Love to drive? Did you know that the driverless car industry is estimated to be worth $90 billion within the next 15 years. As you get excited about the potential to watch Netflix (or sleep) during peak hour you might want to pause for a moment to consider that, alongside the benefits, each car will collect – daily – up to 12,000 GB of data about you; data that is not only of great commercial value but is vulnerable to potential cybersecurity threats.
There is often a gap between what people know about information collected about themselves and how it will be used. Understandably, with your movements set to be tracked across all elements of the day – from where you go to where you shop, what you buy and who you interact with it becomes increasingly imperative that the companies collecting the data have a greater onus to protect your privacy from the beginning of the information cycle by being more transparent about how the data will be collected and used.
Privacy laws in Australia apply to companies making more than $3 million. Essentially the laws require them to:
• only collect personal information relevant to their functions and activities;
• make people aware of personal information collection and how that information is used through an up-to-date privacy policy and collection notices provided at the time information is collected;
• only use and disclose personal information for the purpose for which it is collected, with the individual’s consent, and for limited other purposes; and
• keep personal information secure.
In terms of international precedent 20 US States have enacted laws pertaining to self-driving cars. There is also the AV Start Act currently before the US Senate which touches on a number of cybersecurity, data access and privacy concerns. Australia’s privacy principles reflect the guidance coming out in jurisdictions around the world for privacy in the context of autonomous vehicle technology.
One driverless car manufacturer Tesla says it’s possible to opt out of data sharing, but the company warns that this may cause “reduced functionality, serious damage, or inoperability”, including the disabling of software and firmware updates.
As a desire for improved road safety drives (no pun intended!) the introduction of self-driving cars across the globe it will be interesting to see how Australian law responds to an important need for the responsible and transparent use of personal information in an age of increasing data production.
The contents of this blog, current at the date of publication set out above, are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Legal advice about your specific circumstances should always be sought separately before taking any action based on this publication.