Battle lines drawn over automotive data collection

As July came to a close, the California Privacy Protection Agency (CPPA) announced that it was launching a review of the data protection regimes, or lack thereof, covering assisted driving systems.

California not only has massive armies of vehicles on its roads (its registrations total around 35M, if you’re curious), it’s also sort of a Ground Zero for privacy protection laws thanks to its ever-thriving native tech sector. So, like other corners of the modern economy that generate reams of data, automakers and ADAS solutions providers are starting to come under the regulatory microscope (although we don’t know which ones, because the CPPA hasn’t revealed any specifics about the companies it might be targeting. Also, the agency turned down a request to answer fresh questions for this article, saying that its press release on the probe is sufficient comment).

According to Alcia Arnold, managing director of corporate data consultancy fifty-five, this is correct and necessary because with the very act of driving today, “Users are sharing an enormous amount of data. Any automobile feature that requires connectivity – such as remote lock/unlock, engine start/stop, climate control, vehicle status, location tracking, geofencing, emergency assistance, and even in-cabin music – gathers and uses consumer data. Because there is so much sensitive information being shared within these connected cars, it is imperative the state sets policies in place to ensure consumer protection.”

This leads to a concern, or a hope, depending on your point of view: will California’s in-car data privacy push be the first of many such regulatory efforts? “Yes and no,” said Peter Cassat, partner at tech sector-focused law firm Culhane Meadows and former general counsel for Cox Automotive. “California is often the leader and the de facto standard setter for privacy initiatives but whether other states will have the resources to devote to enforcement efforts, is less certain and this is part of a larger privacy debate not just related to automotive.”

Regardless, once the genie is out of the bottle, it’s hard to stuff it back in. Assuming the CPPA can more or less properly address data privacy concerns inside the vehicle, we can fully expect other state, and even national and supra-national, regulators to follow its lead. One executive that’s anticipating such a development is Ani Chaudhuri, CEO of data security solutions company Dasera. In his view: “The California privacy watchdog’s recent move reflects a growing global concern: the vast and intricate web of data generated by connected vehicles. History has shown us that regulation often follows where data proliferation goes, whether it’s with social media platforms, online transactions or connected vehicles. This is less a beginning and more an inevitable progression.”

To read the complete article, visit TU-Automotive.