Data Protection Issues of Autonomous Driving

During the development and roll out of autonomous vehicles and the related systems, not only legal constraints that are arising from road traffic law need to be considered, but data protection laws as well. As there is an exponential rise in both volume and also the complexity of data, it is important to have clear legislation to strengthen data protection.

With autonomous technology becoming a reality, more and more data will be available – and the more data there is, the more stakeholders have interests in them. OEM´s, ICT firms, insurance firms, investigating authorities and many more are trying to get possession of this data, some of them with financial interests. It is not said without a reason that data is the gold of the 21st century.

The individual will get transparent in more and more parts of his life and autonomous driving will enhance this even more to the space of individual mobility. With this in mind, a solution will have to be found, which is able to satisfy the colliding interests.

On the business side, the interest of collecting data firstly concerns the ability of the vehicle to drive autonomously, but there are also concepts like car-2-car or car-2-X communication, which are based on the exchange of data between different vehicles and/or a controlling authority.

Additionally, demands for selling other services that require data to operate and the already mentioned financial interests, which are directly related to all kinds of data, have to be considered. All of those demands collide more or less with the interest in protecting the privacy of the customer.

Different purposes for collecting data

From a data protection point of view, it will be necessary to distinguish between those different needs and interests. At least differences have to be made between data necessary to run the owned vehicle, data required to help other cars operate, data collected and processed for additional services and data analytics respectively for financial interests.

Collecting and processing the data on the purpose of running the own vehicle might be in the interest of the customer. The kind of data processing should nevertheless be oriented on the data protection principles. This means especially data minimization and transparency.

The kinds of data might differ in the risk for the right to informational self-determination, the basis of all data protection laws. Each data collected from a private car is personalized, since at least the recipient knows which car has sent the data and in most cases the owner drives the car.

Because of this massive impact of the data protection regulation, concepts designed today should consider data protection regulation at an early stage of development to avoid the risk of gaining problems within this regulatory area.

Data protection issues regarding car-2-car and car-2-X communication

Another data protection issue occurs when having a deeper look at the concepts of car-2-car and car-2-X communication. In these cases, the personal data of one driver will be processed mainly for the advantage of other drivers and in general for safety reasons of road traffic. Especially, if other vehicles rely on receiving such data the question of how to justify the usage of data for this purpose arises.

This is due to the fact that today there is almost always a consideration between the interests of the affected person and the interests of the data processing authority, but not of third parties. Indeed, services using data of users for the benefit of third parties are already on the market, but they perform usually on the basis of user given consent.

With regards to the car-2-car and car-2-X scenarios, on the one hand it is questionable if such a system should depend on the consent of the users, especially in view of safety reasons. On the other hand the practical problem occurs, how to get the consent of the specific user of the vehicle or if the consent of the car owner is enough.

Already from a high level point of view, the data protection issues are not simple and have to be examined in detail and should already be considered during the development of the systems. Additionally, it will be necessary to have a close look at all the issues arising based on current substantive law and it needs to be examined whether the current legal framework is sufficient or if there is a need to create area specific regulation.

Are you ready to share your personal data with other vehicle owners for road safety? Tell us your reasons in our comment section.


Please note that this article expresses the opinions of the author and does not reflect the views of Move Forward.