[co-author: Laurie Lai]

The Federal Trade Commission (FTC) and National Highway Traffic Safety Administration (NHTSA) are co-hosting a workshop on June 28, 2017, to explore the privacy and security issues raised by automated and connected vehicle technologies. The agencies are looking to explore the types of data such technologies collect, store, transmit, and share; the potential benefits and challenges posed by the technologies; the privacy and security practices of vehicle manufacturers; the roles that federal agencies should play in regulating privacy and security issues; and how self-regulatory standards apply to connected vehicle privacy and security issues.

In advance of the workshop, the FTC and NHTSA are seeking public comment on privacy and security issues. Comments may be submitted through April 20, 2017, and the agencies have noted the following topics of interest:

• What data do vehicles with wireless interfaces collect/store/transmit, and how is the data used and shared?
• How do these vehicles integrate data into their functionality? How do consumers benefit from the collection and use of their information?
• What are the current roles of vehicle manufacturers, parts suppliers, technology companies, and other stakeholders in collecting data and ensuring security? How are these roles expected to evolve?
• What are the vehicle manufacturers’ privacy and security policies and practices? How are those policies and practices communicated to consumers? What choices are consumers given about how their data is collected, stored, and used? Who owns the data?
• What, if any, privacy and security harms can arise from connected vehicle manufacturers and their service providers’ collection and use of data? What is the likelihood of such harms?
• What privacy and security issues might arise from consumer operation of connected vehicles, including use of third-party aftermarket products that can plug into vehicle diagnostic systems, geolocation systems, or other data-generating aspects of connected vehicles?
• What evidence exists regarding consumer perceptions of connected vehicles and their data collection and use practices?
• What are the roles of the FTC, NHTSA, and other federal government agencies with regard to the privacy and security issues concerning connected vehicles?
• What self-regulatory standards apply to privacy and security issues relating to connected vehicles?

The workshop and the public comments present industry with a valuable opportunity to educate the agencies about the ways in which they have already been addressing privacy and security concerns and to provide the agencies with feedback regarding possible legislative and regulatory proposals. For example, in late 2014, nearly all U.S. automakers, assisted by Hogan Lovells, developed and agreed to a set of baseline privacy protections for connected vehicle technologies. And U.S. automakers have been proactively addressing cybersecurity threats through mechanisms such as the Auto ISAC. The agencies will no doubt be eager to discuss how these measures have been implemented and are protecting consumers. In addition, in the last six months, NHTSA released guidance for companies that develop and deploy automated vehicle systems through the Federal Automated Vehicles Policy, issued on September 20, 2016, and the Cybersecurity Best Practices for Modern Vehicles, issued on October 24, 2016 and has sought comments relating to privacy and cybersecurity issues in its V2V notice of proposed rulemaking issued on December 13, 2016. The workshop and comments will allow industry to explain the impact on the connected and automated vehicle ecosystems were the guidance and regulatory proposals to be codified.

Comments may be submitted through April 20, 2017.