Regulators, Carmakers Plot Road to Connected Car Privacy, Security

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jimmy H. Koo

Regulators should exercise “humility” when considering government oversight of privacy and data security issues for vehicles connected to the internet, Federal Trade Commission Acting Chairman Maureen Ohlhausen said June 28.

Predicting the future of how connected cars will develop is very difficult, Ohlhausen said in remarks at a connected cars workshop sponsored by the FTC and and the National Highway Traffic Safety Administration.

Dozens of companies, including Ford Motor Co. and Alphabet Inc.'s Waymo, are rushing to develop and test fully-autonomous vehicles which rely on web connectivity. The global connected car market will reach $180.3 billion by 2022, according to a study by Grand View Research, Inc.

The FTC should address actual or likely injury to consumer privacy and data security while fostering development of connected cars, Ohlhausen said. The FTC will use its enforcement powers under the FTC Act but also wants to avoid overlap or conflict with NHTSA oversight efforts, she said.

The common goal among regulatory agencies is to foster development of connected cars, while protecting consumer privacy and promoting security, Ohlhausen said.

Terry T. Shelton, acting executive director of NHTSA, agreed, saying that her agency will work with the FTC on those goals.

Collaborative Public, Private Effort

Nat Beuse, associate administrator for vehicle safety research at NHTSA, said that privacy and cybersecurity best practices are important to allow the connected car ecosystem to grow.

However, it is “impossible” for the government and the automobile industry to tackle every single threat vector in connected cars, he said. Rather than trying to police innovation, connected car manufacturers should take responsibility at some point to address threats, Beuse said.

Jeff Massimilla, chief product cybersecurity officer at General Motors Co., said defending against cyberattacks requires collaboration among different stakeholders, including car companies, the FTC, and NHTSA.

Lauren Smith, policy counsel at the Future of Privacy Forum, pointed to the self-regulatory efforts of the Alliance of Automobile Manufacturers, the Association of Global Automakers and their members—including BMW Group, Ford, General Motors, Toyota Motor Corp., Daimler AG’s Mercedes-Benz USA, Mitsubishi Corp., Honda Motor Co. Ltd., Hyundai Motor Co., and Nissan Motor Co. Ltd.. The groups established Privacy Principles for Vehicle Technologies and Services voluntary industry standards, which went into effect in January 2016.

To contact the reporter on this story: Jimmy H. Koo in Washington at jkoo@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.