U.S. Department of Transportation Checklist for Self-Driving Cars

Privacy Newsletter
October 2016

Some of 2016’s most exciting technological advances have involved the use of—and planning for the use of—self driving cars. Earlier this month, the U.S. Department of Transportation released their Federal Automated Vehicles Policy and accompanying Fact Sheet: Federal Automated Vehicles which are intended to encourage a “proactive safety approach that will bring lifesaving technologies to the roads safely while providing innovators the space they need to develop new solutions.”

The Policy sets forth a forward-looking proposed regulatory framework for dealing with issues relating to self-driving cars through several mechanisms, including a 15-point “Safety Assessment” for the safe design, development, testing and deployment of automated vehicles, a Model State Policy and discussions of current and “modern” (potentially new) regulatory tools. The Safety Assessment aspect of the Policy reflects significant concern about privacy and cybersecurity, and balances that concern with a keen understanding of the unique nature of this new industry. Without overly specific guidance as to how information should be treated or used, the Policy aims to allow “government, industry and the public to increase their learning and understanding as technology evolves, while protecting legitimate privacy and competitive interests.” . Examples found in the Policy of the desire for a collaborative partnership to advance both public and private interests include recommendations that:

  • manufactures voluntarily report on their compliance with the Policy, including with respect to privacy considerations;
  • manufacturers develop processes and standards for collection and use of data (including crash data and other information that may be useful in enhancing safety);
  • generally, only de-identified data collected via the operation of self-driving cars should be shared with third parties;
  • manufacturers adopt privacy policies and practices that ensure several core principles with respect to treatment of personal information (transparency, choice, respect for context, minimization and de-identification and retention, data security, integrity and access and accountability); and
  • vehicle cybersecurity issues be addressed using a “a systems-engineering approach to minimize risks to safety, including those due to cybersecurity threats and vulnerabilities.”
The Policy reflects a significant effort on behalf of the government to weight its duty to ensure the safety of the traveling public alongside the development of emerging technologies that will present new opportunities and challenges with respect to collection, use and sharing of information. Manufacturers, individuals and other users of self-driving cars should account for the Policy in developing their own practices, and keep an eye on further developments in the area.

Brian O'Reilly is an Associate in Locke Lord’s Austin office. He can be reached at