移動(dòng)目標(biāo)也可以形成汽車設(shè)計(jì)標(biāo)準(zhǔn)和規(guī)范��。目前��,在自動(dòng)駕駛領(lǐng)域,具體的正式規(guī)定和適用的新聯(lián)邦機(jī)動(dòng)車安全標(biāo)準(zhǔn)(Federal Motor Vehicle Safety Standards)仍處于缺失狀態(tài)�,業(yè)內(nèi)標(biāo)準(zhǔn)也未有定論,這一切都要求自動(dòng)駕駛汽車設(shè)計(jì)師時(shí)刻保持高度靈活。現(xiàn)階段����,汽車設(shè)計(jì)人員正在利用各種技術(shù)為車輛配備“生物識(shí)別”功能,但一個(gè)新問題也隨之產(chǎn)生了:生物特征隱私��。
自動(dòng)駕駛汽車將采集更多用戶生物特征數(shù)據(jù)
生物特征數(shù)據(jù)通常指與個(gè)人相關(guān)的任何醫(yī)學(xué)或生理數(shù)據(jù)�����,生物特征“標(biāo)識(shí)符”則指包括指紋�、面部、視網(wǎng)膜���、遺傳特征等一系列可用于追蹤并區(qū)別特定個(gè)體的獨(dú)特生理數(shù)據(jù)�。在汽車行業(yè)中�,生物特征標(biāo)識(shí)符業(yè)務(wù)可以帶來豐厚的利潤(rùn)。古德資訊(Goode Intelligence)預(yù)計(jì)���,到 2023 年�,汽車相關(guān)的生物特征標(biāo)識(shí)符業(yè)務(wù)的市場(chǎng)規(guī)?��?蛇_(dá) 9.69 億美元�����。
目前��,無人駕駛汽車設(shè)計(jì)的重點(diǎn)之一在于用戶體驗(yàn)����,因此車艙內(nèi)也成了生物特征數(shù)據(jù)收集的“重災(zāi)區(qū)”�,大量車內(nèi)應(yīng)用程序都會(huì)收集用戶的生物特征數(shù)據(jù),以下為幾個(gè)典型的例子:
聯(lián)邦法律下的保護(hù):是否適用��?
1996 年,《醫(yī)療電子信息交換法案》(Health Insurance Portability and Accountability Act)要求為“健康數(shù)據(jù)信息的電子交換��、隱私和安全”制定相關(guān)標(biāo)準(zhǔn)���。在此背景下��,《隱私條款》(Privacy Rule)正式發(fā)布���,受該規(guī)定限制的單位包括健康計(jì)劃、醫(yī)療信息交換所或傳送健康數(shù)據(jù)信息的醫(yī)療服務(wù)提供商等“承保單位”及其合作伙伴(即“商業(yè)伙伴”)�����。根據(jù)該條例�����,承保單位及其商業(yè)伙伴必須采取額外手段����,以保護(hù)收集、存儲(chǔ)或傳送的健康數(shù)據(jù)信息���。
《醫(yī)療電子信息交換法案》的規(guī)定是否適用“車輛收集生物特征數(shù)據(jù)和標(biāo)識(shí)符”的條款經(jīng)常引起混淆����。但事實(shí)上,除非車輛的數(shù)據(jù)收集過程涉及至少一家承包單位�,否則《醫(yī)療電子信息交換法案》和《隱私條款》均不適用。
瞬息萬變:各州出臺(tái)法律���,保護(hù)生物數(shù)據(jù)隱私
在綜合性聯(lián)邦生物數(shù)據(jù)隱私法缺失的情況下�����,各州紛紛出臺(tái)法律,保護(hù)生物數(shù)據(jù)隱私安全����。盡管,這些法規(guī)在保護(hù)范圍和涵蓋方面差別很大��,但仍有一個(gè)共同點(diǎn):即要求公司在收集用戶數(shù)據(jù)前必須告知該行為并獲得用戶許可���,同時(shí)允許用戶拒絕此等個(gè)人信息披露�,而且還獎(jiǎng)勵(lì)在數(shù)據(jù)加密時(shí)報(bào)告更簡(jiǎn)單明了的公司���。
目前�����,全美共有十六個(gè)州已將生物特征數(shù)據(jù)納入普通數(shù)據(jù)隱私法的保護(hù)范圍�,具體受到保護(hù)的生物特征種類包括:
