On January 10, the FTC issued a report summarizing the themes and key takeaways from a recent workshop it jointly hosted with the National Highway Traffic Safety Administration (NHTSA) on privacy and security issues related to connected and autonomous cars.

The report – styled a “Staff Perspective” – noted several important themes that emerged from the joint workshop:

  • Companies “throughout the connected car ecosystem” will collect data from vehicles, including car manufacturers, component manufacturers, third-party component manufacturers, and auto insurance companies.
  • The data collected from vehicles will include not only aggregate and non-sensitive data but also “sensitive personal data” about the occupants of vehicles, including “fingerprint and iris pattern” data used for authentication purposes.
  • Given the variety of companies that will collect data and the types of data that will be collected, “consumers may be concerned about secondary, unexpected uses” of the data.
  • Connected and autonomous vehicles will present cybersecurity risks that can potentially be exploited.

Consistent with those themes, the report stressed that “addressing consumer privacy concerns is critical to consumer acceptance and adoption of the emerging technologies behind connected cars.”

It also stressed that the industry should voluntarily adopt “best practices” for mitigating cybersecurity risks, including industry-wide information sharing regarding cyber vulnerabilities, segregated network design, ongoing risk assessment and mitigation efforts, and implementation of government and standard-setting agency guidelines.

The FTC’s report is available here.