July 4, 2020

Volume X, Number 186

July 03, 2020

Subscribe to Latest Legal News and Analysis

July 02, 2020

Subscribe to Latest Legal News and Analysis

July 01, 2020

Subscribe to Latest Legal News and Analysis

Worldwide Group of Data Privacy Regulators Issues Guidance on Connected-Car Technologies

A global group of data privacy regulators has, for the first time, set forth data privacy and security guidance on the development of automated and connected-car technologies. The Resolution on Data Protection in Automated and Connected Vehicles was announced at the recently convened International Conference of Data Protection and Privacy Commissioners (ICDPPC). The resolution sets forth 16 data privacy and security principles to guide automotive manufacturers, transportation-service providers, car rental companies, and providers of data-driven services (e.g., speech recognition, navigation remote maintenance, or motor insurance telematics services) in the development of connected-car technologies.

Of note, the Commissioners recommend that automotive manufacturers and other relevant parties:

  • utilize anonymization measures to "minimize the amount of personal data or use pseudonymization when the former is not feasible;"

  • minimize collection and retention of personal data;

  • implement easy-to-use privacy controls for vehicle users, enabling them to grant or withhold access to different data categories, where appropriate;

  • implement secure data storage technologies;

  • develop and implement technologies to prevent unauthorized access to and interception of collected personal data;

  • provide safeguards against unlawful tracking/tracing of drivers, and limit the possibility of illegitimate vehicle tracking and driver identification;

  • commission an assessment by an independent third party of potential discriminatory automated decisions arising from self-learning algorithms, and;

  • conduct data impact assessments for new, innovative, or risky development or implementation of these data technologies.

The ICDPPC is composed of dozens of member entities from around the world, and includes representative organizations from the European Union as well as the Federal Trade Commission (FTC).

The non-binding resolution was adopted in a closed session at the conference and represents the first—and by far the most granular—data privacy and security guidance for connected-car manufacturers. Notably, the FTC abstained from the resolution, leaving open the question of applicability to connected-car manufacturers, application developers, and car rental companies in the United States.

Implementation of the resolution will require a substantial investment of technological resources by connected-car manufacturers (and other original equipment manufacturers) as well as careful legal consideration of the potential impact on privacy of these technologies.

Copyright © by Ballard Spahr LLPNational Law Review, Volume VII, Number 275

TRENDING LEGAL ANALYSIS


About this Author

Edward McAndrew, Ballard Spahr, Philidelphia, Washington DC, Data Security, Privacy
Partner

Edward J. McAndrew is a counselor, investigator, and trial lawyer who helps clients navigate life in the digital world. He is the Co-Practice Leader of the firm's Privacy and Data Security Group.

Named a "Cybersecurity and Data Privacy Trailblazer" by The National Law Journal, Mr. McAndrew advises clients on cybersecurity, digital privacy, cyber-incident response, social media, online speech, defamation, commercial, employment, intellectual property, corporate governance, regulatory, and criminal matters. He also advises clients on cyber-based national security issues, as...

202-661-7696
David Stauss, Ballard Spahr Law Firm, Denver, Privacy and Litigation Attorney
Partner

David M. Stauss focuses on complex business and commercial litigation in state and federal courts. He handles all aspects of litigation on a wide range of substantive matters for clients, including product liability, landowner liability, and commercial lending.

Mr. Stauss is head of the Denver office's privacy and cybersecurity practice group. He advises clients on regulatory and statutory compliance issues, third-party vendor management policies and contractual provisions, cyber liability insurance retention and coverage analysis, information security controls, incident response policies and plans, and data breach response.

303-299-7363
Neal Walters, Products Liability, New Jersey, Attorney, Lawyer, Ballard Spahr, Law Firm
Partner

Neal Walters is the Practice Leader of Ballard Spahr's Product Liability and Mass Tort Group, and a member of the firm's Manufacturing and Retail Industry Groups. Mr. Walters has a diverse trial and litigation practice focused on protecting product companies, as well as clients involved in technical matters, against a broad range of risks. As counsel for several consumer product manufacturers, he has defended and coordinated product liability and consumer claims, including class actions, through trial in jurisdictions across the country. He also counsels companies on contractual,...

856.761.3438
Philip Yannella, Ballard Spahr Law Firm, Philadelphia, Data Security Attorney
Partner

As Co-Practice Leader of Ballard’s Privacy and Data Security Group, and Practice Leader of the firm’s E-Discovery and Data Management Group, Philip N. Yannella provides clients with 360-degree advice on the transfer, storage, and use of digital information.

Mr. Yannella regularly advises clients on the Stored Communications Act (SCA), Computer Fraud and Abuse Act (CFAA), EU-US Privacy Shield, General Data Protection Regulation (GDPR), Defense of Trade Secrets Act, PCI-DSS, Telephone Consumer Protection Act (TCPA), New York Department of...

215-864-8180
Justin Shiroff, Ballard Spahr Law Firm, Las Vegas, Commercial Litigation and Healthcare Law Attorney
Associate

Justin A. Shiroff’s practice is concentrated in commercial litigation (with an emphasis on consumer financial services litigation), as well as healthcare law and data privacy/cybersecurity. His experience also extends to disputes involving employment law. Mr. Shiroff has represented a range of clients that include information security providers, banks and other lending institutions, hospitals and gaming companies/resorts. In addition to his commercial litigation practice, in the health care services field, he has assisted clients in a variety of issues including...

702-868-7527