February 2, 2023

Volume XIII, Number 33


February 01, 2023

Subscribe to Latest Legal News and Analysis

January 31, 2023

Subscribe to Latest Legal News and Analysis

January 30, 2023

Subscribe to Latest Legal News and Analysis

Connected Cars in 2018 – Ready for the Fast Lane?

One of the most frequent predictions for significant growth in 2018 is the development of the connected car ecosystem. During the second half of 2017, there were workshops, proposed legislation and other guidance from the Department of Transportation and the National Highway Traffic Safety Administration (NHTSA).

In June 2017, the FTC and the NHTSA hosted a workshop in Washington, D.C. to discuss the enormous amounts of data collected and used in the connected car ecosystem. The workshop included representatives from consumer groups, industry, government and academia, and explored the benefits and challenges in this fast-growing market. After reviewing the materials submitted in connection with the workshop, the FTC released its Key Takeaways earlier this month.

In addition, the U.S. House of Representatives passed H.R. 3388, the SELF DRIVE (Safely Ensuring Lives Future Development and Research in Vehicle Evolution) Act to encourage testing, development and deployment of highly automated vehicles. Finally, the U.S. Department of Transportation and the NHTSA released new federal guidance for automated vehicles titled Automated Driving Systems 2.0: A Vision for Safety.

The FTC Staff Perspective noted the following key takeaways:

  • Car manufacturers collect data for a variety of purposes.

  • Geolocation data to direct emergency personnel to the scene of a crash.

  • Infotainment systems use consumer data to access apps or contact information.

  • Third parties provide “dongles” that connect to ports in cars and collect and transmit consumer driving habits. Such data could be used for diagnostic purposes or could be of value to insurance companies.

  • The types of data collected range from aggregated data to sensitive personal data.

  • Aggregate data could be used for traffic management, while biometric data such as fingerprints or iris patterns could be used for authentication purposes.

  • Consumers may be concerned about the secondary, unexpected uses of the data.

  • Addressing privacy concerns is important to gain consumer acceptance.

  • Industry initiatives are underway to educate consumers. (Consumer Privacy Principles were jointly introduced by the Alliance of Automobile Manufacturers and Global Automakers in 2014, and the National Automobile Dealers Association is partnering with the Future of Privacy Forum.)

  • Different approaches may be needed for different types of data and use.

  • Connected and autonomous vehicles will have cybersecurity risks and vulnerabilities that can be exploited. Panelists identified some best practices for addressing some of the risks, including the following:

  • Information sharing with groups such as the Auto-ISAC, the International Organization for Standardization and the Society of Automotive Engineers could limit the extent to which vulnerabilities can be exploited.

  • Network design opportunities could be useful to protect safety-critical functions if they are segregated from other functions controlled through the network.

  • Disclose newly discovered vulnerabilities during development and after sale to mitigate such risks.

  • Continued efforts to establish standards for baseline security for connected cars, through industry self-regulation in connection with government standards and guidance such as the NIST Cybersecurity Framework.

The FTC Staff Perspective highlights a number of key issues that we will continue to follow.

© 2023 Faegre Drinker Biddle & Reath LLP. All Rights Reserved.National Law Review, Volume VIII, Number 29

About this Author

Katherine Armstrong, Drinker Biddle Law Firm, Washington DC, Data Privacy Attorney

Katherine E. Armstrong is counsel in the firm’s Government & Regulatory Affairs Practice Group where she focuses her practice on data privacy issues, including law enforcement investigations, and research and analysis of big data information practices including data broker issues.

Katherine has more than 30 years of consumer protection experience at the Federal Trade Commission (FTC), where she served in a variety of roles, including most recently as a Senior Attorney in the Division of Privacy and Identity Protection.  In the Division of...