It's Long Past Time for Data Privacy Laws

As advanced driver assistance systems (ADAS) continue to evolve toward automated driving systems (ADS), the number of sensors on vehicles continues to increase. However, unlike those on prototype robotaxis, many of these sensors aren’t immediately visible or obvious. While these systems should help improve safety in the coming years, they also introduce new potential issues related to privacy. A recent report of Tesla employees sharing video clips captured from cars demonstrates some of the potential downsides of smarter, connected vehicles.

Former Sun Microsystems CEO Scott McNealy once told reporters, “You have zero privacy anyway … Get over it.” That was in 1999, and the situation has only worsened since. Politicians in many regions are moving to ban TikTok because of concerns about data from the China-based company being shared with Chinese authorities. However, even in the US we have enormous technology companies making huge profits based on the data they collect about our behavior.

At Tesla, employees responsible for reviewing video clips uploaded from customer vehicles and labeling the content have allegedly been sharing those clips when they contain private or inappropriate content. This isn’t the first time, and probably won’t be the last time, something like this has happened. In 2019 similar reports emerged about data labeling contractors working for Ring, the Amazon-owned maker of video doorbells.

The video clips from vehicles are saved and uploaded to servers where they are annotated and used in training machine vision systems. Tesla has been particularly vocal over the years about all the data it gets from its customers that helps improve its Autopilot and “Full Self-Driving” features (although these systems still don’t actually work very reliably). Tesla also uses the eight cameras on its vehicles to enable the Sentry security system designed to detect potential thieves or vandals. While the ADAS/ADS features only run when the vehicle is in use, Sentry can run all the time and capture video, which was probably the source of at least one naked customer in his garage.

With nearly all new vehicles now being equipped with multiple cameras along with cellular and Wi-Fi connectivity, ever more information about our activities is being collected and uploaded for either diagnostic, product development, or commercial uses. Automakers like GM have targeted a doubling of revenue by 2030 based on software and services.

But it’s not as simple as just turning off the connectivity. ADAS features like GM’s hands-off Super Cruise require connectivity for regular map and functional updates, and every automaker is shifting toward software-defined vehicles with regular over-the-air updates. There are tremendous benefits to be gained from this, such as faster fixes for functional and security issues with vehicle software.

Unfortunately, countless companies across many fields, from automotive to credit reporting to e-commerce to social networking, have repeatedly demonstrated that they can’t be trusted to police themselves with user data, especially when profits might be on the line. Several years ago, the European Union made a good start with its General Data Protection Regulation, but so far most American politicians and regulators have preferred to focus on grandstanding about perceived geopolitical adversaries. What is really needed is strong data privacy regulations in every country with real consequences for companies that don’t comply. Until it becomes more expensive to not protect user privacy, these types of incidents will keep occurring. Scott McNealy was prescient about where the world was headed, but it’s not too late to make him wrong.