Automotive Industry Balances Demand For Connected Cars With Privacy Concerns

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Joyce E. Cutler

June 19 —The automobile industry is trying to meet consumer demand for connected vehicles while responding to consumer, regulator and lawmaker concerns in the “brave new world” of the Internet of things, privacy professionals said June 17.

Cars that come pre-loaded with Bluetooth, Wi-Fi, navigation systems and keyless entry systems that collect information about drivers raise privacy alarms over what information is collected, who has access to it and for what purpose, speakers at the Internet of Things Privacy Summit in Menlo Park, Calif., said. Privacy trustmark company TRUSTe Inc. sponsored the conference.

Auto companies have long collected information about vehicles for diagnostic purposes, and as cars become more technologically advanced, “manufacturers are becoming more like tech companies than they ever have,” said Timothy P. Tobin, a partner with Hogan Lovells LLP in Washington, who represents the Alliance of Automobile Manufacturers.

That is a challenge for “people who are used to designing and manufacturing vehicles,” Jill Phillips, chief privacy officer for General Motors Inc., said.

For example, automakers and medical professionals may want information about car accidents to determine how best to treat injuries from accidents and how to design to reduce injuries, Phillips said. The potential uses of biometric information or other information could include a driver seeking to get a license restored or a better insurance rate, she said.

“We don't know all the uses for this stuff,” Phillips said. “So it's kind of brave new world in terms of being able to collect it in your car.”

Not ‘Creepy Data Hoarders.’

The automotive industry has found itself subject to some of the outcry about data collection, access and use, Hilary Cain, director of technology and innovation policy at Toyota North America Inc., said on a separate panel.

“We were so frustrated because as we an industry and certainly as a company weren't creepy data hoarders,” she said. “That's not what this was all about. The connectivity was about providing services that our customers were demanding of us.”

“We weren't doing creepy things, and yet people were claiming we were doing creepy things,” Cain said.

Lawmaker Concerns 

In Congress, lawmakers have expressed concern about protecting consumer privacy in connected cars.

According to a report released in February by Sen. Edward J. Markey (D-Mass.), automakers are adding wireless technologies into vehicles without enough protections to keep hackers from interfering with the operation of a car or stealing personal information.

In March, the Senate Committee on Commerce, Science and Transportation unanimously approved the bipartisan Driver Privacy Act (S. 766) that would make the owner of a vehicle the owner of any information collected by an event data recorder.

Self-Regulatory Efforts 

The automotive industry has expressed awareness of privacy and security issues as well. In November 2014, the two biggest U.S. automaker trade groups, the Alliance of Automobile Manufacturers and the Association of Global Automakers, revealed a baseline set of self-regulatory privacy principles, the “Privacy Principles for Vehicle Technologies and Services,” which called for heightened security for information such as driver location and behavior. 

But Tobin said there is no body behind the principles to police them. “What it does mean is by signing on publicly and committing to abide by these principles, essentially companies are putting themselves on the line for a violation of Section 5 of the Federal Trade Commission Act if they don't abide by those” and might face an unfair trade practice charge for noncompliance, he said.

Joe Jerome, policy counsel for the Future of Privacy Forum, said the principles serve as a model for other Internet of things sectors for self-regulation. “The principles really do seem to do a good job of recognizing that not all data generated in the cars are equal and there are certain categories and segments of data that cars can generate are particularly sensitive and interesting,” Jerome said.

Cain said the industry's “desire to come together and do privacy principles was less about trying to thwart regulation but to try to show our consumers, most importantly, but also maybe lawmakers and regulators and some of the consumer advocacy groups, that this is what we stand for in the auto space, this is what we believe in, and this is what we're going to make a public commitment to do.”

To contact the reporter on this story: Joyce E. Cutler in San Francisco at

To contact the editor responsible for this story: Katie W. Johnson at