最近,全美還有很多州正在尋求出臺(tái)專門的生物特征數(shù)據(jù)隱私法�,加強(qiáng)對(duì)生物特征數(shù)據(jù)的保護(hù)。迄今為止���,全美有七個(gè)州正在考慮出臺(tái)相關(guān)立法�,另有三個(gè)州已經(jīng)通過了立法����。
現(xiàn)階段,在全美多部州級(jí)生物特征數(shù)據(jù)隱私法中�,最全面的要數(shù) 2008 年通過伊利諾斯州生物隱私法案(BIPA)。為了保護(hù)基于生物特征數(shù)據(jù)的交易�����,BIPA 法案規(guī)定公司必須滿足以下要求:
遵循伊利諾斯州的模式��,得克薩斯州也通過了《生物特征標(biāo)識(shí)符的獲取或使用》法案(Captureor Use of Biometric Identifiers����,即 CUBI 法案),保護(hù)用戶的生物特征標(biāo)識(shí)符���,包括“視網(wǎng)膜掃描或虹膜掃描�、指紋�����、聲紋��、手部形狀和面部形狀等”�。根據(jù)CUBI 的規(guī)定�����,除非事前通知并征得同意��,公司不得出于商業(yè)目的獲取用戶的生物特征數(shù)據(jù)�。未經(jīng)事先同意,公司不得出售�、出租或披露采集的數(shù)據(jù)�。
接著���,華盛頓州也在 2017 年頒布了生物特征識(shí)別符法���,其適用范圍小于 BIPA 法,且規(guī)定了部分無需獲得用戶同意的情景(包括防止欺詐等)�����。事實(shí)上�,這三部法律的出臺(tái)均體現(xiàn)了一種新的趨勢(shì),即用戶生物特征數(shù)據(jù)的采集����、存儲(chǔ)和傳輸未來均將得到更嚴(yán)格的保護(hù)。
產(chǎn)品設(shè)計(jì):需考慮生物數(shù)據(jù)隱私問題
未來�,許多州將繼續(xù)增加更多需要特別保護(hù)的隱私數(shù)據(jù)類型,這勢(shì)必會(huì)給自動(dòng)駕駛或互聯(lián)系統(tǒng)的研發(fā)帶來限制�。因此,工程師在進(jìn)行設(shè)計(jì)工作時(shí)應(yīng)考慮以下因素:
-
加密:所有生物特征數(shù)據(jù)的傳輸和存儲(chǔ)均應(yīng)加密��,從而最大限度地降低潛在的法律風(fēng)險(xiǎn)
-
同意:系統(tǒng)采集數(shù)據(jù)前應(yīng)獲得用戶的同意(未成年用戶則應(yīng)獲得其父母或監(jiān)護(hù)人的同意)
-
知情:用戶有權(quán)充分了解生物統(tǒng)計(jì)數(shù)據(jù)采集的用途
-
公開數(shù)據(jù)保留政策:數(shù)據(jù)保留政策應(yīng)明示用戶
隨著美國(guó)各州紛紛加強(qiáng)對(duì)生物特征數(shù)據(jù)的保護(hù)��,相關(guān)國(guó)際隱私法規(guī)(包括歐盟的《通用數(shù)據(jù)保護(hù)條例》)初見成效,汽車設(shè)計(jì)人員在進(jìn)行設(shè)計(jì)工作時(shí)必須時(shí)刻謹(jǐn)記隱私問題����,隨時(shí)關(guān)注相關(guān)法規(guī)并根據(jù)規(guī)定及時(shí)增加專門措施,保護(hù)用戶生物特征數(shù)據(jù)安全�����,這點(diǎn)至關(guān)重要�����。
Automotive design standards and specifications can be moving targets. In the autonomous realm, the present lack of formal rulemaking and applicable new Federal Motor Vehicle Safety Standards, coupled with emerging industry standards, requires a designer to remain nimble. Building on these technologies to incorporate biometrics into vehicles, yet another moving target emerges: bioprivacy rights.
