The Download - December 2014

Edited by Stuart P. Ingis, Michael A. Signorelli and Ariel S. Wolf

The November 2014 elections will bring change to Capitol Hill when the 114th Congress commences in January. In the House, Republicans increased their majority by twelve seats. The Republicans also gained control of the Senate, and will control both houses of Congress for the first time since 2006.

Change in control of the Senate will bring about change in the leadership of committees with jurisdiction over privacy and data security. In the Senate Commerce Committee, current Chairman Jay Rockefeller (D-WV) who is set to retire will be replaced by current Ranking Member John Thune (R-SD). In the Senate Judiciary Committee, Ranking Member Charles Grassley (R-IA) will replace current Chairman Patrick Leahy (D-VT), who will serve as ranking member. In the Senate Homeland Security and Governmental Affairs Committee, Ron Johnson (R-WI) will take over for Tom Carper (D-DE) as chairman.

Overall, when the 114th Congress begins in January, privacy and data security issues are expected to remain on the agenda for several key committees. In particular, House Energy and Commerce Committee Chairman Fred Upton (R-MI) recently announced that the committee will hold a series of hearings next year focusing on cyber threats. Other issues that will continue to receive attention in the 114th Congress include FTC oversight and reform, data security and breach notification, and cybersecurity. This issue of the download covers recent developments in auto privacy self-regulation, cybersecurity policymaking in Congress and the Executive Branch, and federal agency efforts related to drones and facial recognition technology, as well as other state and international developments.

In this Issue:

In the Marketplace

• Automakers Commit to Protect Consumer Privacy through Self-Regulation

Heard on the Hill

• House Intelligence Committee Hearing on Cybersecurity Threats
• President Signs Cybersecurity Bills

From the White House

• Buy Secure Initiative

Around the Agencies

• NTIA Facial Recognition Technology Multi-stakeholder Process
• Vehicle Privacy: FTC Weighs in on V2V Technology and Sen. Schumer Introduces GPS Legislation
• FFIEC Issues Cybersecurity Observations
• FCC Clarifies Opt-Out Rules for Fax Advertisments
• Decision Confirms FAA has Authority to Regulate Civilian Drones

In the States

• California Eraser Button Law
• Michigan Introduces Proposed Legislation Regarding "Data Brokers"

International

• EU Cookie Sweep Update

In the Marketplace

Automakers Commit to Protect Consumer Privacy through Self-Regulation

The two leading trade associations for automobile manufacturers—the Association of Global Automakers and the Alliance of Automobile Manufacturers, Inc.—released the Consumer Privacy Protection Principles for Vehicle Technologies and Services ("Principles") in November 2014.¹ The Principles were developed jointly by the two trade associations over the course of many months in recognition of the increasing ability of in-car technologies and services to collect and use information about the driving experience.

The Principles apply to "covered information," which is defined as any information collected, generated, recorded, or stored by a vehicle in electronic form, when retrieved from a vehicle by the manufacturer, that is linked or linkable to the vehicle from which the information is retrieved, or personal subscription information provided by individuals who register for vehicle technologies and services. When covered information includes biometric, driver behavior, and geolocation information, that information receives heightened protection under the Principles. In addition, the Principles require a warrant or court order for government access to geolocation information. The Principles are meant to be a baseline framework that different manufacturers may implement as they see fit. Subscribing to the Principles is voluntary. At the time of release, nineteen auto manufacturers had made a public commitment to subscribe to the Principles. Participating companies must implement the Principles for new vehicles manufactured no later than Model Year 2017 and for vehicle technologies and services, subscriptions that are initiated or renewed on or after January 2, 2016.

The Principles are as follows:

1. Transparency: Participating Members commit to providing Owners and Registered Users with ready access to clear, meaningful notices about the Participating Member's collection, use, and sharing of Covered Information.
2. Choice: Participating Members commit to offering Owners and Registered Users with certain choices regarding the collection, use, and sharing of Covered Information.
3. Respect for Context: Participating Members commit to using and sharing Covered Information in ways that are consistent with the context in which the Covered Information was collected, taking account of the likely impact on Owners and Registered Users.
4. Data Minimization, De-Identification & Retention: Participating Members commit to collecting Covered Information only as needed for legitimate business purposes. Participating Members commit to retaining Covered Information no longer than they determine necessary for legitimate business purposes.
5. Data Security: Participating Members commit to implementing reasonable measures to protect Covered Information against loss and unauthorized access or use.
6. Integrity & Access: Participating Members commit to implementing reasonable measures to maintain the accuracy of Covered Information and commit to offering Owners and Registered Users reasonable means to review and correct Personal Subscription Information that they provide during the subscription or registration process for Vehicle Technologies and Services.
7. Accountability: Participating Members commit to taking reasonable steps to ensure that they and other entities that receive Covered Information adhere to the Principles.

To read the full article please click here.

Footnote

1 Ass'n of Global Automakers and the Alliance of Auto. Mfrs., Privacy Principles For Vehicle Technologies and Services (Nov. 2014), available at https://www.globalautomakers.org/media/papers-and-reports/privacy-principles-for-vehicle-technologies-and-services.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.