Security, Privacy Musts for Connected Cars Revolution

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jimmy H. Koo

Feb. 4 — Connected cars present a chance to “revolutionize mobility” but they also stand out as “prominent targets” for hackers, Federal Trade Commissioner Terrell McSweeny said Feb. 4.

If there is no consumer trust in connected cars' ability to secure personal information, consumers won't buy them, McSweeny said at the Connected Cars USA 2016 conference.

There is a real opportunity to increase security and, along with it, consumer trust, she said.

Speaking at the same conference, Sen. Edward Markey (D-Mass.) highlighted the need to establish minimum standards to prevent hacking of connected cars. Discussing a bill he introduced with Sen. Richard Blumenthal (D-Conn.)—the Security and Privacy in Your Car (SPY Car) Act —Markey said that car owners should know when their data is collected, transferred and retained.

Other panelists at the conference echoed the need to establish minimum standards, but cautioned that policy discussions shouldn't generalize the concept of connected cars.

Privacy Risks

Hilary Cain, director of Technology and Innovation Policy at Toyota Motor North America, Inc., described what she called the “Three Buckets” of connected cars—infotainment; vehicle-to-vehicle communication; and the Internet of things, such as when the connected cars interact with a smart mobile device. This distinction matters because the policy conversation changes depending on the bucket, Cain said. “Privacy risks are different depending on the bucket,” she added.

The Internet of things will be the “ecosystem” of connected cars and security will be the main issue to tackle, Shane Rooney, executive director of Smart Cities & Transport at GSMA, said. Hacking will be a problem and therefore, we need to have a secure design, he said. However, there are a number of “entry points” for cyberattacks in a connected car, Rooney said.

“Hackers will always find new ways to attack,” and therefore, car makers and other involved parties will need to evolve, Rooney added.

Regarding consumer concerns over data collection, Cain pointed to the collection of geolocation data, behavioral information such as driving speed and biometric data. Under a “privacy code of conduct” that the automobile industry agreed to in November 2014 and went into effect in January 2016, Cain said, car companies are prohibited from sharing collected data with a third party or using collected data for marketing purposes without user consent.

To contact the reporter on this story: Jimmy H. Koo in Washington at

To contact the editor responsible for this story: Donald G. Aplin at