Why It Matters

In the context of advanced and automated safety technologies, consumer acceptance is critical to effective and timely deployment. These technologies generate, use and may share a significant amount of vehicle data likely to be viewed by private citizens as sensitive and personal (for example, routes frequently travelled and precise addresses visited). Consumer avoidance of new technologies because of concerns about data privacy may slow deployment and undermine promising safety benefits (i.e., lives saved and injuries avoided).  

Key Federal Agencies

Although NHTSA has broad regulatory authority over the safety of passenger vehicles, it is the FTC that is the primary Federal agency responsible for protecting consumer privacy. The FTC and NHTSA staff meet, coordinate, collaborate and communicate frequently on privacy issues related to motor vehicles, including those involving new technologies such as connected and automated safety systems. Most recently, in June 2017, the FTC and NHTSA jointly held a well-attended workshop in Washington, DC, to examine the consumer privacy and security issues posed by automated and connected motor vehicles. For information,visit: FTC website.

The Federal Trade Commission

The FTC has authority to bring actions against companies or individuals that engage in unfair or deceptive acts or practices, including those involving vehicle data privacy and security. The agency uses law enforcement, policy initiatives, and consumer and business education to accomplish its mission. In the motor vehicle context, for example, the FTC could use its enforcement authority in appropriate circumstances to bring an action against an automaker that uses a consumer’s data in a way that violates the manufacturer’s stated privacy policies.

As the primary agency with authority over consumer privacy, the FTC has ongoing efforts related to protecting the privacy of consumers who use connected devices, which includes connected vehicles. The FTC and the FTC staff have convened stakeholder forums and issued formal and informal guidance, including reports and blog posts discussing security and privacy best practices for businesses. For example, a 2016 FTC business blog post provided advice to rental car companies on (how to protect consumer privacy in connected rental cars. For more information, visit the FTC.

Voluntary Guidance: Automated Driving Systems

NHTSA’s voluntary guidance on Automated Driving Systems is an example of our use of voluntary, non-regulatory guidance to address consumer privacy and acceptance issues that may slow deployment of promising vehicle safety technologies. The agency has engaged in an active dialogue with the FTC, manufacturers, privacy advocates, and other stakeholders about the scope and mitigation of potential privacy impacts on consumers that could stem from automated driving systems. A recent highlight of this ongoing dialogue was NHTSA’s sponsorship with the FTC of the June 2017 workshop examining consumer privacy and security issues posed by automated and connected motor vehicles. 

In November 2017, ADS 2.0: A Vision for Safety replaced the FAVP as the policy framework and NHTSA’s operating guidance for ADS. NHTSA intended A Vision for Safety to be a clearer, more streamlined and less burdensome guidance document. In so doing, NHTSA reiterated that “privacy considerations are critical to consumer acceptance of ADS and should be taken into account throughout the design, testing and deployment process.” The agency also indicated that it would continue to work closely with the FTC when motor vehicle safety matters have potential consumer privacy implications.