WASHINGTON D.C. — Yesterday, TechFreedom joined comments filed with the California Department of Motor Vehicles on the Driverless Testing and Deployment Regulations the state proposed in March — the third draft proposed since 2015. In October, we joined R Street Institute, the Competitive Enterprise Institute, and the International Center for Law and Economics in comments on the second draft. Yesterday’s comments filed by the same coalition reiterate many of the same concerns. In particular, the information privacy rule (now Section 228.24) remains essentially unchanged.
“California’s fundamental mistake is trying to create a bespoke privacy rule just for autonomous vehicles,” lamented Berin Szóka, President of TechFreedom. “The DMV could, and should have, incorporated the largely bipartisan approach developed by the Federal Trade Commission, which focuses on respecting consumer expectations. Instead, the regulation would draw a bright line, requiring users to opt-in to any collection of information that is ‘not necessary for the safe operation of the vehicle’ and that is not anonymized. Unfortunately, there is a wide range of other circumstances in which user consent would rightly be inferred under the FTC model, including product and service fulfillment, internal operations, but most critically, insurance. Regulators may or may not decide, well after the fact, that such information is ‘necessary for the safe operation of the vehicle,’ but it absolutely is necessary for autonomous vehicles to work en masse.”
“California’s consent requirement is like forcing a customer to read every page of the vehicle manual before buying a car,” continued Szóka. “But it’s even worse than that. The ‘manual’ here would describe how the Internet of Things meshes with the arcane world of insurance. And California goes even further, proclaiming that no one shall be be ‘denied’ use of an autonomous vehicle if they do not consent to the collection of such information. Yet California has already wisely required that all drivers carry insurance, and insurance markets for autonomous vehicles will not work if users have to opt-in to sharing of information necessary to process insurance claims. California’s conception of what information is ‘necessary’ is simply too narrow to allow the autonomous vehicle industry to function.”
“Future California regulators won’t be able to claim that, ‘Nobody knew that autonomous vehicle information sharing could be so complicated,’ because we’ve explained this problem twice,” concluded Szóka. “Privacy is just one of many difficult issues to be worked out in governing the vehicles of the future. Safety regulators should focus on the issues they know best — safety — and leave information privacy to the experts at the FTC and the state attorney general’s office. But if the DMV won’t do that, it should at least expand its concept of ‘necessary’ information so that the opt-in mandate focuses on things consumers really don’t expect, like their precise geolocation data being used for marketing. And if the DMV does neither, this half-baked approach to privacy will delay the deployment of vehicles that could save tens of thousands of lives every year in avoidable accidents, reduce carbon emissions, and make our cities more livable for all.”
We can be reached for comment at firstname.lastname@example.org. See our other work on autonomous vehicles, including:
- Tech Policy Podcast #149: Do Smart Cars Need Smart Roads?
- Tech Policy Podcast #134: California Regs on Self-Driving Cars
- Tech Policy Podcast #114: The Internet of Cars
TechFreedom is a non-profit, non-partisan technology policy think tank. We work to chart a path forward for policymakers towards a bright future where technology enhances freedom, and freedom enhances technology.