Daniel Therrien, the Privacy Commissioner of Canada, commented on the privacy implications of connected cars in a statement to the Canadian Senate Committee on Transportation and Communications last week:

Modern Cars are more than simply vehicles. They have become smartphones on wheels — mobile sensor networks, capable of gathering information about, and communicating with, their internal systems, other vehicles on the road, and local infrastructure. This information is not strictly about the car; it can be associated with the car’s driver and occupants, and used to expose patterns or make inferences about those people for a number of purposes not all related to safe transportation.

Therrien’s office has funded two extensive research projects in this field: the BC Freedom of Information and Privacy Association’s The Connected Car — Who is in the driver’s seat and the University of Ontario Institute of Technology’s Paving the way for Intelligent Transport Systems: The Privacy Implications of Vehicular Infotainment Platforms.

In his statement, he went on to say:

The benefits available to Canadians through the arrival of connected and autonomous cars may be significant. However, consumers’ trust in these technologies will only take hold when the appropriate balance is reached between information flow and privacy protection is struck.

Distinguishing between the unobtrusive “telematics” of vehicular sensors and driver/passenger-accessible “infotainment systems”, Therrien highlighted three specific areas of privacy concerns:

  • In the face of the complex data flows involving many different players in the Connected Car ecosystem, we must ask ourselves who is ultimately accountable for what? More concretely, which company or public sector institution would the average driver contact when they have a privacy concern?

  • When a person sells their car, or returns their rental, is there an easy mechanism to ensure that infotainment systems are thoroughly wiped such that no one has inappropriate access to information about them?

  • More fundamentally, how are collections, uses and disclosures of information being communicated to individuals, so that they have a real choice in providing consent or not to services that are not essential to the functioning of the car?

The Privacy Commissioner’s Office is currently “examining potential enhancements to the consent process” after finding that Canadians are unsatisfied with the lengthy, incomprehensible privacy policies favored by automakers. It will soon be promoting a Code of Practice for Connected Cars, likely including guidelines for “Privacy by Design” schemes.

Commissioner Therrien’s statement can be read in its entirety here.