Privacy Implication in Autonomous Vehicles: A ‎Comparative Study of Threats and Legal ‎Requirements

Document Type : Research Paper

Authors

1 MA. Graduate in International Trade Law, Shahid Beheshti University, ‎Tehran, Iran.‎

2 International Trade Law and Intellectual Property Law, Faculty of Law, Shahid Beheshti University, Tehran, Iran

Abstract

The idea of a smart city conveys devices highly equipped with novel technologies performing in place of human beings. For a city to be smart, information flow plays an underpinning role. Devices in smart cities collect enormous amounts of information, enabling their embodied systems to run either as computers tackling ordinary tasks or as intelligent agents making decisions and gaining experiences. Artificial intelligence (AI) and other algorithmic systems in both learning and performing stages rely on learning from information entered by a programmer and transmitted from an external source. AI, in particular, benefits from information to predict the future, make decisions, and use feedback on prior ones for decisions on similar occasions. Therefore, the more information at hand, the more efficient AI performs and the smarter the city is. The growing communication technologies such as 5G internet and the internet of things (IoT) let AI systems access transmitted information at higher rates. Autonomous vehicle (AV) is one of the features by which smart cities are known. Along with IoT and the 5G internet, which make information transfer from other devices and infrastructures faster, AVs benefit from numerous embodied sensors collecting various sets of information from the environment for AI to participate in the vehicles' functions. In a city where people use AVs alongside other smart devices, collecting and transmitting information raises privacy concerns. This study deals with the growing concern over the
 
 
privacy of the information on which AVs rely to operate. The study's primary purpose is to detect the potential privacy threats by describing the
                                                                                              
underlying features of AVs in the implementation of which information plays an essential role. Then, considering the potential threats, the research
introduces and criticizes the current privacy protections in principle and practice, associable with AV's inherence.
The study dedicates Section I to the concept of privacy to illustrate the evolution of its definition, dimensions, and legal protections as technologies grew over time. Dividing the process into three courses in which privacy relates different meanings, the study suggests that privacy within the current course is falsely comprehended through data and data protection regulations when instead of information itself, the aim of protection must be the subject person whose information is collected. Not considering different dimensions, the current interpretation provides narrow protection for privacy, although it empowers data transactions where data is not sensitive and the subject person consents. Some recent regulations in the EU and the USA, namely General Data Protection Regulation (GDPR) and California Privacy Act (CPA), deal with privacy in this sense by protecting data in the collection, transmission, storage, and usage stages against unconsented processes in the technology sector and technological systems, one of which being AVs. Section II provides details on how information flow and IoT enable inter-connected AVs to operate, then elucidates how the usage of such inter-connection has threatened different dimensions of privacy in actual technology cases similar to AVs. There are cases in which different sets of information on people's location, state of body and mind, behavior and action, social life, and media are collected and transmitted in vehicle-to-vehicle, vehicle-to-infrastructure, and vehicle-to-everything networks unconsented or illegally processed. Outlining the four stages of the life cycle of information (collection and storage, processing, usage, and transmission), Section III demonstrates whether AVs impose the risk of breach of privacy by four types of behavior (collection, processing, dissemination, and invasion) and how the current regulations protect privacy in the said types of behavior. Primarily, privacy protection in AVs entails considering legal principles in the design stage as well as the stages of the life cycle of information to guarantee the security and transparency of information flow. Confidentiality and encryption to improve security and inform the data subject of the purpose of processing and implementing data to increase transparency are the legal principles envisaged by current regulations, GDPR and CPA.
Equipped with sensors facing the external and internal environments, AVs collect and store information about the bodily and mentally status of people in and around the vehicle, information about the vehicle itself, namely estimating energy consumption, locating the vehicle and other objects around it, and other information necessary for AI to operate the vehicle. Regulations protecting privacy should require prior consent for the collection and that the technologies associated with the collection phase minimize the
 
 
amount of data collected. The processing phase provides AI categorized, tagged, and patterned sets of information to enable the usage phase. A standard regulation contains provisions on the limitation of the purpose of the processing of data, as well as the ability to modify data for the data subject; therefore, the regulation preserves privacy from threats such as data aggregation, identification, insecurity, secondary use, and exclusion. The collected and processed data enables AVs to anticipate incidents, make decisions, and improve upon them in the usage phase of the life cycle of information. To prevent AI from being biased, intrusive, and decisionally interfering, the regulation must grant the right to reject data usage to the data subject in addition to the purpose limitation requirements. In the last stage of the cycle, AV systems transmit data in networks or delete unnecessary data. The standard regulation grants data subject the right to control over the deletion of their collected data as well as requiring its consent for data dissemination to both maintain transparency and protect privacy against unconsented disclosures and breach of confidentiality.
 

