Privacy & Information Security Law Blog

On January 9, 2018, the FTC issued a paper recapping the key takeaways from the FTC’s and National Highway Traffic Safety Administration’s June 2017 workshop on privacy and security issues involving connected cars. The workshop featured representatives from consumer groups, industry, government and academia.

Below are some of the key takeaways from the FTC’s paper:

• Many companies throughout the connected car ecosystem will collect data from vehicles for various purposes, including (1) car manufacturers (such as geolocation data in the event of a crash); (2) manufacturers of infotainment systems (such as data about consumers to allow them to use apps or connect to the Internet); and (3) third-party dongle providers (such as information about driving habits and diagnostic information). The types of data collected could include aggregate data, non-sensitive personal data and sensitive personal data.
• Consumers may be concerned about secondary, unexpected uses of their data, including the potential selling of their data to third parties, or the use of their data (such as vehicle app usage data) for targeted advertising purposes.
• Workshop participants indicated that addressing consumer privacy concerns is critical to consumer acceptance and adoption of the emerging technologies behind connected cars. Participants suggested that different approaches, such as with respect to consumer choice (i.e., the ability to opt out), may be needed based on whether the collected consumer data is safety-critical or not.
• Connected cars pose cybersecurity risks that potentially can be exploited by hackers, and there are various motivations for such attacks (such as monetary gain and nation-state crime). Participants suggested some best practices to help mitigate these risks, including with respect to information sharing, networking design, risk assessment and standard setting.