Appearance before the Senate Committee on Transportation and Communications (TRCM) on the Study on the regulatory and technical issues related to the deployment of connected and automated vehicles

March 28, 2017
Ottawa, Ontario

Opening Statement by Daniel Therrien
Privacy Commissioner of Canada

(Check against delivery)

---

Mister Chair, members of the Committee,

Thank you for inviting me here to discuss the privacy issues associated with connected and automated vehicles.

Context

Modern Cars are more than simply vehicles. They have become smartphones on wheels — mobile sensor networks, capable of gathering information about, and communicating with, their internal systems, other vehicles on the road, and local infrastructure. This information is not strictly about the car; it can be associated with the car’s driver and occupants, and used to expose patterns or make inferences about those people for a number of purposes not all related to safe transportation.

The benefits available to Canadians through the arrival of connected and autonomous cars may be significant. However, consumers’ trust in these technologies will only take hold when the appropriate balance is reached between information flow and privacy protection is struck.

In order to canvass the privacy issues associated with the Connected Car, my Office has funded two arms-length research projects on the topic through our Contributions Program — the British Columbia Freedom of Information and Privacy Association’s “The Connected Car — Who is in the driver’s seat” and the University of Ontario Institute of Technology’s “Paving the way for Intelligent Transport Systems (ITS): The Privacy Implications of Vehicular Infotainment Platforms”. The Committee may find these of interest as it pursues this study — my own comments today have been helpfully informed by both these reports.

Types of data

There are two primary streams of data in a Connected Car.

The first is “telematics” — the sensors which capture a broad expanse of information about vehicle systems. From this data, further information can be extrapolated about the vehicle’s driver, including how and where they drive.

The second stream comes from “infotainment systems.” As the name suggests, these are conduits for information related to navigation, traffic, weather, or entertainment, such as streaming audio. These systems can be paired with a driver’s phone to enable hands-free communication, giving the system access to the user’s contact list, as well as incoming calls, text messages and emails.

Privacy challenges

The potentially highly revealing data generated by a Connected Car raises important privacy questions, including:

• In the face of the complex data flows involving many different players in the Connected Car ecosystem, we must ask ourselves who is ultimately accountable for what? More concretely, which company or public sector institution would the average driver contact when they have a privacy concern?
• When a person sells their car, or returns their rental, is there an easy mechanism to ensure that infotainment systems are thoroughly wiped such that no one has inappropriate access to information about them?
• More fundamentally, how are collections, uses and disclosures of information being communicated to individuals, so that they have a real choice in providing consent or not to services that are not essential to the functioning of the car?

On this last point, my Office is currently examining potential enhancements to the consent process, to address many of the challenges raised by the flow of large amounts of data through complex ecosystems, as can be seen in the connected car industry and more broadly in the Internet of Things.

During our consent consultations, we heard that Canadians are greatly concerned about the lack of clarity and accessibility of privacy policies. They claimed that posting a legalistic privacy policy on a website is not an effective means of providing notice, although it appears to be the method chosen by automakers.

I agree with prior witnesses who spoke of the importance of Privacy by Design, whereby companies should consider privacy from the outset, and from a whole organization perspective, when they design new technologies such as the Connected Car.

But car makers do not have to go about this process alone; there is benefit to stakeholders coming together to set appropriate standards in order to bring certainty to both industry and consumers. Absent comprehensive legislation, automakers in the United States came together to develop and commit to a series of privacy principles similar to those found in PIPEDA. In Canada, my Office will soon be funding, through our Contributions Program, an arms-length project which aims to develop a Code of Practice for Connected Cars.

To the extent that they can ensure compliance with — or even surpassing of — manufacturers’ obligations under PIPEDA, efforts such as these should be encouraged.

Conclusion

Though there are challenges, the Connected Car and privacy protection are not inherently opposed. Done appropriately, Canadians will be more comfortable in adopting the benefits of connected and autonomous cars knowing that their privacy will be protected

Thank you for inviting me to appear before you today. I would be happy to answer any questions you may have.