Page 35 - Use cases and requirements for the vehicular multimedia networks - Focus Group on Vehicular Multimedia (FG-VM)
P. 35
Countries and states have started to regulate connected vehicles or release broad privacy regulations.
Among them:
– The US Department of Transport requires, among other things, that connected vehicle safety
applications messages shall not contain any personally identifying information (PII).
[DoT PII-1]
– In Europe, the general data privacy regulation (GDPR) came into effect in May 2018 and
requires, among other things, that only the minimum necessary personal information are
collected, consent shall be obtained in a clear manner, collected data shall be accessible by
the user and data shall be deleted when no longer relevant or when consent is withdrawn
[DoT PII-2]
– In China, the Cybersecurity Law of the People's Republic of China came into effect in June
2017 and requires that network operators collecting and using personal information shall
abide by the principles of legality, propriety, and necessity. Besides, a guideline for Internet
personal information security protection is being formulated to ensure that the rights of data
subjects are not to be violated.
Further, the following scenario should be envisaged:
– The vehicle is owned by the user of the VMS
– The VMS may be temporarily used by different individuals (driver or passenger) of the
vehicle, for instance in a family, shared car, rental car, or taxi model.
– The personalization of a VMS may be provided by a centralized service provider.
In network communication protocols, at various layers identifiers are used to identify software and
hardware (e.g., IP address, MAC address, E.164 ''phone number'', etc.). Some of these identifiers
constitute PII in some instances, and protocol designers in the past did not always take this into
account. In the design of systems and protocols today, there needs to be intentional separation of PII
identities (e.g., username, email address [IETF email] and [ITU-T E.164]) and non-PII identities
(e.g., IP address, MAC address, etc.) used at various layers in the communication stack.
Further, user's privacy and PII (such as viewing history, history of interactions, profiles and
preferences) needs also to be protected in interactive broadcasting system, both at the broadcast
receiver (e.g., the VMS or VMS application), on the interactive link and at the service provider level
as highlighted in [ITU-R BT.2052].
From the above it becomes apparent that VMNS needs to allow for different use cases under different
regulatory requirements. The high-level privacy requirements in clause 9.2 are proposed:
9.2 General privacy requirements
R1: The VMN and VMS shall be designed to allow for its use under different privacy regulatory
environments.
R2: The VMN and VMS shall prevent network-layer identifiers (such as MAC address) to be used as
personally identifying information.
R3: The VMS shall protect any permanent hardware identifiers and only allow access for
authentication purposes.
R4: In addition to the specified requirements for in-vehicle entertainment and multimedia systems, it
is required that users' (driver, passengers) privacy be protected, and that private conversations not be
directed to the voice-recognition system, be protected and that un-authorized sharing of such
conversations be hindered.
R5: Consideration should be given to the case where the voice recognition system is in-vehicle or is
cloud-based.
R6: The VMS should have the capability to wipe personal data transferred through the mobile device
connected to the VMS in order to respect privacy of personal data.
FGVM-01R1 (2019) 25
