Your Next Car Will Come With a Privacy Policy

While recent discussion about the advent of the self-driving car and the general advancement of automotive technology tends to focus on hypothetical “What if?” scenarios involving the murder of some theoretical child in the street at the “hands” of a cold-blooded robot, other slightly more real consequences for drivers are slipping quietly under the radar.

For instance, your next car will have a privacy policy.

Lawmakers in the United States House of Representatives met in mid-October to participate in a hearing entitled “Examining Ways to Improve Vehicle and Roadway Safety“.

When the new rules are put in place, the next generation of cars will not only be safer owing to their array of sensors and data collection software, but auto makers will also be required to submit to the government a privacy policy detailing how data relating to you and your driving behaviour are used and stored.

In among the otherwise banal topics covered in the proposed legislation’s discussion draft, like the “NHTSA report on seat belts for school buses” or a spellbinding section on “Recall obligations under bankruptcy”, is an entire section on “Privacy, hacking prohibition, and cyber security”, which presents new legal territory for automakers and legislators alike.

Nonetheless, these changes are being hammered out, and although it’s currently only the subject of pending American legislation, auto industry regulations are typically adopted north of the border quite quickly.

The discussion draft proposes that “Not later than 1 year after the date of enactment of this chapter, each manufacturer of motor vehicles sold or offered for sale in the United States shall develop and implement a privacy policy outlining the practices of such manufacturer regarding the collection, use, and sharing of covered information.”

Under the proposed new rules, auto manufacturers that don’t submit a privacy policy or who violate the terms of that policy will be subject to fines of $5,000 per day, up to a maximum of $1 million and will be able “to retain the covered information no longer than is determined necessary by the manufacturer for legitimate business purposes.”

While the automotive intelligence being discussed in the media presents a version of HAL from 2001: A Space Odyssey, the murderous robot who remorselessly kills for the greater good of the overall mission, it’s worth bearing in mind that this same intelligence is gathering data that can be parcelled up and sold to third party collection agencies, whether those be insurance companies, road services like OnStar or the CAA/AAA, or just plain marketers who know that you’re exactly one kilometre away from a rest stop that happens to have a McDonald’s in it and that you might appreciate a push notification with a coupon attached.

Right now, there are no rules around any of this, which is why the U.S. government is drawing up legislation.

Gartner forecasts that by 2020, there will be a quarter billion connected vehicles on the road in in U.S., “enabling new in-vehicle services and automated driving capabilities.”

So while ethical dilemmas involving least-harm scenarios about who it would be better for the computer in your car to kill during an accident are interesting to talk about on the Internet, the more practical debate about automotive data privacy has been taking place without a whole lot of comment.