Last week, a group of privacy experts, including regulators and representatives of the automobile and consumer electronics industries, spoke at a Continuing Legal Education Program hosted by the Federal Communications Bar Association. The panel discussed, among other things, the relatively new set of privacy principles that has been developed for vehicle technologies and services, which is scheduled to take effect in January 2016. This post summarizes those principles and the panelists’ comments.
Privacy Principles for Vehicle Technologies and Services
In November 2014, the Alliance of Automobile Manufacturers and the Association of Global Automakers released a set of guiding principles, “Consumer Privacy Protection Principles: Privacy Principles for Vehicle Technologies and Services,” aimed at protecting personal information collected through in-car technologies. These Principles will be effective for existing vehicle technologies and service subscriptions begun or renewed as of January 2016 and they will be subject to enforcement by the Federal Trade Commission (FTC) pursuant to Section 5 of the FTC Act (15 U.S.C. § 45), which prohibits “unfair or deceptive acts or practices in or affecting commerce.” According to the panelists, the Principles are an attempt by the automakers to be proactive and gain the consumer’s trust in a meaningful way. To date, 19 manufacturers have adopted the Principles. These Principles are a product of collaboration among representatives from each of the adopting car manufacturers and input from the FTC and legislatures.
The Principles apply to the collection, use, and sharing of “Covered Information” in association with connected cars. “Covered Information” consists of (1) information that vehicles collect, generate, record, or store in an electronic form and that is linked to the vehicle from which the information was retrieved, the owner of that vehicle, or the user of the connected service in that vehicle or (2) information that individuals provide during the subscription or registration process that on its own or in combination with other information can identify a person, such as a name, address, credit card number, or email address.
The Principles are:
- Transparency: Providing consumers with ready access to clear, meaningful notices about the collection, use, and sharing of Covered Information.
- Choice: Offering consumers certain choices regarding the collection, use, and sharing of Covered Information. For example, using geolocation information, biometrics, or driver behavior information as a basis for marketing requires affirmative consent.
- Respect for Context: Using and sharing Covered Information in ways that are consistent with the context in which that information was collected, taking into account the likely impact on consumers.
- Data Minimization, De-Identification & Retention: Collecting Covered Information only as needed for “legitimate business purposes” and retaining it for no longer than necessary for those purposes. One attendee expressed concern that “legitimate business purposes” was too broad and opaque to be a meaningful limitation, to which the car industry panelists responded that they expect companies to individually develop further specificity with respect to the Principles.
- Data Security: Implementing reasonable measures to protect Covered Information against loss and unauthorized access or use. “Reasonable measures” include “standard industry practices,” which the car industry panelists indicated are something the industry is actively considering.
- Integrity & Access: Implementing reasonable measures to maintain the accuracy of Covered Information and giving consumers reasonable means to review and correct information that individuals provide during the subscription or registration process that on its own or in combination with other information can identify a person, such as a name, address, credit card number, telephone number, or email address.
- Accountability: Taking reasonable steps to ensure that those who adopted the Principles and other entities that receive Covered Information adhere to the Principles.