Autonomous vehicles are coming fast. It is now believed that autonomous vehicles will be widely available to consumers by 2020. Many futurists predict that one day owning and driving a car will be a hobby, much like horseback riding, and that most consumers will simply press a button on their mobile devices to have a car transport them to and from various destinations. While the societal, infrastructural and safety benefits of such a world are obvious, the privacy implications associated with these innovations are rarely discussed—or certainly not enough as they should be.
According to a report from Intel, autonomous vehicles may generate over 4 terabytes of data each day — based on the current average use of non-autonomous cars at one hour and a half of driving a day. In other words, an autonomous vehicle will produce, in an hour and a half, over three-thousand times the data an average internet-using consumer produces in a single day. While data generation at this scale is not yet the norm, current vehicles already generate and collect a great deal of personal information, making discussions around privacy timely and important.
With innovation racing ahead at break-neck speeds, policy makers will have to work doubly hard to ensure privacy policies and protections are in place as quickly as possible. This is especially so considering data privacy was one of the top 5 consumer concerns (according to a study out of the University of Michigan Transportation Institute). To ensure that autonomous vehicles are adopted, consumers will need to trust their cars (or car services), in respect of both its safety and protection of privacy.
It was refreshing, therefore, when the Privacy Commissioner of Canada, Daniel Therrien, appeared before the Senate Committee on Transportation and Communications (“TRCM”) on March 28, 2017, to discuss these exact issues.
Modern cars are more than simply vehicles […] [t]hey have become smartphones on wheels.
Mr. Therrien’s statement is not far from the truth. By connecting your phone to your car, or by using the onboard infotainment systems, your car can collect and store information about your location, address books, calls, text messages and musical preferences. As with any innovative technology, the adoption rate of the first-movers will dictate the market leaders for the foreseeable future. While one of the main barriers to adopting autonomous vehicles is the safety of the vehicles, another may be the car providers’ approach to consumer privacy. While companies are often thought of as being unwelcoming of overzealous regulations, Mr. Therrien offered a fresh perspective when he suggested that privacy regulations may help increase the adoption rate of autonomous vehicles by alleviating consumer’s privacy concerns altogether. Mr. Therrien may have a point. If one of the larger barriers for adopting autonomous vehicles is privacy, then autonomous vehicle companies should explore strategies that embrace privacy regulations, not dismiss them. Additionally, even in the absence of privacy regulations, autonomous vehicle companies should at least conduct an analysis of whether privacy can be used as differentiator to increase the adoption rate of their vehicles.
In terms of Canadian policy, Mr. Therrien suggests three main areas that regulators should focus on.
First, Mr. Therrien suggests that consumers need to understand who to contact regarding their privacy concerns. Is it the car manufacturer, the car dealer from whom they purchased the car, the smartphone developer, the application developer or maybe it is some third party who owns the information. The interplay between all of the various companies makes it difficult for the average consumer to understand who they need to contact regarding their privacy concerns. By providing clear guidance, consumers will feel more comfortable using autonomous vehicles.
Second, Mr. Therrien suggests that regulators should create standards for wiping consumer data when a car is resold, returned or simply re-rented to another driver. Having standard practices will ensure that any subsequent user cannot illicitly collect and disclose private information pertaining to previous drivers.
Lastly, Mr. Therrien suggests that regulators need to ensure that the collection, use and disclosure of private information continues to be communicated to consumers in a clear and understandable way so that they have a real choice in providing consent to services that are not essential to the proper functioning of their car. The days are over where companies can hide their privacy policies under the façade of legalese. Instead, it is better to draft easy-to-understand privacy policies that consumers understand. This level of transparency and openness can differentiate autonomous car providers and build a consumer base that trusts the car provider. This can help increase adoption rates in what is likely to become a very competitive landscape.
If, as Mr. Therrien and we suggest, specific privacy regulations for autonomous vehicles can help increase the adoption rate of autonomous vehicles and move the industry forward, companies in the space have every incentive to get involved in the legislative process and to embrace privacy legislation as a means to expedite the market-readiness of their products.
Regardless of whether regulators choose to create new privacy regulations, individual autonomous vehicle providers can fine-tune their stance on privacy to differentiate and increase the adoption rate of their products or services.
In short, autonomous car providers need to pay attention to their stance on privacy. They should not be afraid to embrace legislation that is intended to protect consumer privacy, since it may help increase the adoption rate of autonomous vehicles. Even if regulators do not implement more stringent privacy regulations for autonomous vehicles, car providers can use their stance on privacy to aid in becoming a market leader. After all, it may not be a stretch to suggest that the winners and losers in the new autonomous vehicle industry may, in part, be dictated by the companies’ privacy policies.