Cyber security for cars – the impact of connectivity on security and privacy

Rocio De la Cruz, principal associate at Gowling WLG

The UK is fast becoming a global hub for the development of connected and autonomous vehicle technologies including testing of driverless vehicles in the urban environment.

But how is the industry being affected by legislation governing privacy? asks Rocio De la Cruz, principal associate at Gowling WLG.

Millions of vehicles worldwide are being implemented with in-vehicle computer systems and connected devices, raising many concerns concerning privacy.

Autonomous and connected vehicles (ACVs) collect data from numerous sources in order to deliver both the basic mobility function and broader societal benefits.

Personal data relating to insurance, taxes, locations, mileage, fees and bookings will all need to be processed to provide the service. If customers opt into other services such as Wi-Fi, entertainment, telephony and marketing services—such data will be processed by a number of different operators.

Some of these operators may want or need to share data between themselves, therefore forming a complex scenario where the implementation of data protection and e-commerce requirements will have different implications.

Aerial view of Shanghai Highway at Night

The data protection regime under the Data Protection Act 1998 and General Data Protection Regulation (EU) 2016/679 (GDPR), which will become enforceable from

25 May, 2018, presents a number of key challenges to the ACVs industry. Those causing more concern are:

Consent

Personal data has to be collected for ACVs to work properly. Any journey would enable identification and tracking of individuals by multiple organisations. This personal data could be used by the car itself, insurers, other vehicles, traffic planners, the police, commercial organisations and infrastructure.

Unless there are valid reasons for processing such data without obtaining consent, for example, where processing is necessary for the performance of a contract, or for sensitive personal data where processing is necessary to protect the vital interests of individuals by the police, users’ consent must be obtained and kept secure.

This need for clear consent is making data controllers think about how privacy notices could be redesigned to ensure that users fully understand them before giving consent. Regulators including the Information Commissioner have mooted the possible use of standardised icons to represent different parts of the privacy notice.

Sharing personal data

Mapping the flow of data between the multiple organisations processing it and determining the security measures to be in place will be crucial to complying with the GDPR.

Where joint controllers, processors and sub-processors are involved in dealing with personal data the role and responsibilities of each party will have to be defined and agreed. Organisations would benefit from collaborating to identify identical and compatible purposes, which might help centralise processing to reduce the number of privacy notices given to each user.

The right to object

Enhanced individual rights in the GDPR such as the right to object will impact considerably on automated decision-making taken by ACVs. The industry needs to work out how users can object or withdraw their consent and build in systems to ensure that these rights are complied with.

Tracking and marketing

Marketers and other operators will use cookies and other tracking technologies when interacting with ACVs users, either because this might be necessary (e.g. use by the police), or to send targeted marketing to individual users.

Rush Hour Traffic on the M6 Motorway

This will also be affected by the forthcoming e-Privacy Regulation (the draft Regulation) for which a draft proposal was published on 10 January, 2017 by the European Commission. While the draft Regulation is at a very early stage, its default position is that all content, metadata and information stored on users’ devices is confidential – regardless of whether or not it is personal data.

The draft Regulation increases the scope of existing legislation and applies to ‘over the top providers’ like WhatsApp, Facebook Messenger and Skype, and applies a higher level of privacy rules for all electronic communications. It takes account of the Internet of Things, which the ACV industry falls into, ensuring privacy of machine-to-machine communications.

Industry bodies are pushing for this sector to be allowed to self-regulate to avoid stifling innovation with red tape and having to deal with legislation that cannot keep pace with the rate of change. To date, legislators and regulators seem to be alive to those requests and are keeping a watchful eye on the progress.

The industry should also consider whether it needs any special positive treatment to ensure that privacy requirements do not strangle the societal benefits that ACV could bring, for example looking for statutory permission to share some level of data for road maintenance, traffic management, route planning or emergency service response.

As ever with privacy, the issue is striking the correct balance that permits innovation without putting any individual’s identity at risk.

The author of this blog is Rocio De la Cruz, principal associate at Gowling WLG

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow

RECENT ARTICLES

Get a US$50 Amazon voucher for sharing your IoT brand knowledge

Posted on: March 28, 2024

We want to know what you know about the IoT space. Just 3 minutes could earn you a US$50 Amazon digital gift card!

Read more

Enhance EV charging performance with cellular connectivity

Posted on: March 28, 2024

Electric vehicles (EVs) are steadily growing their market share at the expense of internal combustion engine vehicles. The growth is fuelled by several factors. Perhaps most importantly, prices for EVs have started to drop as competition in the industry is intensifying. New players and models are emerging, prompting several established EV makers to lower their

Read more
FEATURED IoT STORIES

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more