FIPA talks Connected Cars and Privacy at Senate Transport Committee
The Senate Transport and Communications Committee has begun its hearings into autonomous and connected vehicles, with its report due to federal Transport Minister Marc Garneau by the end of 2017. The minister asked the Senate committee to look into the issues surrounding this major technological development, including privacy.
After hearing from several panels of government officials and also from federal Privacy Commissioner Daniel Therrien, FIPA was called to testify earlier this month in Ottawa. Executive Director Vincent Gogolek was there, along with lawyer Philippa Lawson, who was the head researcher on our ground-breaking report The Connected Car: Who is in the Driver’s Seat?
That report was the centre of FIPA’s testimony, and it had already been favourably cited by Commissioner Therrien in his earlier testimony. The report was funded by the Commissioner’s Contributions Program.
FIPA drew the committee’s attention to the large amount of data that is being collected, the wide range of ‘partners’ of the automakers and the shortcomings and the limitations of the privacy policies that are supposed to set out the conditions for how our information is to be collected, used or disclosed by the automakers and their partners. We also pointed out that the Minister had given a speech a few weeks earlier where he stated that the federal government clearly has responsibility for three issues related to Connected Cars – privacy, cybersecurity and safety.
The Senators were interested in the privacy implications of vehicles connected to the internet, and their questions ranged from the nature and practicality of consent, whether there have been any consequences for companies who have been selling cars that are not compliant with the federal private sector privacy law, and how to ensure that Connected Cars are compliant with Canadian privacy laws.
You can watch the proceedings here.
Recommendations from FIPA’s Connected Car report:
The most effective way to protect data is not to collect or retain it in the first place. Hard limits on the collection of personal data should be the starting point for data protection standards in the industry. Our report recommended:
- Establishing data protection regulations for the Connected Car industry.
- Developing national data protection standards for usage-based insurance.
- Involving privacy experts in the design stage of Intelligent Transportation Systems, including Connected Vehicle research projects.
- Adopting Privacy by Design Principles and Related Tools, including:
- Establishing a Privacy Management Program
- Identifying and Avoiding Unintended Uses
- Being Open and Transparent
- Respect for User Privacy: Keep it User-Centric
- Working with device manufacturers, OS / Platform Developers, Network Providers, Application Developers, Data Processors to integrate controls and data minimization techniques