By Dr. Jetzabel Serna and Mario Hoffmann
Privacy is a fundamental right. Regulations such as the European General Data Protection Regulation (EU GDPR) and the California Consumer Privacy Act (CCPA) have been implemented to provide digital privacy and data protection standards. But how do we address privacy concerns that arise from the ever-changing automotive (driverless) technology?
In the era of autonomous driving and connected cars, privacy in automotive has become a crucial and challenging element of the engineering process for car manufacturers as well as their suppliers. In particular, driver assistance systems and automated driving are two important fields in automotive which require a huge amount of data, including personally identifiable information (PII), in order to function and increase overall safety. Another example is Event Data Recorders, the vehicle’s “black box,” which records a very specific set of data in order to derive and analyze the vehicle’s exact status and behavior in case of an accident. Obviously, this sensitive data set requires explicit and very restrictive access controls. Even a single Vehicle Identification Number (VIN) as a unique identifier in field returns very quickly becomes sensitive information which needs to be handled according to data protection regulations.
HIGH-LEVEL AUTOMOTIVE PRIVACY PROTECTION GOALS
As defined by the EU GDPR, PII is any information relating to an identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to a number of identifiers such as a name, an identification number, location profiles, IP addresses, VINs, etc. Furthermore, the EU GDPR defines a set of high-level data protection goals independent of its application domain. Let’s try to derive some impact for automotive mobility products and services:
- Data Protection by Design and Default
Privacy has to be considered by the architecture design of every automotive system, and the strictest privacy settings have to be applied by default. This means that should the end user want to deactivate privacy settings, or make them more moderate, they can choose to do so of their own accord.
Consumers need to be aware of what information is being collected, processed, and accessed from them by whom and for which purpose. This can be achieved by implementing transparent and user-friendly tools and interfaces, such as privacy-friendly Human-Machine Interfaces (HMIs).
- User Consent
Consumers need to be aware of the mechanisms for exercising their rights and limiting the collection and use of their data. To address this, different levels of consent should be incorporated into the design of automotive systems that allow individuals to exercise informed decisions, whenever needed, about the data being shared.
- Purpose Limitation
PII must be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Should the purpose of collection change, new consent needs to be given.
- Right to be Forgotten
Car manufacturers and suppliers shall routinely delete person-related data if there is no requirement to keep it. Furthermore, it is necessary to establish easy processes and tools for consumers to request their personal data to be deleted.
- Data Portability
Car manufactures shall provide consumers with user-friendly tools and mechanisms for downloading, importing, and exporting data that has been collected from them. This is particularly challenging when considering the vast amount of data expected in connected cars from consumers’ activity.
However, privacy and data protection requirements are just one more set of requirements in a long list of automotive requirements. There is also safety, cybersecurity, performance, timing, comfort, and – last but not least – cost requirements which may affect privacy concerns and sometimes even contradict them. As a result, car manufacturers and suppliers need to find the right balance between compliance and many other interests – not an easy task.
Now in 2020, two years after the application of the EU GDPR, automotive mobility products and services are just around the corner – and with them an enormous amount of personally identifiable information. Fulfilling compliance to international data protection regulations will generate multiple impacts to the Product Life Cycle. The Threat Analysis and Risk Assessment needs to be extended by a Data Protection Impact Assessment, the Architecture by Privacy by Design elements, and the testing by specific procedures to evaluate correctness of privacy controls. Finally, data breaches need to be handled by the Incident Response Management. Sounds like a three-year implementation plan for business strategists, lawyers, quality as well as the cyber and the incident response team. Let’s go!
The authors, Dr. Jetzabel Serna and Mario Hoffmann, are the Cybersecurity Knowledge Manager and the Head of Security & Privacy Consulting respectively, at Continental Teves AG.
Editor’s Note: The views expressed by the author are not necessarily those of the Global Cyber Alliance.