Keywords


  1. منابع

    الف) فارسی

    1. آقابابایی، حسین؛ موسوی، ریحانه (۱۳۹۲).«حریم خصوصی، اجرای قانون و ادلۀ اثبات دعوی کیفری در حقوق اسلامی»، فصلنامۀ مطالعات حقوق خصوصی دانشگاه تهران، ش ۴، ص 35-19.

    DOI: 10.22059/JLQ.2014.50103

    1. بادینی، حسن (۱۳۹۱). «مسئولیت مدنی ناشی از نقض حقوق معنوی مربوط به شخصیت و حقوق بشر»، فصلنامۀ مطالعات حقوق خصوصی دانشگاه تهران، ش ۱، ص 107-89.

    DOI: 10.22059/JLQ.2012.29818

    1. رهبر، نوید؛ دهقان‌پور فراشاه، سبحان (۱۴۰۰). «بررسی تطبیقی مبنای مسئولیت مدنی در تصادفات وسایل نقلیة خودران»، فصلنامة مطالعات حقوق تطبیقی دانشگاه تهران، ش ۲، ص ۵۲۳-۵۴۳.

    DOI: 10.22059/JCL.2021.320449.634169

    1. شهبازی، آرامش (۱۳۹۵). «لزوم رعایت حریم خصوصی – درمانی قربانیان کاربرد سلاح‌های شیمیایی جنگ عراق علیه ایران»، فصلنامۀ مطالعات حقوق عمومی دانشگاه تهران، ش ۲، ص ۴40-۴17.

    DOI: 10.22059/JPLSQ.2016.58204

    1. مقامی، امیر؛ عطاران، نادیا (۱۳۹۸). «موازنۀ افشای حریم خصوصی خانوادگی چهره‌های مشهور در رسانه‌ها و آزادی بیان در رویۀ نهادهای قضایی»، فصلنامۀ مطالعات حقوق عمومی دانشگاه تهران، ش ۲، ص ۳31-۳11.

    DOI: 10.22059/JPLSQ.2018.219954.1390

    1. قاسم‌زاده لیاسی، فلور؛ رئیسی دزکی، لیلا (۱۳۹۹). «کاربست قوانین و مقررات ارتباطی در صیانت از حریم خصوصی شهروندان در فضای سایبر»، فصلنامۀ مطالعات حقوق عمومی دانشگاه تهران، ش ۲، ص 616-597.

    DOI: 10.22059/JPLSQ.2018.261128.1778

    ب) خارجی

    1. Anderson Cyrus., Ram Vasudevan, Matthew Johnson-Roberson (2020). “Off the Beaten Sidewalk: Pedestrian Prediction in Shared Spaces for Autonomous Vehicles”, IEEE Robotics and Automation Letters, Vol. 5, Iss. 4, pp.6892-6899. DOI: 10.1109/LRA.2020.3023713
    2. Malti Bansal, Marshal Nanda, & Husain Md. Nazir (2021). “Security and Privacy Aspects for Internet of Things (IoT)” In 2021 6th International Conference on Inventive Computation Technologies (ICICT). IEEE, pp. 199-204. DOI: 10.1109/ICICT50816.2021.9358665
    3. Bloom Cara, Tan Joshua, Javed Ramjohn, Lujo Bauer (2017). “Self-Driving Cars and Data Collection: Privacy Perceptions of Networked Autonomous Vehicles”, USENIX Association Thirteenth Symposium on Usable Privacy and Security, pp.357- 375. Available at: https://www.usenix.org/conference/soups2017/technical-sessions/presentation/bloom (Last visited December 26, 2021)
    4. Borgesius Frederik Zuiderveen (2020). “Price Discrimination, Algorithmic Decision-Making, and European Non-Discrimination Law”, European Business Law Review, Vol. 31, Iss. 3, pp.401-422. Available at SSRN: https://ssrn.com/abstract=3413556 (Last visited December 26, 2021)
    5. Chang Wanli, Simon Burton, Chung-Wei Lin, Qi Zhu, Lydia Gauerhof, John McDermid (2020). “Intelligent and Connected Cyber-Physical Systems: A Perspective from Connected Autonomous Vehicles”, In: Firouzi Farshad, Chakrabarty Krishnendu, Nassif Sani, Intelligent Internet of Things, Cham: Springer, pp.357-392. DOI: 10.1007/978-3-030-30367-9_7
    6. Coelho Maria Dias, Andre Vasconcelos, Pedro Sousa (2021). “Privacy by Design Enterprise Architecture Patterns”, ICEIS 2021 – 23rd International Conference on Enterprise Information Systems, pp.743-750. Available at:

        https://www.scitepress.org/Papers/2021/104735/104735.pdf (Last visited December 26, 2021)

