Last week, the FTC stated support for the National Highway Traffic Safety Administration’s (“NHTSA’s”) approach to privacy and data security within the NHTSA’s proposed regulation relating to vehicle-to-vehicle (“V2V”) communications. The proposed rule, which would incorporate V2V technology into passenger cars and light trucks by 2019, is intended to enhance driver safety by aggregating and sharing data (such as a vehicle’s speed) from surrounding vehicles to generate safety warnings for drivers.
In a comment responding to the NHTSA’s proposed rule, the FTC noted three primary concerns relating to V2V communications, as described during the FTC’s “Internet of Things” workshop in November 2013:
- The ability of connected car technology to track consumers’ precise geolocation over time;
- Information about driving habits used to price insurance premiums or set prices for other auto-related products, without drivers’ knowledge or consent; and
- The security of connected cars, including the ability for third-parties to remotely access a car’s internal computer network
According to the FTC, the NHTSA’s V2V proposed rulemaking appropriately addressed these concerns through a deliberative, process-based approach that included collaboration with multiple industry and consumer stakeholders. The FTC also noted that the NHTSA designed the proposed V2V system to limit the data collected and stored to that which serves the intended safety purposes, and to ensure that the collected data cannot be used to identify a particular individual or vehicle. Lastly, with respect to the security of the collected data, the FTC supports the NHTSA’s decision to help mitigate the potential for unauthorized access to data by keeping the V2V device separate from other onboard computers.