Vehicle Data Privacy
While advanced safety technologies have the potential to provide enormous safety, convenience and other important benefits to consumers, stakeholders frequently raise data privacy concerns as a potential impediment to deployment. NHTSA takes consumer privacy seriously, diligently considers the privacy implications of our safety regulations and voluntary guidance, and works closely with the Federal Trade Commission (FTC) -- the primary Federal agency charged with protecting consumers’ privacy and personal information -- to facilitate the protection of consumer information.
Why It Matters
In the context of advanced and automated safety technologies, consumer acceptance is critical to effective and timely deployment. These technologies generate, use and may share a significant amount of vehicle data likely to be viewed by private citizens as sensitive and personal (for example, routes frequently travelled and precise addresses visited). Consumer avoidance of new technologies because of concerns about data privacy may slow deployment and undermine promising safety benefits (i.e., lives saved and injuries avoided).
Key Federal Agencies
Although NHTSA has broad regulatory authority over the safety of passenger vehicles, it is the FTC that is the primary Federal agency responsible for protecting consumer privacy. The FTC and NHTSA staff meet, coordinate, collaborate and communicate frequently on privacy issues related to motor vehicles, including those involving new technologies such as connected and automated safety systems. Most recently, in June 2017, the FTC and NHTSA jointly held a well-attended workshop in Washington, DC, to examine the consumer privacy and security issues posed by automated and connected motor vehicles. For information,visit: FTC website.
Authority Roles and Responsibilities
The Federal Trade Commission
The FTC has authority to bring actions against companies or individuals that engage in unfair or deceptive acts or practices, including those involving vehicle data privacy and security. The agency uses law enforcement, policy initiatives, and consumer and business education to accomplish its mission. In the motor vehicle context, for example, the FTC could use its enforcement authority in appropriate circumstances to bring an action against an automaker that uses a consumer’s data in a way that violates the manufacturer’s stated privacy policies.
As the primary agency with authority over consumer privacy, the FTC has ongoing efforts related to protecting the privacy of consumers who use connected devices, which includes connected vehicles. The FTC and the FTC staff have convened stakeholder forums and issued formal and informal guidance, including reports and blog posts discussing security and privacy best practices for businesses. For example, a 2016 FTC business blog post provided advice to rental car companies on (how to protect consumer privacy in connected rental cars. For more information, visit the FTC.
Voluntary Guidance: Automated Driving Systems
NHTSA’s voluntary guidance on Automated Driving Systems is an example of our use of voluntary, non-regulatory guidance to address consumer privacy and acceptance issues that may slow deployment of promising vehicle safety technologies. The agency has engaged in an active dialogue with the FTC, manufacturers, privacy advocates, and other stakeholders about the scope and mitigation of potential privacy impacts on consumers that could stem from automated driving systems. A recent highlight of this ongoing dialogue was NHTSA’s sponsorship with the FTC of the June 2017 workshop examining consumer privacy and security issues posed by automated and connected motor vehicles.
In November 2017, ADS 2.0: A Vision for Safety replaced the FAVP as the policy framework and NHTSA’s operating guidance for ADS. NHTSA intended A Vision for Safety to be a clearer, more streamlined and less burdensome guidance document. In so doing, NHTSA reiterated that “privacy considerations are critical to consumer acceptance of ADS and should be taken into account throughout the design, testing and deployment process.” The agency also indicated that it would continue to work closely with the FTC when motor vehicle safety matters have potential consumer privacy implications.
Documents appearing in the External Information portion of this Web site are provided in the interest of information exchange. The opinions, findings and conclusions expressed in the documents are those of the author(s) and not those of the Department of Transportation or the National Highway Traffic Safety Administration. The United States Government does not endorse products or organizations.
Data Generated by Vehicles
Automotive Industry Privacy Principles
- Global and Alliance FTC Letter Regarding Consumer Privacy Protection Principles for Vehicle Technologies and Services (PDF, 1.5 MB)
NHTSA welcomes feedback on the draft content of its Vehicle Data Privacy web page. The Agency will accept suggestions and comments via email to NHTSAPrivacyCounsel@dot.gov.
Search for more resources
SAE/NHTSA Cybersecurity Workshop Remarks
||Speeches and Presentations||02/05/2021|
CBPSMV Federal Register notice
Cybersecurity Best Practices
NHTSA Seeks Comment on Cybersecurity Best Practices for the Safety of Modern Vehicles