In the first half of 2024 we held an online expert workshop focusing on the critical topic of privacy and security within connected vehicle ecosystems. The session explored general risks, regulatory frameworks, and practical and ethical considerations in vehicle data privacy. To boost participation we also used interactive Miro boards to gather further insights from the experts.

The participants highlighted that vehicle re-identification poses a significant privacy risk, especially with the aggregation of data from multiple sources. Concerns were raised about data misuse by both governmental and private entities, particularly in regions with weak data protection laws. The lifecycle of data, from collection to deletion, was identified as a major vulnerability, requiring stringent security measures at every stage. The increasing capabilities of AI were also highlighted when it comes to analysing datasets which can amplify these risks, making robust anonymisation and legislative clarity vital for mitigating potential breaches.

Discussions on regulations underscored their reactive nature, often lagging behind technological advancements. People emphasised the need for dynamic and agile frameworks, such as regulatory sandboxes and periodic updates. The participants pointed out international regulatory disparities, particularly between GDPR in Europe and post-Brexit UK laws, calling for more harmonised global standards to reduce compliance complexities. Successful collaboration models, like the C-Roads Platform, were highlighted, alongside the potential for AI to monitor regulatory compliance proactively. Clarity in data controllership roles was also deemed critical for managing shared data responsibly.

The workshop stressed the importance of transparency in data collection, usage, and benefits to build public trust. The participants advocated for user-friendly consent mechanisms and ethical data practices that exceed legal requirements. Governments and private companies should collaborate to implement robust security measures, conduct audits, and maintain accountability. Balancing the utility of connected vehicle data with privacy concerns remains a complex challenge, requiring careful regulation and ethical development to avoid collective detriment from misuse.

Continuous public education on data privacy was identified as a priority, empowering individuals to make informed decisions about their data. Cross-sector collaboration involving government, industry, academia, and civil society emerged as a crucial strategy for developing holistic solutions. The participants discussed accountability mechanisms, thereby emphasising both legal compliance and moral responsibility, supported by principles like privacy by design. Data ownership was another focal point, with consensus that individuals should have control over their data while acknowledging implementation challenges in complex ecosystems.