Federal Trade Commission (FTC) Acting Chair Maureen Ohlhausen advocated for “regulatory humility” in FTC’s approach to automated vehicles in Washington, D.C., on June 28, 2017, at the Connected Cars workshop hosted by the FTC and the National Highway Traffic Safety Administration (NHTSA). The conference brought together government regulators, academics, consumer advocacy organizations, and other industry stakeholders to explore consumer privacy and security issues to identify a road map for the future of connected cars.
With Business Insider forecasting approximately 380 million connected cars on the road by 2021, panelists at the FTC workshop spoke to the pressing need to reach a consensus on industry regulation. Ohlhausen’s “regulatory humility” approach helped frame discussions, as panelists emphasized the potential benefits of highly automated vehicles, and the importance of carefully prioritizing data privacy and security challenges in a way that promotes industry innovation.
We offer a summary of the key takeaways from the workshop:
- Data Privacy & Security: Not all data are created equal
- Panelists appeared to agree that not all data are created equal. In fact, many panelists’ approach to data privacy and security were reminiscent of Ohlhausen’s dissent in Nomi Technologies, Inc., in which she advocated for regulatory restraint in deciding whether a data collection scheme resulted in material consumer harm. Many panelists advocated for this restraint in addressing data privacy and security in connected cars.
- For example, Stephen Pattison, Vice President, Public Affairs of ARM, described device-agnostic data segmentation in which privacy management efforts are focused more on sensitive information like PII, than non-sensitive information such as road conditions. Steven Bayless, Vice President, Regulatory Affairs and Public Policy of Intelligent Transportation Society of America, echoed Pattison, stating that many manufacturers are already thinking about data in this way.
- At the same time, panelists acknowledged that connected cars face unique data security management challenges. For example, Ohlhausen and Andrew Koblenz, Executive Vice President for Legal and Regulatory Affairs and General Counsel for the National Automobile Dealers Association, discussed issues presented by multiple users in a vehicle. Dr. Miroslav Pajic, Assistant Professor in the Department of Electrical and Computer Engineering at Duke University, stated that multiple users increase security risks—the more data being collected from users, the more incentive there is to hack the vehicle. Syed Zaeem Hosain, Chief Technical Officer at Aeris Communications, emphasized that no security system is 100 percent secure. For now, acknowledging the dynamics of a burgeoning and disruptive industry trend, the FTC suggested that it will husband its resources to protect the most sensitive consumer data.