Driverless-Car Makers on Privacy: Just Trust Us

A display inside a Tesla Model 90D during a demonstration of self driving car technology on Capitol Hill, on Tuesday, March 15, 2016.

A display inside a Tesla Model 90D during a demonstration of self driving car technology on Capitol Hill, on Tuesday, March 15, 2016. Evan Vucci/AP

Members of Congress are calling for new rules that determine how companies can use personal data collected by autonomous vehicles.

A self-driving car is, in the words of the roboticist Missy Cummings, “one, big data-gathering machine.” Which, on one hand, is great: For driverless cars to work, they have to slurp up huge streams of sensory data about the world around them.

But these vehicles will also collect reams of personal information about their passengers—just the way Uber and Google Maps have detailed information about where you’ve gone, and can predict where you’re going.

This isn’t necessarily bad—there are all kinds of neat services that might rely on personalized data—but it does raise the question of how, if at all, data collection ought to be regulated. This topic came up last week at a congressional hearing on driverless cars, and the companies potentially doing the data-collecting were, and this is putting it gently, evasive.

“Do you think there should be a mandatory minimum for privacy protection?” asked Sen. Ed Markey, a Democrat from Massachusetts.

The witnesses, representing car makers and the ride-sharing company Lyft, had well-rehearsed platitudes—privacy is important, we look forward to cooperating with the federal government, that kind of thing—but none agreed that mandatory privacy standards should apply to them.

“Google has a variety of policies we use around privacy,” said Chris Urmson, the head of the company’s self-driving car project.

“We think a more flexible approach is preferred,” said Mike Ableson, a vice president at General Motors.

“We haven’t really taken a position on mandatory or not,” said Glen DeVos, a vice president at Delphi Automotive.

Perhaps most telling was the response from Joseph Okpaku, a vice president at Lyft, who said, essentially, that new rules aren’t necessary because Lyft and other companies are writing their own.

“Lyft [is] developing these policies internally,” Okpaku said. “We’ve now seen policies that Lyft and other ride-sharing companies have enacted of their own volition become the standard for the industry.”

Cummings, who is the director of Duke’s Humans and Autonomy Laboratory, sees the prospect of mandating baseline standards for consumer privacy as urgent and “absolutely” essential for driverless cars.

“All of your personal data ... It’s not clear who is going to be doing what with that data,” she said. “I personally would feel better that there were some set of standards in place.”

Markey and his colleague, Sen. Richard Blumenthal, a Democrat from Connecticut, agree with Cummings: Last summer they introduced legislation that would develop privacy standards on the data collected by vehicles.

In the hearing last week, both senators were calm but clearly impatient with the oblique responses to their questions about privacy.

“Witnesses sat here 30 years ago and said the same thing about airbags and seat belts, and how they should just leave it to the individual companies,” Markey said at one point to Google’s Urmson.

“May I respectfully suggest that the answer to the question—should there be mandatory safety and privacy standards?—is, ‘yes,’” Blumenthal said. “And I didn’t hear that ... I hear answers that basically implied, ‘maybe there should be.’”

“The credibility that this technology has,” he continued, “may become exceedingly fragile if people can’t trust standards that are uniform and mandatory.”