If driverless cars are the future of the automotive industry, ‘connected cars’ (put simply, cars with an internet connection) are the present.
While we are all eager to hand over our keys and be bussed around town in a driverless car sometime next decade, connected cars with varying (and increasing) degrees of automated functionality are already here. In fact, connected cars are expected to account for around 50% of new cars manufactured by 2018, and 75% of all new cars by 2020.
Many of the ‘connected’ features in a connected car will depend in some way on the collection and distribution of data through the vehicle. For example, a connected car may have:
- devices for recording and sharing information about road conditions, driver behaviour or accidents
- in-built GPS and navigation systems
- automatic emergency calling devices
- sophisticated entertainment systems that can stream audio and video content from the Internet.
These systems may share data with a range of third parties, including car manufacturers, infrastructure operators, insurers and third party service providers. As technology develops, the amount of vehicle-to-vehicle vehicle-to-vehicle (V2V) and vehicle-to-everything (V2X) communication on our roads will only increase.
The collection and sharing of information through connected cars brings significant potential benefits. For example, the data may help:
- manufacturers design and build safer and more efficient cars
- governments make better informed decisions about where to build new transport infrastructure
- drivers by helping them choose quicker routes to travel or access more creative and personalised in-car entertainment.
However, this collection of large amounts of new data may pose significant privacy and data security challenges.
Privacy – an ongoing concern
Connected cars can collect and transmit massive volumes of information about the habits, preferences and behaviours of drivers. For example, if a car can collect details of journey times and routes, then it will not take long before patterns may appear that could reveal deep insights into the driver (such as where they work, where they go to school, where they like to shop and at what time of day).
Manufacturers of connected cars, and providers of ancillary services, will need to think carefully about how they use this information in order to ensure that they remain fully compliant with applicable privacy laws.
Privacy issues that will need to be worked through may include:
- Deciding what information can be collected
The general starting point under the Australian Privacy Principles (APPs) is that a business can only collect personal information (that is, information about an individual whose identity is apparent or can be reasonably ascertained) if the information is ‘reasonably necessary’ for one or more of its functions or activities.
This may present a philosophical question for the manufacturer of a connected car about what the functions and activities of its business really are. It may not be controversial to say that information about the operation of the car’s steering or braking functions is relevant to the manufacturer’s core functions, as it can help improve the design of future models. However, location data that reveals information about the driver’s daily habits, such as where they work or shop, is hardly relevant to any vehicle design or manufacturing functions.
On the other hand, if the manufacturer broadens its business to include value-added services (say some type of in-car concierge feature) then it may be far easier to demonstrate that this type of information is required for those functions. Accordingly, in a real sense, the scope of information that may be collected through a connected car will be shaped by the nature of the business conducted through or in association with that vehicle.
- Deciding what information should not be collected
Perhaps equally as important as working out what types of data can be collected is deciding on what types of data not to collect.
Under the APPs, special obligations apply to the collection of ‘sensitive information’ (such as information about a person’s health or political or religious beliefs or affiliations). It is not difficult to see how location data collected through car usage could reveal sensitive information about the driver. For example, if the data shows that the car travels to a synagogue every weekend then it may suggest that the driver is Jewish, or if the car is making regular stops at a fertility clinic then it may reasonably be concluded that the driver or their partner is having difficulty conceiving.
A range of stricter requirements apply in relation to the collection and management of sensitive information. For example, in most cases collection will require consent and a higher standard of security may need to be applied to sensitive information, given the more significant consequences that may flow from a data breach affecting that type of information. Accordingly, operators of connected car applications may wish to deliberately design their systems in a way that will ensure they do not generate this type of information.
- Exercising caution when sharing information
One common way of extracting new value from a raw data set is to ‘mash up’ that data with another data set. To take an obvious example, a car insurer may combine driving data with customer claims records to inform risk assessments of drivers in different demographics or for different car models. From slightly further left in the field, a health insurer may be very interested to know how often a particular driver is stopping at the drive-through window of a fast food restaurant as it may suggest the driver has lifestyle habits that put them in a higher risk category.
Data mash ups can be problematic from a privacy perspective if the data involved includes personal information and the individual concerned may not have consented or otherwise expect that type of sharing to occur. There are different strategies for mitigating this risk, including being very clear in relevant privacy policies and information collection statements about what you intend to do with the information and who you will share it with, or alternatively only sharing information in an aggregated and de-identified form. However, in all cases the privacy implications of any information sharing activities will need to be carefully considered.
Privacy concerns around connected cars are increasingly on the radar of consumer groups and regulators in Australia. The Australian Automobile Association (AAA) and the Royal Automobile Club of Victoria (RACV) have recently launched a campaign under the name “My Car My Data” that focusses on raising motorists awareness of the issues surrounding connected cars. The campaign calls for manufacturers to more clearly inform customers about what data will be collected through their cars, and for customers to have full control of and full access to that data.
The campaign also calls for regulators to take proactive steps to protect the data that car manufacturers may collect. So far, 8 of 24 car manufacturers invited to share their data policies as part of the campaign have done so. In addition, the ACCC has started to look at consumer issues with access to car data as part of its current market inquiry into the retail market for new cars. We expect to see an increase in regulatory and consumer-rights activity in this space as the number of connected cars on the road continues to increase.
Data security meets personal safety
Concerns about safety may be one significant barrier to the mass market adoption of automated vehicle technology. While people may well accept that properly functioning automation systems will increase safety on the road by eliminating or mitigating human error, the true concern may lie in what happens when the system does not function correctly.
The recent first fatal accident involving the use of Tesla Motor’s ‘autopilot’ system is a stark example of the very serious consequences that may flow from any failure in the design or operation of a self-driving vehicle. While Tesla has statistics to show that its system has generally proved very safe and reliable, and is no doubt continually improving the system design to further mitigate the risks, there will always be the spectre of third party interference.
Security experts have already demonstrated the potential for harm as a result of external interference with connected cars by ‘hijacking’ a variety of connected vehicle systems, most famously last year managing to disable the transmission of a Jeep through its infotainment system. The next attack may not come from security experts testing vulnerabilities, but from malicious parties intent on ransoming vehicles, extorting money, or simply on causing harm to life and property.
You’re only as strong as your weakest link
One key challenge in combating this threat is that a connected system will only ever be as strong as its weakest link. For example, in the Jeep case, the hackers found a weak spot in the car’s infotainment system. Often manufacturers will use a range of third party components in their vehicles. In order to defend against external hacking threats, manufacturers will need to carefully manage their supply chain and require that all components are designed and built to meet the same exacting security standards. It will also be important to ensure that components are designed in a way that allows them to be easily updated or patched if a security vulnerability is identified after the vehicle has already rolled out of the dealership.
Effective defence against cybersecurity risks is a test for the industry as a whole and will require an industry-wide response. It may be useful for car manufacturers to collaborate and share information about security threats and develop common security standards for their industry. There may also be a role to play for regulators to provide independent oversight, set benchmark standards, penalise breaches of those standards and build consumer confidence.