    1. Defense Advanced Research Project Agency (2016). “Explainable Artificial Intelligence”, DARPA: Broad Agency Announcement, pp.1-52. Available at: https://www.darpa.mil

       /program/explainable-artificial-intelligence (Last visited December 26, 2021)

    1. Deng Han, Zhechon Wang, & Yazhen Zhang (2021). “Overview of Privacy Protection Data Release Anonymity Technology”, 2021 7th IEEE Intl Conference on Big Data Security on Cloud (Big Data Security), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS), pp.151-156. DOI: 10.1109/BigDataSecurityHPSCIDS52275.2021.00037

    15.Endsley Mica R. (2019). “Situation Awareness in Future Autonomous Vehicles: Beware of the Unexpected”, In: Bagnara, S., Tartaglia, R., Albolino, S., Alexander, T., Fujita, Y., Proceedings of the 20th Congress of the International Ergonomics Association (IEA 2018) Advances in Intelligent Systems and Computing, Vol. 824, Cham: Springer, pp.303-309. DOI: 10.1007/978-3-319-96071-5_32.

    1. Falco Gregory (2019). “Participatory A.I.: Reducing AI Bias and Developing Socially Responsible A.I. in Smart Cities”, 2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC), New York, NY, USA, pp.154-158. DOI: 10.1109/CSE/EUC.2019.00038
    2. Federal Trade Commission (2015). “FTC Report in Internet of Things Urges Companies to Adopt Best Practice to Address Consumer Privacy and Security Risks”, Federal Trade Commission: Protecting America’s Consumers (January 2015) available at https://www.ftc.gov/news-events/press-releases/2015/01/ftc-report-internet-things-urges-companies-adopt-best-practices (Last visited December 26, 2021)
    3. Floridi Luciano (2014). The Fourth Revolution: How the Infosphere Is Reshaping Human Reality, 1st Edition, United Kingdom: Oxford University Press.
    4. Han Songyang, Fei Miao (2020). “Behavior Planning for Connected Autonomous Vehicles Using Feedback Deep Reinforcement Learning”, Cornell University arXiv Labs, 1-9. ArXiv: arXiv:2003.04371 (Last visited December 26, 2021)
    5. Henkin Louis (1974). “Privacy and Autonomy”, Columbia Law Review, Vol. 74, Iss. 8, 1410-1433. DOI: 10.2307/1121541
    6. Kaspar Debbie V.S. (2005). “The Evolution (or Devolution) of Privacy”, Sociological Forum, Vol. 20, Iss. 1, pp.69-92. DOI: 10.1007/s11206-005-1898-z
    7. Kim, Shiho, Rakesh Shrestha (2020). Automotive Cyber Security, Singapore: Springer.
    8. Kocić Jelena, Nenad Jovičić, Vujo Drndarević (2018). “Sensors and Sensor Fusion in Autonomous Vehicles”, 2018 26th Telecommunications Forum (TELFOR), 420-425. DOI: 10.1109/TELFOR.2018.8612054
    9. Mayer-Schönberger Viktor (1998). “Generational Development of Data Protection in Europe”, in Agre P.E. and Rotenberg M. (eds.), Technology and Privacy: The New Landscape, London, MIT Press.
    10. Misra Sridipa, Muthucumaru Maheswaran, Salman Hashmi (2017). Security Challenges and Approaches in Internet of Things, Cham: Springer International Publishing.
    11. NHTSA, “Automated Driving Systems”, National Highway Traffic Safety Administration, available at https://www.nhtsa.gov/vehicle-manufacturers/automated-driving-

       systems#automated-driving-systems-av-20. (Last visited December 26, 2021)

