Canada: How To Design A Privacy-Compliant Autonomous Vehicle

Last Updated: November 23 2017
Article by Lisa R. Lifshitz

Autonomous cars are on the horizon. Fortune magazine has estimated that initial versions of these cars should be on the road by 2020. By 2040, an estimated 95 per cent of new vehicles sold will be fully autonomous. That's encouraging news for safety advocates, as research undertaken by the National Highway Traffic Safety Administration in the United States has shown that 94 per cent of fatal car crashes can be attributed to human error.

However, as autonomous car technology advances, privacy concerns relating to these vehicles are also growing given that these cars will be capable of recording a tremendous amount of data about (and from) their users and the environment around them. For example, autonomous vehicle sensors will likely include: a wheel encoder sensor for monitoring the movements of the car; GPS for navigation; cameras near the rear-view mirror for colour and other identification; radar on the front and rear bumpers for identifying traffic; lane departure, rear collision and pedestrian alerts; and a spinning light detection and ranging sensor on the roof that will be used for generating a 3D map of the environment. Event data recorders will capture driver behaviour information, such as the speed of a vehicle, braking patterns and collision information, while the cars themselves can/will record where a driver is going and possibly who is in the car and even what the individuals in the cars are saying. It will be tempting for suppliers to monetize this data in some capacity by selling it to third parties in addition to being pressured to disclose it to law enforcement agencies if pressed to do so.

If an autonomous vehicle manufacturer wished to develop a privacy-compliant car, what considerations would have to be addressed and what should "best practices" be? In late September, the 39th International Conference of Data Protection and Privacy Commissioners, which is composed of 119 privacy and data protection authorities from across the globe, sought to give some guidance on this very point when it adopted the Resolution of Data Protection in Automated and Connected Vehicles. The resolution describes 16 critical data privacy and security principles that are intended to guide standardization bodies, public authorities, vehicle and equipment manufacturers, personal transportation services and car rental providers and providers of data-driven services (i.e., speech recognition, navigation, remote maintenance or motor insurance telematics services) in the development of connected-car technologies to protect individual user data at all stages of the development process. In providing this privacy "road map" (pun intended), the ICDPPC called for the parties above (I'll call them providers for ease of review) to hard-wire these principles into their autonomous vehicle designs and production.

In my view, nothing contained in the ICDPPC guidelines is particularly surprising for anyone with even a passing interest in privacy. Individuals should receive "comprehensive information" as to what data is collected and processed in the deployment of connected vehicles, for what purposes and by whom. Providers should use anonymization measures to minimize the amount of personal data collected. Providers should not retain personal information for any longer than necessary in relation to the legitimate purpose for which it was collected and processed in the first place (unless the data is required for further compatible purposes or in accordance with law or with consent) and then the personal information should be deleted. Personal data should be erasable when a vehicle is sold or returned to its owner. All autonomous vehicles should contain "granular and easy to use" privacy controls for vehicle users enabling them to, where appropriate, grant or withhold access to different data categories in the vehicles as well as allow vehicle users to restrict the collection of data. Any personal data collected should be kept in secure data storage devices that puts the vehicle users in full control regarding access to any data collected by their cars.

The ICDPPC also reiterated its concerns regarding the unauthorized collection of personal data. For example, autonomous cars should contain secure online-communication capability that protects against cyberattacks and prevents unauthorized access to and interception of personal data. Providers must develop and implement technologies for "co-operative intelligent transportation systems" in ways that: 1. prevent unauthorized access to and interception of personal data collected by vehicles (v2v), transportation infrastructure (v2i) or other third party's entities (v2x); 2. enable vehicle users to inhibit/control the sharing of positional and kinematic data while still receiving road hazard warnings; 3. provide safeguards against unlawful tracking and tracing of drivers; 4. ensure the security of v2v, v2i and v2x communication during authentication processes do not pose additional risks to privacy and personal data; and 5. limit illegitimate vehicle tracking and driver identification.

Providers should also respect the principles of privacy by default and privacy by design, by providing technical and organizational measures and procedures to ensure that individuals' privacy is respected. Any self-learning algorithms needed for automated and connected cars should be transparent in their functionality and have previously been vetted by an independent body in order to reduce the risk of discriminatory automated decisions. Vehicle users should also be provided with privacy-friendly driving modes in the default settings. Before implementation, providers must also conduct data protection impact assessments for new, innovative or risky development or implementation of these technologies. Providers also have a general obligation to "promote the respect" of the personal data privacy of vehicle users by responsible processing of their personal data, giving due consideration to the potential harm that may be caused to the vehicle users as a result of the processing. Lastly, providers are encouraged to enter into a "dialogue" with the various data protection and privacy commissioners to develop compliance tools to accompany and provide legal certainty to autonomous vehicles' data processing.

While the ICDPPC resolution is non-binding, it nonetheless provides useful data privacy and security guidance for connected-car providers and is a good reminder of the importance of building privacy into autonomous cars from the ground up. At this critical juncture, this reminder is timely as evidenced by the latest failure of the NHTSA to meaningfully address privacy issues in its recently issued "Autonomous Driving Systems 2.0: A Vision for Safety" voluntary guidelines for the automotive industry. Intended to promote improvements in safety, mobility and efficiency through ADS, this 26-page document lists suggestions and helpful advice on ADS system safety, operational design domain object and event detection and response, validation methods, human machine interface, vehicle cybersecurity, crashworthiness and post-cash ADS behaviour, but it delegates privacy to a footnote. (The note said: "NHTSA acknowledges that Privacy and Ethical Considerations are also important elements for entities to deliberate. See for NHTSA's approach on each.") Regrettably, while the U.S. Federal Trade Commission is a member of ICDPPC, it also abstained from endorsing the resolution so U.S. federal government leadership on this issue may be somewhat lagging.

Meanwhile, in Ontario, the provincial government just announced on Nov. 8 that it was launching and heavily investing ($80 million over five years) in the Autonomous Vehicle Innovation Network, a demonstration zone located in Stratford that will allow researchers to hone their technology and test driverless cars in a wide range of realistic traffic and weather conditions. In addition to the proposed demonstration zone, AVIN will also include a research and development partnership fund to foster collaboration among automakers, technology leaders and Ontario-based small and medium-sized enterprises to develop and commercialize connected and autonomous technologies. Collaborations may also involve post-secondary institutions and municipalities, a talent development program, be used to support internships and fellowships for students and recent graduates with Ontario companies advancing C/AV technologies, as well as Central Hub, a new online destination and specialized team to act as a focal point to conduct research, share information and build connections among industry, research institutions and other interested C/AV stakeholders. Let's hope that as a condition of the government's funding, privacy considerations relating to the development of C/AV technologies merit more attention than a footnote.

Originally published by Canadian Lawyer Online - IT Girl Column.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Lisa R. Lifshitz
In association with
Related Topics
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Registration (you must scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of

To Use you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions