24 October – 5 November 2024
In the last quarter of 2024, the TIARA project held several online expert workshops focusing on C-ITS PKI, ITS ethical and transparent data communication, and privacy within connected vehicle ecosystems. Any additional feedback related to the workshops content is welcome via https://aesin.org.uk/tiara/tiara-contact-us/.
The PKI workshops covered two main sections: technical aspects and practical implications. In the technical aspects section, there was a discussion on the differences between X509 and 1609.2 certificates. Participants discussed managing traffic data without handling personal data, to avoid GDPR conflicts. Technical challenges, such as using 1609 with TLS, were highlighted, noting the need for road authorities to understand their roles without delving into technical details. The practical implications section focused on the real-world application and impact of these certificates on road operators. It was stressed that road operators need to be aware of PKI and EU CCMS requirements, and include these in procurement to ensure that the equipment they procure meets at least level 1. The roles of road operators, especially regarding emergency vehicle warnings, were discussed. Only emergency vehicles should be able to send emergency vehicle warnings. Road operators do not necessarily need to know permissions solutions, but do need confidence that relevant permissions are correctly distributed and authorised. The workshop concluded that the decision on security requirements and certificates should be made by EU CCMS, not road operators, with non-compliance resulting in exclusion from ECTL (EU CCMS).
The Legal and ethical workshops were divided into two sections covering the traffic information value chain (Figure 1): content and service. The content part covered communication and dissemination of road operator data content to users. The service part dealt with the development and provision of ITS and C-ITS services to road users. Both sections included related discussion of ethical questions and the ethical issues possibly identified. Major themes included, for example, ethical responsibility of road operators and user protection; communication and dissemination transparency and language for non-technical users; education of users about services and development standards, as well as high requirement of user interaction while developing the services. Also, legal requirements and the road operator’s role were discussed, as well as business models when developing ITS/C-ITS services, e.g. safety-related services.
Figure 1 Traffic Information Value Chain. (EU EIP 2022)
With regards to privacy aspects workshops, participants highlighted the importance of balancing robust security with user privacy, emphasising the need for transparent data management and compliance with regulations such as GDPR. Discussions also underscored the ethical considerations of connected vehicle systems, such as ensuring informed consent and preventing misuse of data. Another major theme was the technical and operational challenges associated with integrating privacy-preserving technologies. Experts shared insights on the limitations of existing systems, including their vulnerability to cyberattacks and the complexity of implementing advanced cryptographic techniques. Recommendations included fostering collaboration between automakers, technology providers, and policymakers to establish standardised frameworks for data protection and interoperability. Finally, the participants stressed the importance of user-centric design and communication to build trust in connected vehicle systems. This included clearly communicating privacy policies, offering granular control over data sharing preferences, and engaging with end users to address their concerns. In conclusion, the experts expressed their interest for further research and multi-stakeholder cooperation to align technological innovation with ethical and regulatory expectations.
