Auto Alliance issues privacy principles around internet-connected vehicles
As new technologies, such as biometrics, continue to be incorporated into vehicles, the Alliance of Automobile Manufacturers and the Association of Global Automakers (which includes nearly every major car manufacturer) has created a set of privacy principles designed to assure customers their personal and automotive data is treated with adequate privacy.
While things like self-driving cars haven’t hit public roadways yet, many technologies are being incorporated into vehicles such as biometric systems that verify the driver of a car and systems that route drivers around the path of a storm, which use user data.
According to an official statement, the “Consumer Privacy Protection Principles for Vehicle Technologies and Services” provide guidelines for participating members and others in order to ensure baseline customer privacy when it comes to vehicle technologies and services.
The framework is based on the NIST’s Fair Information Practice Principles (“FIPPs”), and includes seven major principles: Transparency; Choice; Respect for Context; Data Minimization, De-Identification & Retention; Data Security, Integrity & Access, and Accountability.
Particularly interesting are the stipulations around data minimization, de-identification and retention which specify that data must be used for “legitimate business purposes”, and that data must not be retained for longer than it is determined necessary.
The data security principle also requires participating members to implement reasonable measures to protect consumer data against loss and unauthorized access or use.
Members of the Alliance and Global Automakers have been working on the principles since Spring of 2014, and this work reflects growing concerns around the collection and use of personal data by private companies.