FTC Drives Autonomous Car Reg Focus Toward Privacy and Security

The constant slew of innovations and advancements in smart cars has so far left regulators struggling to define new rules to govern this space. The overlapping jurisdictions of three different agencies - the National Highway Traffic Safety Administration (NHTSA), the Federal Trade Commission (FTC), and the Federal Communications Commission (FCC) – with different priorities have only added to the complexity.

However, on November 22, the FTC announced that Bureau of Consumer Protection Director Jessica Rich filed a comment with NHTSA in response to its request for comments on its September 2016 Federal Automated Vehicles Policy. The comment commends NHTSA in its inclusion of consumer privacy and cybersecurity guidance, signaling its support while also asserting the FTC’s position to assist in the future of smart cars. NHTSA has the mandate to regulate motor vehicle safety, but has not strongly established privacy and security as safety priorities.
“Information collection, transmission, storage, and analysis are integral to realizing a vision of vehicles that are significantly safer and more efficient than the cars we drive today,” she writes. “Therefore, it is appropriate that the Policy Report, in addition to emphasizing vehicle safety, includes recommendations designed to ensure that privacy and security issues are considered throughout the vehicle lifecycle, particularly in the design phase.”
In the comments, the FTC emphasizes that “privacy has been a critical part of the FTC’s consumer protection mission” and “a chief focus of the FTC’s privacy and security efforts has been connected devices and the Internet of Things,” citing the ASUSTek case we previously covered and other ongoing efforts. While NHTSA has the driver’s seat, the comments demonstrate the FTC’s focus and preferred involvement as autonomous car technology continues to develop. As all three regulators attempt to control smart cars across different technical and enforcement capacities, the future of the industry makes cybersecurity and data protection a shared and complementary objective.

Continue Reading