U.S. driver privacy protection rules are not tough enough for Europe

Privacy protection guidelines agreed to last week in the U.S. won’t become a global template because they fall short of what is already required in Europe to keep driver data safe, a lawyer specializing on topic says.

BMW, Chrysler, Ford, GM, Honda, Hyundai-Kia, Mercedes-Benz, Nissan, Toyota and Volkswagen agreed on Nov. 12 to industrywide principles to handle consumer data and safeguard customer privacy.

The principles were crafted by the Alliance of Automobile Manufacturers and the Association of Global Automakers, two Washington, D.C., trade groups.

Stephan Appt, a Munich-based legal director at international law firm Pinsent Masons who advises automakers on issues such as data protection, says the U.S. guidelines are a step in the right direction, but they would face serious challenges from European data protection authorities.

One reason is that the principles state that data collection would be allowed for “reasonable business purposes,” a term that is much too vague.

Another trouble spot is the concept that consumers are giving implicit consent to allow data processing based their mere usage of vehicle technologies and services. This would not be recognized under European privacy standards, Appt says.

In addition, Appt says there are numerous broad definitions in the document, which makes sense since it was created by automakers, who are not going to govern themselves as strictly as a third party.

Appt says that the positive takeaway from the document is that it shows automakers are taking the issue of protecting driver data seriously enough to put aside their differences and collaborate.

He recommends that automakers in Europe show the same level of cooperation and that they involve data protection authorities in their discussions.

“That way,” he said, “there would be a greater degree of certainty they would not put themselves at risk of violating any of the laws in place.”