Transport Committee on May 9th, 2018

Madam Chair, honourable members of the committee, thank you for inviting us to appear before you today in the context of your study of automated and connected vehicles in Canada.

Modern cars are more than simply vehicles. They have become smart phones on wheels—mobile sensor networks, capable of gathering information about, and communicating with, their internal systems, other vehicles on the road, and local infrastructure. This information is not strictly about the car; it can be associated with the car's driver and passengers, and used to expose patterns or make inferences about those people for a number of purposes not all related to the functioning of the vehicle or safe transportation.

For instance, these vehicles collect information about driver habits and behaviour, biometric and health data, location data, personal contacts, schedules and communications, and entertainment content, which could be used for marketing, usage-based insurance, navigation, and so on.

Most of these data flows in the connected car are very complex and not transparent. Individuals are accustomed to simply getting in a car and driving, and may have little awareness about how the data captured by a connected car may be used in the background, let alone the implications of those uses, or of any options available to limit, disable or otherwise control them.

The benefits available to Canadians through the arrival of connected and autonomous cars may be significant. However, consumers' trust in these technologies will only take hold when the appropriate balance is reached between information flow and privacy protection.

Over the past several years, my office has set out to identify improvements to the current consent model under federal private sector privacy law. What became clear to us throughout this work is that individuals want to retain the ability to make decisions about their data, and that organizations still need to do a better job of explaining what they propose to do with the personal information they collect. In an attempt to improve this situation, we have updated our guidelines for online consent, and they now outline seven underlying principles for obtaining meaningful consent.

In the context of the connected car, there may be certain scenarios where it would be inappropriate for the driver to control how the information is used, for instance, when the data is necessary for road safety or proper functioning of the vehicle. However, there are many other scenarios or purposes that should be subject to individual choice. In that respect, we think our guidelines for consent will be useful.

While we believe that meaningful, informed consent continues to have an important role in protecting privacy, it is also clear that the consent model is challenged in this new world of increasingly complex data flows and business models. In these situations, as is clearly the case with connected cars, consent needs to be supported by other mechanisms, including industry codes of practice, privacy by design, and strong accountability and respect for privacy rights by organizations. Likewise, proactive enforcement is required to ensure independent review of compliance with these requirements and to hold organizations to account.

The time has come for more modern privacy laws, which are urgently needed to protect us as both citizens and consumers. I am calling for amendments to the law to allow my office to go into an organization to independently confirm that the principles in our privacy laws are being respected without necessarily suspecting a violation of the law. These are not extraordinary powers, but rather authorities that have been exercised for a long time by other regulators. This shift towards stronger accountability of organizations and more proactive enforcement of privacy laws is necessary to achieve truly meaningful privacy protection in a technologically complex world.

To conclude, I would like to acknowledge the study by the Standing Senate Committee on Transportation and Communications on this very topic. I was very encouraged by the Senate committee's report, which gave significant weight to the privacy issues that we raised during its study, and made four privacy-focused recommendations.

I note in particular its recommendation 8, which reiterates my recommendation that the law be amended to empower my office to proactively investigate and enforce industry compliance with PIPEDA, as well its recommendation 10, which is to bring together relevant stakeholders to develop a coordinated framework for connected vehicles, with privacy protection as one of the key drivers. I look forward to the government's response to this report and to playing a key role in future developments.

Engaging and informing consumers so that they can make reasonable choices, empowering the regulator, and setting in motion a coordinated approach to connected vehicles clearly resonates with how my office envisions dealing with issues of consent and the privacy challenges associated with connected vehicles.

Thank you very much, and I look forward to your questions.

The distinction is not quite between driverless vehicles and current vehicles. It's more between cars that are connected to the Internet, whether they're driverless, semi-autonomous, or partially autonomous, and old model cars that are not connected to the Internet. The privacy risks arise out of the fact that currently, and certainly in the future, cars are connected to the Internet in part for transportation safety reasons, which are, of course, very legitimate and need to happen, but also for other reasons. For instance, when somebody drives their vehicle in 2018—and maybe it will be different in 2030—and behaves a certain way and goes to certain places, data is collected and potentially shared on driver behaviour and the location of an individual. Clearly personal information is collected by these cars, which are connected to the Internet, that could be shared for any number of purposes, such as for marketing, insurance, and so on.

It's the increased collection of personal information that comes with new technology, particularly technology that connects the car to the Internet for all kinds of purposes.

To be clear, as I've tried to be in the statement, the development of connected cars brings many benefits to the environment, road safety, and so on, but with that comes a much greater collection of personal information. This does not mean it should not happen, but it should be regulated.

The government has not yet responded to these recommendations. We've made similar recommendations to the Senate to which the Senate agreed, and the government needs to respond. That's one stream. We've made similar recommendations to the ethics committee of the House. They go beyond cars, but they're very similar recommendations. The ethics committee also agreed in large part with our recommendations, and the government's response is still due. The government is within its time to respond to these reports, but we have not seen the government's response yet.

If you're talking about—

Yes.

There will be information that may not be personal, say, the behaviour of a vehicle, the functioning of the vehicle itself, which in some cases will not lead to personal information. That's one set of issues, but there's another set of issues which is of concern to us, or at least of interest to us, which has to do with the collection of personal information from the car to outside the car.

For instance, there's driver behaviour. There will be some of this collection, which may be necessary for transportation safety or other regulatory purposes. We're not saying it should not be recorded, but if personal information is at stake, the principle under privacy law is that it should only be collected when necessary and should be retained only as necessary for the regulatory purpose. That's at the general level.

Do you mean for safety reasons?

PIPEDA is a principles-based legislation, and I think it can be interpreted as applying to these various collections of information but enhanced with more specific rules. That's a reason why we agree with the Senate committee, which recommended that government work with the private sector and hopefully with us, to develop either a code of practice or more specific rules than the very high-level principles in PIPEDA.

PIPEDA is able to do that but needs to be enhanced with either a code of practice or more specificity, and government and industry need to work on that, with our assistance, we hope.

I think that will be possible for certain collections and sharing of information, but probably not for all. For instance, if we imagine a world in a few years where there is a mix of autonomous and semi-autonomous cars, there has to be sharing of information between the car and the infrastructure, the road, to ensure that cars function in a safe manner. I do not envisage that the collection and sharing of information to ensure road safety is something that people will be able to opt out of.

On the other hand, there are more benign uses of information, such as the contact list on your telephone that's connected to the car, or things like that, where, yes, there should be an opt-out.