Automated and autonomous vehicles (AVs) may be the greatest disruptive innovation to travel that we have experienced in a century. Their development coincides with the appearance of connected vehicles. To achieve their goals, connected and automated vehicles require extensive data and machine learning algorithms processing data from local sensors and received from other cars and road-side infrastructure for their decision-making. Specifically, we are seeing the emergence of vehicles that feature an impressive array of sensors and on-board decision-making units capable of coping with an unprecedented amount of data.

While privacy for connected vehicles has been considered for many years, AV technology is still in its infancy and the privacy and data protection aspects for AV are not well addressed. The capabilities of AVs pose new challenges to privacy protection, given the large sensor arrays of AVs that collect data in public spaces. The massive introduction of sensors and AI technology into automated and autonomous vehicles opens substantial new privacy and data protection problems, both from the technology research perspective as well as the ethical, legal and policy perspective, which still need to be phrased clearly, elaborated on and resolved. We discussed a variety of challenges in a first – and just virtual – seminar in early 2022 (Dagstuhl Seminar 22042) and will now take the next step.

The objective of this Dagstuhl Seminar is to produce a research roadmap to address the major road-blocks that the experts see in making progress on the way to deployment of privacy protection in Automated and Self-Driving Vehicles. We will mainly build upon the output of Dagstuhl Seminar 22042, where the following main challenges were identified:

• The first challenge is that of ethics and responsible behavior of companies and other actors that collect and process personal data in such systems. This goes beyond mere regulatory compliance but was seen as a promising path to complement this minimal baseline. Further discussions are required to identify ways to encourage such practices.
• The second challenge is how such regulation needs to evolve for future cooperative, connected, and automated mobility (CCAM) systems in order to establish a stable baseline. A challenge here will be to identify to what extent sector-specific regulation will be needed to address specifics of CCAM and if regulation of future systems is reasonable and possible.
• A third challenge is that of a commercial viewpoint. Industry has to meet many important and sometimes maybe even conflicting goals like privacy and safety. Understanding and narrowing these trade-offs while acknowledging that industry has many such constraints that limit its flexibility requires further investigation.
• Last but not least, we see the strong progress in the privacy-enhancing technology (PET) as a promising path towards resolving many of the above-mentioned problems, but still important technical challenges remain. One such technical challenge is how to converge privacy protection with safety, based on the strict requirements of computational efficiency and time constraints. Furthermore, several entities that belong to different trust domains must interact with each other to exchange privacy sensitive data in order to enable safety-critical collaborative services, which opens up the question of building the required level of trust into received data and the functions that rely on this data.

Creative Commons BY 4.0

Frank Kargl, Ioannis Krontiris, Jason Millar, and André Weimerskirch