

Faegre Drinker on Law and Technology

©2023 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

  • About Us
  • Additional Resources
  • Contact Us
We use cookies to improve your experience with our website. By browsing our site, you are agreeing to the use of cookies. For more information about how we use cookies, please review our privacy policy and cookie policy. OK
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT