The Alliance of Automobile Manufacturers (AMM) and Global Automakers (GA) have unveiled a set of privacy protection principles committing car manufacturers to “take certain steps to protect the personal data generated by their vehicles” and instil data privacy confidence for motorists.
According to GA, the principles’ fundamentals are based on the US Federal Trade Commission’s (FTC) Fair Information Practice Principles (FIPPS) which, in turn, “rest on privacy practice frameworks used in the US and around the world for over 40 years”.
GA chief executive officer John Bozzella said that “the privacy principles reflect the reality that automobiles increasingly make use of innovative technologies designed to save lives, time and the environment. As modern cars not only share the road but will in the not too distant future communicate with one another, vigilance over the privacy of our customers and the security of vehicle systems is an imperative.”
AMM president and chief executive officer Mitch Bainwol added that “Automakers believe that strong consumer data privacy protections are essential to maintaining the trust of our customers. New automotive technologies and services are providing our customers with tremendous benefits…….. Providing such features in a transparent way is important to both customers and automakers. Our privacy principles reflect a major step in protecting personal information collected in the vehicle.”
Of the implications for the European market, Germany-based data protection specialist Stephan Appt of Pinsent Masons said
“The principles are meant to apply to US consumers, but if they were to be rolled out and applied to vehicles produced for the European market, they would require a considerable degree of ‘fine tuning’. Privacy regimes in European countries are amongst the strictest worldwide and data protection authorities, in particular in Germany, have put the use of data generated by connected cars high on their regulatory agenda. US carmakers are well advised to review the European picture and consider EU privacy requirements early in the design and development process.”
Appt continued that “The Article 29 Working Party, which is the representative body of data protection authorities in each EU member state, recently made clear that any equipment used in an EU country triggers the applicability of European data protection laws. Consequently, US carmakers are subject to European data protection laws when processing data originating from connected cars on European roads. ………The risks to firms who breach EU regulations are set to become higher as potential fines could be up to 5% of a firm’s annual worldwide turnover.”