Autonomous vehicles will expand harvesting of biometric data
Biometric data generally refers to any medical or physiological data relating to a person. A biometric “identifier” offers the ability to trace unique physiological data to a specific individual and includes fingerprints, facial or retinal scans and genetic profiles. Biometric identifiers are lucrative targets for the automotive industry: Goode Intelligence projects the market for automotive-related biometric content may reach a value of $969 million by 2023.
As designers of driverless vehicles focus on the user experience (UX), the following applications become the data collectors for biometric identifiers:
-
Eyes on the road—a disengagement solution system: A potential solution to determine the driver’s ability to return to control after autonomous operation.
-
Personalization and safety: Driver-identification technology can use facial and iris scans, as well as voice and fingerprint tracking.
-
A healthy and entertaining UX: A touch of a holographic button or the shift of an eye could allow a user to access a personal cloud-based movie or music playlist.
Protection under federal law: is it applicable?
In 1996, the Health Insurance Portability and Accountability Act (HIPAA) required the creation of standards for the electronic exchange, privacy and security of health information. In response, the Privacy Rule was released and applied to covered entities (health plans, healthcare clearinghouses or healthcare providers that transmit health information) and their partners (known as business associates). Under the regulations, covered entities and business associates must take additional actions to protect health information they collect, store or transmit.
There often is confusion in the application of HIPAA to biometric data and identifiers collected by a vehicle. Unless that data is collected by or involves a covered entity, HIPAA and the Privacy Rule do not apply.
A fast-changing realm: state law expands protections for biometric identifiers
In the absence of comprehensive federal bioprivacy legislation, state data-protection laws have emerged. While varying widely in their protections and in what information is covered, these laws require notice before data is collected and the ability to opt-out of the use and disclosure of personal information—at the same time rewarding companies with less-burdensome reporting when the data is encrypted.
For biometric data, sixteen states have included biometric-privacy language in their general data-privacy laws. This specific language includes:
More recently, states have sought to enhance protections on biometric data by proposing specific biometric information privacy laws. To date, at least seven states have considered related legislation and three have passed laws.
The most comprehensive of these new bioprivacy laws is the Illinois Biometric Privacy Act (BIPA), passed in 2008. To protect biometric-facilitated transactions, BIPA requires companies to:
-
Make data-retention policies publicly available
-
Give notice and receive consent before obtaining biometric identifiers and biometric information
-
Refrain from selling biometric information to third parties
-
Refrain from disseminating biometric information without prior written consent, absent certain exceptions
-
Handle biometric information with reasonable care
Following the Illinois pattern, Texas passed the Capture or Use of Biometric Identifiers (CUBI) law, which protects biometric identifiers including “retina or iris scan, fingerprint, voiceprint, or record of hand or face geometry.” Under CUBI, a company may not capture biometric data for commercial purposes unless the individual is informed before the capture and provides consent. After the capture, a company may not sell, lease, or disclose the data without consent.
More recently, Washington enacted its Biometric Identifiers law in 2017. It is narrower than BIPA and acknowledges situations where consent is not required (including fraud prevention). These three laws hint at an emerging trend to render biometric data subject to heightened collection, storage and transmission protection standards.
Making important design decisions involving bioprivacy
Many states will continue to add to the types of data requiring additional protection and privacy considerations. In developing autonomous and/or connected systems that collect biometric data, engineers should take into consideration the following:
-
Encryption: biometric data should be transmitted and stored in an encrypted state to minimize potential legal risk
-
Consent: systems should provide an opportunity to obtain the consent of each individual that has data being collected and the consent of any parent or guardian for minors
-
Notice: individuals that are providing biometric data should have full knowledge of the uses that will occur
-
Transparency in data-retention policies: the data-retention policy for each system should be inconspicuously available
As states move to provide heightened protections and the impact is felt from related global privacy regulations—including the European Union’s General Data Protection Regulation (GDPR)—it is critical to emphasize privacy by design and to incorporate protections specific to bioprivacy. Engineers and designers must take note of these trends to incorporate the proper protections mandated by law, thereby leaving a privacy-oriented fingerprint on the design.
Author: Jennifer Dukarski
Source: Autonomous Vehicle Engineering
