Last week, the Future of Privacy Forum filed written comments in response to the California Public Utilities Commission’s proposed decision authorizing pilot programs for passenger service in Autonomous Vehicles. The CPUC is a consumer protection agency that oversees, among other topics, provision of passenger service in the state. The proposed decision called for a number of criteria to be met by companies seeking to operate AV passenger service, including reporting of communications between passengers and remote operators of driverless AVs, as well as aggregated operations data. Opening comments by other parties called for even more data to be collected, including GPS information for pick-ups and drop-offs.
FPF filed comments focusing on three main topics: 1) Because the Commission cannot ensure that data will not be made public, it should minimize data collection and incorporate privacy safeguards; 2) Communication between passengers and remote operators could contain sensitive information, and the disclosure contemplated by the Commission could create serious privacy risks; and 3) Other opening comments’ requests for additional service data raise additional, significant privacy and security concerns. Some of these points echo our prior letter to the New York Taxi and Limousine Commission regarding privacy risks of sensitive geolocation and other consumer data).