    1. Nissenbaum Helen (2010). Privacy in Context Technology, Policy, and the Integrity of Social Life, Stanford, California: Stanford University Press.
    2. Ntoutsi Eirini, Pavlos Fafalios, Ujwal Gadiraju (2020) “Bias in Data‐Driven Artificial Intelligence Systems—An Introductory Survey”, Wires Data Mining and Knowledge Discovery, 1-14. DOI: 10.1002/widm.1356
    3. Oham Chuka (2018) “A blockchain based liability attribution framework for autonomous vehicles”, arXiv preprint, arXiv:1802.05050, 1-13. Available at:   https://arxiv.org/abs/1802.05050 (Last visited December 26, 2021)
    4. Rangesh Akshay, Nachiket Deo, Kevan Yuen, Kirill Pirozhenko (2018). “Exploring the Situational Awareness of Humans inside Autonomous Vehicles”, 2018 21st International Conference on Intelligent Transportation Systems (ITSC), Maui, HI, USA, 190-197. DOI: 10.1109/ITSC.2018.8570001.
    5. Regan Priscilla M. (1995). Legislating Privacy: Technology, Social Values, and Public Policy, Chapel Hill: University of North Carolina Press.
    6. Seipp David J. (1981). The Right to Privacy in American History, Harvard University, Program on Information Resources Policy.
    7. Smith Robert Ellis (2000). Ben Franklin’s web site: Privacy and curiosity from Plymouth Rock to the Internet, Privacy Journal.
    8. Solove Daniel J. (2002). “Conceptualizing Privacy”, California Law Review, Vol. 90, Iss. 4, pp.1087-1156. DOI: 10.2307/3481326.
    9. Solove Daniel J. (2002). “Digital Dossiers and the Dissipation of Fourth Amendment Privacy”, South California Law Review, Vol. 75, pp. 1083-1169. Available at: http://ssrn.com/abstract=313301 (Last visited December 26, 2021).
    10. 36.Solove Daniel J. (2006). “A Taxonomy of Privacy”, University of Pennsylvania Law Review, Vol. 154, Iss. 3, 477-564. DOI: 10.2307/40041279
    1. Such Jose M. (2017). “Privacy and Autonomous Systems”, IJCAI, pp.4761-4767. DOI: 10.5555/3171837.3171953
    2. Tamò-Larrieux Aurielia (2018). “Technical Tools and Designs for Data Protection. In: Designing for Privacy and its Legal Framework”, Law, Governance and Technology Series, Springer, Cham, Vol. 40, pp.101-148. DOI: 10.1007/978-3-319-98624-1_6
    3. Wang Jianxin, Ming K. Lim, Chao Wang, Ming-Lang Tseng (2021). “The Evolution of the Internet of Things (IoT) over the Past 20 Years”, Computers & Industrial Engineering, Vol. 155, Iss. 1, 107-174. DOI: 10.1016/j.cie.2021.107174
    4. Warren Samuel and Louis Brandeis (1890). “The Right to Privacy”, Harvard Law Review, Vol. 4, Iss. 5, pp.193–220. DOI: 10.2307/1321160
    5. Xiong Jinbo, Renwan Bi, Mingfeng Zhao, Jinga Guo, Qing Yang (2020). “Edge-Assisted Privacy-Preserving Raw Data Sharing Framework for Connected Autonomous Vehicles”, IEEE Wireless Communications, Vol. 27, Iss. 3, pp.24-30. DOI: 10.1109/MWC.001.1900463
    6. Xu Yiran, Xiaoyin Yang, Lihang Gong, Hsuan-Chu Lin, Tz-Ying Wu, Yunsheng Li, Nuno Vasconcelos (2020). “Explainable Object-Induced Action Decision for Autonomous Vehicles”, Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 9523-9532. Available at: https://arxiv.org/abs/2003.09405 (Last visited December 26, 2021)
    7. Zepf Sebastian, Javier Hernandez, Alexander Schmitt, Wolfgang Minker, Rosalind W. Picard (2020) “Driver Emotion Recognition for Intelligent Vehicles: A Survey”, ACM Computing Surveys, Vol. 53 Iss. 3, pp.1-30. DOI: 10.1145/3388790

    Case Law

    1. Barenblatt v. United States, 360 U.S. 109, 79 S. Ct. 1081, 3 L. Ed. 2d 1115 (1959).
    2. Boyd v. United States, 116 U.S. 616, 6 S. Ct. 524, 29 L. Ed. 746 (1886).
    3. Carpenter v. U.S., 138 S. Ct. 2206, 585 U.S. 2018, 201 L. Ed. 2d 507 (2018).
    4. Dinerstein v. GOOGLE, LLC, No. 19 C 4311 (N.D. Ill. Sept. 4, 2020).
    5. Mollett v. Netflix, Inc., 795 F.3d 1062 (9th Cir. 2015).
    6. Pavesich Case, 50 S.E. 68, 122 Ga. 190, 122 Georgia 190 (1905).

    Presentations

    1. Mangal Nandita, Leslie Nooteboom (2021). “Understanding AI Bias and How It Could Affect A.V.s”, Pave Virtual Panel. Available at:  https://www.youtube.com/watch?v=g1m1XLcd1NQ (Last visited December 26, 2021)