Alliance of Automobile Manufacturers Inc. & Association of Global Automakers, Consumer Privacy Protection Principles for Vehicle Technologies and Services (2014) (full-text).
The Principles reflect a major step in the protection of personal information collected through in–car technologies. The Principles mark the first industry–wide statement of privacy principles showing a commitment to responsible stewardship of the information used to provide vehicle technologies and services. Sensitive information, like geolocation information and driver behavior information receives heightened protections.
The Principles reflect the reality that automobiles increasingly have innovative technologies and services designed to enhance vehicle safety, improve vehicle performance, and augment the driving experience, and that many of these technologies and services rely upon information collected from vehicle systems. Sometimes, that information includes the precise location information of vehicles, or information about how drivers operate their vehicles. This information, which is critical to safety and the driving experience, deserves protection.
The Principles establish a framework that automakers and other participants in the automotive industry may choose to adopt when offering innovative vehicle technologies and services. These Principles are based on the Fair Information Practice Principles ("FIPPs"), which have served for over forty years as the basis for privacy frameworks in the United States and around the world.
The Principles are:
- i) Transparency: Participating Members commit to providing Owners and Registered Users with ready access to clear, meaningful notices about the Participating Member's collection, use, and sharing of Covered Information.
- ii) Choice: Participating Members commit to offering Owners and Registered Users with certain choices regarding the collection, use, and sharing of Covered Information.
- iii) Respect for Context: Participating Members commit to using and sharing Covered Information in ways that are consistent with the context in which the Covered Information was collected, taking account of the likely impact on Owners and Registered Users.
- iv) Data Minimization, De-Identification & Retention: Participating Members commit to collecting Covered Information only as needed for legitimate business purposes. Participating Members commit to retaining Covered Information no longer than they determine necessary for legitimate business purposes.
- v) Data Security: Participating Members commit to implementing reasonable measures to protect Covered Information against unauthorized access or use.
- vi) Integrity & Access: Participating Members commit to implementing reasonable measures to maintain the accuracy of Covered Information and commit to offering Owners and Registered Users reasonable means to review and correct Personal Subscription Information that they provide during the subscription or registration process for Vehicle Technologies and Services.
- vii) Accountability: Participating Members commit to taking reasonable steps to ensure that they and other entities that receive Covered Information adhere to the Principles.