Whether it’s to enhance the driving experience, reduce automobile accidents and related injuries, contribute to intelligent city infrastructure or simply boost a manufacturer’s profit, it seems the connected car is inevitable. But there is no clear path for the continued development of a connected car landscape: a road map that clearly indicates the best route to take is needed as the inevitable inevitably arrives.

Technologies like GPS, smart high-definition cameras, diagnostic software, Internet connectivity, data recording and transmission devices and a variety of physical and environmental sensors are being embedded into more of our cars, trucks and fleet vehicles.

(Check out some rather breathless predictions made by tech industry analysts just five years ago: “Leading industry research indicates nearly 100 million connected cars will be on the road by 2016.” Hopefully, those aren’t the same people doing actual connected car development!)

In fact, connected cars is already a bit of an outdated umbrella term: collectively known as V2X (vehicle-to-connection), the market actually consists (or will consist) of V2V (cars with vehicle-to-vehicle communications) and V2I (vehicle-to-infrastructure); automated cars (in which certain features are programmed) and autonomous cars (in which no direct human control or involvement is needed).

Whatever they are called, in the rush to adopt these “smartphones on wheels” (and many other new technologies), the cheer-leading hyperbole is only matched by a lack of answers to serious questions about the rewards and risks associated with product roll-out.

Innovative car tech seems to have both: if the number of deaths and injuries suffered in automobile accidents can be reduced by only a fraction, that’s great news and a much-needed reward! If the amount of pollutants and exhaust emitted by (any) car could be significantly reduced, that’s very welcome, too.

But if the goal is to get a driver’s eyes off the road so he or she can enjoy some WiFi-delivered TV entertainment, well, drop me off at the corner! And if the objective is to collect more personal data for marketing or surveillance agents, I’ll walk.

As with any software-driven product, cyber-hacking is a real risk: holding someone’s computer files for ransom is one deeply concerning hack that’s drawn attention recently; the notion of using someone’s vehicle – especially if it’s in motion on the highway – for improper purposes is another scenario entirely.

All of these reasons and more have been cited as driving the connected car market to new heights, and that has data privacy and tech security people worried.

“Modern cars are more than simply vehicles. They have become smartphones on wheels — mobile sensor networks, capable of gathering information about, and communicating with, their internal systems, other vehicles on the road, and local infrastructure,” Daniel Therrien, Canada’s Privacy Commissioner, said when addressing the Senate Committee on Transportation and Communications (TRCM). “This information is not strictly about the car; it can be associated with the car’s driver and occupants, and used to expose patterns or make inferences about those people for a number of purposes not all related to safe transportation.”

The connected car generally has various data collection and transmission capabilities, the Privacy Commissioner’s office points out. Telematics are the embedded sensors for used for navigation and traffic management; infotainment systems deliver data to the driver in the form of traffic alerts and weather forecasts, and streaming media services also connect with the car. Additional outbound data flows come from personal communication devices that can integrate with the vehicle’s own infrastructure.

In the face of all that data flowing in and out of a moving vehicle, the Privacy Commissioner asks, who is ultimately accountable for what? The connected car data chain extends from the manufacturer to the dealer to the telecom service provider to the auto mechanic to the insurance company to the licensing agencies to the driver and occupants, with potential stops in between for law enforcement and traffic management officials. Which company or public sector institution would the average driver contact if they have a privacy concern?

The concerns expressed by the Privacy Commissioner about a lack of accountability and responsibility for the flow of data extend to the user’s control over his or her own data: where’s the opt-in, opt-out button on tomorrow’s transport choices? How are users informed about data collection, use and possible disclosure to third-party partners, and do they have a real choice in providing consent or not to services not essential to the functioning of the car?

And just how will that car function anyway? There are few if any legal stipulations that require the open development, testing and deployment of connected cars. There are no legal requirements to vet the all-important software algorithms that help a smart car decide what to do if and when confronted by an unexpected or emergency traffic situation. What will the rules of the road be if those rules are determined by proprietary programming and a manufacturer’s “secret sauce”?

Who takes the driver’s test to operate a autonomous vehicle? Who holds the license, and who is ultimately responsible should something go wrong?

Legislators in countries around the world are trying to provide answers to such questions, but the road map is not clear on the best road forward:

A report from the Swedish Transport Agency [pdf] reads much like a rush hour traffic report – you just can’t get there right now: “As things stand at present, it is too early to determine what authorization requirements would be appropriate” for fully autonomous cars.

It’s a yellow caution light, at least.

-30-