Who will own your driverless car's data?

Experts have warned the NSW parliament that the growth of driverless cars on state roads will be matched by an explosion of data and corresponding privacy headaches around who can use the information.

The state’s road safety committee has been investigating the potential ramifications of autonomous vehicles on NSW roads.

While stakeholders and policymakers have mulled over the question of who will be liable if a driverless car crashes - the owner, the manufacturer, the software developer? - they have also been warned about parallel battles likely to be fought over the ownership of masses of journey data.

If a fleet of Google cars is destined for Sydney motorways, it is expected Google will be recording data about when, where, and how they travel.

“We have some concerns about what would happen to the data these cars produce,” NRMA’s driver advocacy manager Chris Siorokos told the committee this week.

“Knowing where you drive, what time you drive, what shops you stop at, is very revealing information about someone.

“Theoretically, if the owner of that data builds up a profile of you, they can very very specifically target marketing materials."

Old news?

However, the National Transport Commission, which is currently reviewing autonomous vehicle regulation on a national scale, believes this kind of data collection is nothing new.

It argues that it happens every time you turn on Google maps or an in-car sat-nav system, and is already addressed by the Commonwealth Privacy Act.

The NTC did, however, warn the situation could get murky from a privacy perspective when machine-to-machine communications between cars and public infrastructure are added to the mix.

Whether travel data generated by a driverless car falls under the protections of the national Privacy Act depends on whether or not it could feasibly be used to identify the car owner or passenger.

This means a lot of the data generated would probably fall outside the protections of the Act, and would stay in the hands of infrastructure providers, the NTC argued.

“For example, if a service provider collects a vehicle’s unique number but has no method to match that number to a vehicle registration or individual, then it is unlikely that data would meet the reasonably identifiable test and would not be personal information,” the commission said.

De-identification

The Privacy Commissioner has warned, however, that there is no way of guaranteeing de-identified data from connected road infrastructure could not be reverse-engineered to produce private details.

The NTC has therefore recommended governments remain cognisant of building in “the highest possible level of anonymity for drivers” when configuring this sort of modern road infrastructure in the future.

It also suggested any future or current entity that might store unique car identifiers for M2M purposes should be structurally separate from the motor registries and licence authorities that control personal car rego details.

The NTC forecast future customers of autonomous vehicle technology might be put off by the possibility that this new data could end up in the hands of government officials and law enforcement.

Transport chiefs from the NSW government have already told the committee that sharing anonymous vehicle movements creates the “potential for required infrastructure improvements and connectivity with autonomous vehicles to progress more quickly than if access to data is limited”.

These kinds of data sets promise road planners unprecedented insights into traffic, congestion and infrastructure pain-points - as long as the information is treated sensitively.

But at the same time the NTC flagged the potential for legal headaches to arise from crash investigations, including balancing “the extent to which police are able to access and investigate information embedded within an automated vehicle as part of a crash investigation”.

It would also open a new level of tracking potentially available to authorities in criminal investigations, it said.