European Commission Expert Group Issues Connected and Automated Vehicle Privacy Recommendations
In Short
The Development: The report "Ethics of Connected and Automated Vehicles" ("Report") presents the work of an independent European Commission Expert Group established to advise on specific ethical issues raised by connected and automated vehicles ("CAVs"). The Report aims to support stakeholders in the systematic inclusion of ethical considerations in the development and regulation of CAVs.
The Background: The Report sets forth 20 ethical recommendations ("Recommendations") concerning the future development and use of CAVs, grounded in the fundamental ethical and legal principles laid down in the EU treaties. The Recommendations cover three important areas in the context of CAVs: (i) road safety, risk and dilemmas; (ii) data and algorithm ethics; and (iii) responsibility.
Looking Ahead: Stakeholders will need to adhere to ethical principles, social needs and values. This may be achieved by bringing the Recommendations to specific policy or industry domains, defining the terms and time of a feasible implementation, and identifying the specific tools needed to translate them into effective policies and practices. In Europe, the Cooperative, Connected and Automated Mobility ("CCAM") Single Platform and in particular the future European Partnership on CCAM will play an important role in following up on the Recommendations.
The independent European Commission Expert Group's Report makes 20 recommendations on the ethics of CAVs, set forth within three main chapters: (i) road safety, risk and dilemmas; (ii) data and algorithm ethics; and (iii) responsibility. The Recommendations are intended to contribute to the responsible acceleration of progress toward a safer, cleaner and more efficient European transport system, provide guidance to policymakers in the development of regulations and topics, give confidence to manufacturers and deployers in the development of CAV technology and provide direction to researchers toward productive areas of study associated with CAVs.
The Recommendations are made actionable for three stakeholder groups: (i) manufacturers and deployers (e.g., car manufacturers, suppliers, software developers and mobility service providers); (ii) policymakers at national, European and international agencies and institutions, such as the European Commission and the EU National Ministries; and (iii) researchers at universities, research institutes and research and development departments. Although the Recommendations are not the position of the EU Commission itself, they should be closely observed and taken into account. They may well be seen as a basis for further industry standards, policies and legislative initiatives in the development and regulation of CAVs.
This Commentary highlights and describes the most significant Recommendations in the field of privacy and data protection, including possible outcomes for relevant stakeholders.
Report's Recommendation on Privacy and Data Protection
CAV operations require the collection and use of great volumes and varied combinations of static and dynamic data relating to the vehicle, its users and the surrounding environments. According to the Report, data subjects, therefore, need to be both protected and empowered, while vital data resources need to be safeguarded and made accessible to specific actors. In order to strike a balance between protection and empowerment, the Report determines in its Chapter 2 "data and algorithm ethics" the Recommendations on privacy and data protection.
Establishing a Valid Legal Basis: Requirements of Free, Informed and Explicit Consent in the Context of CAVs
With regard to establishing a valid legal basis for processing of personal data of CAV users, the Report emphasizes that CAV users should be able to effectively assert and exercise control over their personal data at all times. The Report points out that in the event that manufacturers and developers would like to collect personal data for purposes that are not necessary for the proper functioning of a CAV―such as, for example, (i) advertising; (ii) provision of mere convenient CAV functionalities; (iii) selling products to the CAV users; or (iv) sharing data with third parties―personal data should only be processed on a voluntary basis. According to the Report, all terms and conditions for providing data to others should adhere to free, informed and explicit consent. The Report concludes that otherwise, if no other legal basis can be established, such processing of personal data should be prohibited.
- The Report says that manufacturers and deployers should inform CAV users about the consequences if they do not agree to share their personal data. The data subject's objection to collecting or sharing of personal data that is not necessary for the proper and safe operation of the CAV must not result, however, in a de facto refusal of service. Therefore, the Report concludes that stakeholders should work together toward formulating more nuanced and alternative approaches to consent-based user agreements for CAV services.
- According to the Report, those alternative approaches should go beyond "take-it-or-leave-it" concepts of consent. They should include active and continuous consent options to enable consumer choice. Industry standards also should offer robust data protection without relying solely on consent. Because Article 7 of the General Data Protection Regulation ("GDPR") prohibits forced consent, manufacturers and deployers, especially mobility service providers, should therefore offer consent management tools.
- The Report points out that alternative concepts or options of consent procedures need to be further explored and developed. An ethical alternative to the "take-it-or-leave it" concept of consent could be to use data management systems with appropriate software tools that allow data subjects to choose strategies for handling their data. Those tools would eliminate the impractical requirement for data subjects to give separate consent on every issue of data use and also ensure greater data control, traceability and transparency.
