Consumers can expect many benefits from their cars’ increased data collection programs, running the gamut from simple location services like GPS and OnStar to “networked” cars that can communicate their location with other cars on the road to prevent accidents. In the near-future, data collection will even allow cars to care for themselves: technologies currently exist that can spot and diagnose internal mechanical problems long before such problems would have become apparent to a cars’ owner, and cars are increasingly able to download patches directly from their automaker without ever needing to be taken to a mechanic.
As is usually the case when it comes to big data however, the benefits that come from increased collection also bring dangers. Speaking on a panel at the Washington Auto Show last Wednesday, Federal Trade Commissioner Maureen K. Olhausen advised the crowd that as the collection and disseminated of data by cars continues to increase, the automotive industry will need take reasonable steps to secure car owner and driver information or face the possibility of federal enforcement actions.
As reported by Law 360, Olhausen declared that automakers “need to take into account the security of information for connected cars and connected trucks and the security of those systems.”
Olhausen focused particular attention during the panel on automaker’s need to be transparent with consumers concerning the collection and use of data, noting that existing rules promulgated pursuant to the Federal Trade Commission Act would likely apply in situations where automakers are not careful about telling consumers what information is being collected from them, how that information is being used/stored, and who that information is being shared with. Olhausen also highlighted the importance of securing any such information collected, both when stored internally and when shared with third parties.
Concerning data sharing, Olhausen also explained that to the extent information needs to be shared with third parties, automakers should be exploring technologies to ensure that they can control what information is shared and what information remains out of reach. For example, Olhausen noted that automakers should have ways to control what information auto mechanics can collect and store when a car is brought into them for servicing. She pointed out that this type of control is especially important when it comes to networked cars, as a single car might be sharing location and other relevant information with hundreds of other devices on any given road trip.
Finally, Olhausen reiterated the potential danger presented by the possibility of physical and remote hacking of increasingly connected cars, and emphasized the FTC’s position that if car companies fail to take reasonable precautions to protect against these types of intrusions, the FTC might be forced to take action in those cases as well: “if the company had failed to take reasonable precautions — reasonable precautions based on the technology available — the level of threat and the standard of the industry and physical harm would certainly be considered a substantial injury that would meet the kind of requirements for an enforcement action.”
Overall, Olhausen didn’t surprise any industry analysts or experts with her remarks. That being said, the FTC’s increased willingness to discuss privacy issues in the context of data collection by cars is a sign to automakers that they need to stay ahead of the curve or face the possibility of a wreck.