Autonomous vehicles (AVs) are rapidly evolving from “computers on wheels” to “data centers on wheels.” Robotaxis and advanced driver assistance systems now rely on multimodal AI models and driver-facing assistants that continuously collect and retain sensitive data – from passenger identities and behaviors to detailed location traces – distributed across vehicle, edge, and cloud components. This creates new opportunities for mobility, but also raises urgent privacy concerns: How can users meaningfully control their data? How can deletion requests be enforced across distributed AI pipelines?

The stakes are high. Regulatory momentum is accelerating, with the EU AI Act set to impose strict obligations on high-risk AI systems from 2026, alongside longstanding mandates such as GDPR’s “privacy by design.” Yet deployed systems still offer only superficial compliance, often limited to basic consent mechanisms.

Privacy-Enhancing Technologies (PETs) are powerful tools designed to safeguard data. However, effectively integrating PETs into complex, safety-critical systems like autonomous vehicles remains a significant unsolved challenge. Currently, developers and engineers lack the principled methodologies needed to guide the selection, configuration, and deployment of PETs that balance privacy, safety, performance, and usability.

This Dagstuhl Seminar will bring together experts from privacy engineering, autonomous systems, usability, and regulation to address this challenge. With a special focus on robotaxi scenarios – where data must be shared among diverse stakeholders – we will work to bridge the gap between high-level privacy principles and the practical realities of PET deployment.

This seminar will address the following key challenges of PETs integration:

• Limits of PETs in AVs: Many PETs were not designed for cyber-physical systems and may conflict with operational needs (e.g., location obfuscation versus mobility requirements).
• Architecture-driven integration: AVs rely on heterogeneous, distributed infrastructures (edge, cloud, V2X) that complicate PET integration and create combined effects when multiple PETs are deployed.
• Regulatory and ethical alignment: PETs must map to requirements of frameworks like GDPR and the EU AI Act, yet compliance pathways are often vague or favor documentation and consent over technical safeguards.
• Lifecycle and usability: PETs must remain effective across the entire AV lifecycle – from design to updates to decommissioning – while staying usable and understandable for non- expert users.
• Data collection and sharing: AVs gather data for safety, personalization, diagnostics, and third-party services, raising tensions between utility and privacy and risks of unintended data reuse or surveillance.

The seminar will focus on three closely connected challenges. One is how to translate broad privacy goals (such as unlikability or data minimization) into concrete technical requirements and selection criteria for PETs that fit the complex architectures of autonomous vehicles. Another is how to create frameworks that help engineers weigh difficult trade-offs, balancing privacy with safety, performance, usability, and implementation costs in high-assurance systems. A third is how to take the full lifecycle of autonomous vehicles into account, ensuring that PET methodologies remain effective from design to decommissioning, while also reflecting the needs of all stakeholders, including users, developers, operators, and regulators.

By grounding these questions in real-world applications (particularly robotaxi fleets) we aim to generate actionable insights and foundational principles for PET integration. Through cross- disciplinary collaboration, this seminar will lay the groundwork for privacy-respecting autonomous transportation systems that are both technically rigorous and socially acceptable.

Creative Commons BY 4.0

David Balenson, Christoph Bösch, Stefan Katzenbeisser, and Sebastian Pape