- Moreover, the Report concludes that manufacturers and deployers ought to facilitate data subjects' control over their personal data by providing specific mechanisms and tools to exercise their rights. Those rights include data access, rectification, erasure and restriction of processing. Depending on the particular legal basis of the processing, data subjects may have the right to object or right to data portability (e.g., transferring data to another service provider).
Providing Sufficient Information: Developing New Transparency Strategies
As the Report says, mobility-induced conflicts of interests are largely unavoidable due to the need for CAVs to move through public spaces. This may lead to intentional but nonconsensual monitoring of public spaces, collecting of traffic-related data, and use for potential research and development as well as use for public matters.
Therefore, the Report recommends the development of new and creative transparency standards (e.g., via textual, visual, audio and haptic elements) to communicate and mitigate privacy risks effectively to data subjects and to inform them about data protection rights (e.g., opt-out, deletion of personal data, data access, recourse mechanisms, alternate routes and point destinations).
In addition, the Report points out that policymakers should work with manufacturers and deployers to develop meaningful, standardized transparency strategies to inform road users of data collection in a CAV operating area that may, directly or indirectly, cause risks to their privacy. This includes digital and near "real-time" updates for road users who are approaching zones where collection of potentially privacy intrusive data may occur. In-vehicle or wearable smart-device displays, audio-visual aids on roads (e.g., street signs, flashing icons, beeping sounds), or other minimally privacy-invasive communication modes with textual, visual, audio or haptic elements could communicate that risk. This would allow the communication of privacy risks and data protection rights to a wide and diverse audience.
Facing New Privacy Risks: Data Protection at Group Level
The Report also identifies a new, significant privacy risk arising from the collection, assessment and sharing of nonpersonal data, third-party personal data and anonymized data.
Machine learning algorithms are able to infer personal private information about data subjects based on nonpersonal, anonymized data or personal data from group profiles. However, those data may not be subject to data protection rights. A particular challenge lies with the protection of privacy when multiple data subjects are involved (e.g., driver, pedestrian, passenger or other drivers). This raises the question of who should be granted rights regarding data that concern various data subjects at the same time.
Therefore, the Report recommends that policymakers should develop legal guidelines that protect data subjects' rights already at group level (e.g., driver, pedestrian, passenger or other drivers' rights). Those guidelines should outline strategies to resolve possible conflicts between data subjects that have claims regarding the same data (e.g., location data, computer vision data), or to resolve disputes between data subjects, data controllers and other parties (e.g., insurance companies). Furthermore, the Report states that policymakers should develop new legal privacy and data protection guidelines to govern the collection, assessment and sharing of nonpersonal data, third-party personal data and anonymized data, if these are likely to pose a privacy risk for individuals.
Other Relevant Guidance on CAV Privacy Issues: Adoption of EDPB Draft Guidelines 1/2020
On 9 March 2021, the European Data Protection Board ("EDPB") adopted a final version of its draft guidelines on processing personal data in the context of CAVs and mobility-related applications ("Guidelines"). In contrast to the Report's more general ethical Recommendations for stakeholders, the Guidelines focus on the nonprofessional use of CAVs. The Guidelines provide specific examples of high-risk data processing activities and related compliance steps, including in relation to legal basis, retention, security and information requirements. In addition, the Guidelines cover compliance and integration of CAVs within the existing legal framework of the GDPR and the ePrivacy Directive.
Five Key Takeaways:
- Although the current Recommendations are not the position of the EU Commission itself, the Report emphasizes that they may be seen as a basis for further industry standards, policies and legislative initiatives in the development and regulation of CAVs. Stakeholders should monitor these and future Recommendations to anticipate future developments and regulation.
- To be able to obtain valid consent, stakeholders have to identify which processing of personal data is absolutely necessary for the proper and safe operation of CAVs and differentiate such essential processing from other optional or "nice-to-have" processing activities. Manufacturers and deployers, especially mobility service providers, are encouraged to offer consent management tools.
- According to the Report, the data subject's objection to collecting or sharing of personal data that are not necessary for the proper and safe operation of the CAV must not result in a de facto refusal of service. This issue will need more nuanced approaches to obtain valid consent. Those approaches should go beyond "take-it-or-leave-it" alternatives.
- CAVs have the potential to pose significant privacy risks also with regard to nonpersonal data and data at group levels. This development could lead to nonpersonal data also coming under the spotlight of future developments and regulation of CAVs.
- The Report encourages policymakers to work with manufacturers and deployers to develop meaningful, standardized transparency strategies to adequately inform affected data subjects of data collection in a CAV. It advises new creative and active information systems that go beyond providing written information and exceed current standards.