Privacy issues raised about driverless vehicle data

The prospect of driverless vehicles on South Australia’s roads has prompted public discussion about insurance liability and safety issues, while protecting the privacy of data collected by the vehicles remains another legal area that needs urgent attention, according to Flinders law student Nicholas Camac.
Camac's honours research was presented at the recent 2nd International Driverless Vehicles Summit held in Adelaide.
 
SA leads the way in driverless vehicle technology, with Flinders University preparing to trial driverless shuttle vehicles at Tonsley during 2018 – but the Flinders College of Business, Government and Law also is busy examining legal rights and responsibilities associated with the implementation of driverless vehicles.
 
Driverless vehicles will have the capacity to source vast amounts of data about passengers through cameras, audio files and location tracking – up to 4,000 gigabytes per eight hours. Such data will have huge commercial value, and therefore provides incentive for personal information to be exploited.
 
Camac asks whether existing law is robust enough to adequately protect the privacy of people using Connected Automated Vehicles, and how such data could be subject to third-party interests. He points to the possibility of this being accessed for commercial influence, such as vehicles being re-routed via specific businesses that have accessed the data. In a worst case scenario, it could mean that people lose control over their movements and paths of transportation.
 
Camac’s research also addresses the concerns of some people about driverless vehicle data amounting to constant surveillance, via law enforcement, but also insurance agencies, employers, advertisers and information brokers. Looking further ahead, if driverless software is to be mandated in all vehicles, it could mean that information could be used in unexpected ways. “It could track all your movements – where you go, who you meet, even what you purchase and where you shop. Driverless vehicle software has the capacity to do it all, so social acceptance of the technology will depend on how it is used, and what privacy safeguards are put in place,” said Camac. “Questions need to be asked now and the answers made clear about how the data will be used. We don’t yet know the business models of the companies involved, but transparency with users regarding the handling of their personal information will be critical.”
 
Camac argues that instead of introducing significant change to Australia’s Privacy Act, which underwent significant amendments in 2004, we should instead insist on a more clear declaration of privacy as a default position by all data collectors. “The Privacy Act incorporates various transparency obligations on those collecting personal information, but these obligations are often interpreted broadly by entities,” said Camac. “It needs to be made clear by companies collecting the data that people’s privacy is going to be protected from the beginning of the information life cycle.  The ideal approach would be to tackle the issue through technical privacy-by-design methods aimed at improving data minimisation."
 
Camac hopes his research will trigger wider legal discussion about data collection software and privacy. “Privacy issues often tend to be forgotten or neglected in the discussion about these vehicles, but this is what we should be doing now, long before the vehicles are introduced, so that measures can be put in place to ensure users are secure in their knowledge that their privacy is being protected."
 
Camac’s research builds on further studies by associate professor Tania Lieman, Dean of Law at Flinders University, about the legal position of personal injury compensation schemes, and Australian Consumer Law in relation to driverless vehicles, which are expected to be manufactured and sold by leading automobile manufacturers by 2020.

Privacy issues raised about driverless vehicle data

The prospect of driverless vehicles on South Australia’s roads has prompted public discussion about insurance liability and safety issues, while protecting the privacy of data collected by the vehicles remains another legal area that needs urgent attention, according to Flinders law student Nicholas Camac.
Camac's honours research was presented at the recent 2nd International Driverless Vehicles Summit held in Adelaide.
 
SA leads the way in driverless vehicle technology, with Flinders University preparing to trial driverless shuttle vehicles at Tonsley during 2018 – but the Flinders College of Business, Government and Law also is busy examining legal rights and responsibilities associated with the implementation of driverless vehicles.
 
Driverless vehicles will have the capacity to source vast amounts of data about passengers through cameras, audio files and location tracking – up to 4,000 gigabytes per eight hours. Such data will have huge commercial value, and therefore provides incentive for personal information to be exploited.
 
Camac asks whether existing law is robust enough to adequately protect the privacy of people using Connected Automated Vehicles, and how such data could be subject to third-party interests. He points to the possibility of this being accessed for commercial influence, such as vehicles being re-routed via specific businesses that have accessed the data. In a worst case scenario, it could mean that people lose control over their movements and paths of transportation.
 
Camac’s research also addresses the concerns of some people about driverless vehicle data amounting to constant surveillance, via law enforcement, but also insurance agencies, employers, advertisers and information brokers. Looking further ahead, if driverless software is to be mandated in all vehicles, it could mean that information could be used in unexpected ways. “It could track all your movements – where you go, who you meet, even what you purchase and where you shop. Driverless vehicle software has the capacity to do it all, so social acceptance of the technology will depend on how it is used, and what privacy safeguards are put in place,” said Camac. “Questions need to be asked now and the answers made clear about how the data will be used. We don’t yet know the business models of the companies involved, but transparency with users regarding the handling of their personal information will be critical.”
 
Camac argues that instead of introducing significant change to Australia’s Privacy Act, which underwent significant amendments in 2004, we should instead insist on a more clear declaration of privacy as a default position by all data collectors. “The Privacy Act incorporates various transparency obligations on those collecting personal information, but these obligations are often interpreted broadly by entities,” said Camac. “It needs to be made clear by companies collecting the data that people’s privacy is going to be protected from the beginning of the information life cycle.  The ideal approach would be to tackle the issue through technical privacy-by-design methods aimed at improving data minimisation."
 
Camac hopes his research will trigger wider legal discussion about data collection software and privacy. “Privacy issues often tend to be forgotten or neglected in the discussion about these vehicles, but this is what we should be doing now, long before the vehicles are introduced, so that measures can be put in place to ensure users are secure in their knowledge that their privacy is being protected."
 
Camac’s research builds on further studies by associate professor Tania Lieman, Dean of Law at Flinders University, about the legal position of personal injury compensation schemes, and Australian Consumer Law in relation to driverless vehicles, which are expected to be manufactured and sold by leading automobile manufacturers by 2020.