移动目标也可以形成汽车设计标准和规范。目前,在自动驾驶领域,具体的正式规定和适用的新联邦机动车安全标准(Federal Motor Vehicle Safety Standards)仍处于缺失状态,业内标准也未有定论,这一切都要求自动驾驶汽车设计师时刻保持高度灵活。现阶段,汽车设计人员正在利用各种技术为车辆配备“生物识别”功能,但一个新问题也随之产生了:生物特征隐私。
自动驾驶汽车将采集更多用户生物特征数据
生物特征数据通常指与个人相关的任何医学或生理数据,生物特征“标识符”则指包括指纹、面部、视网膜、遗传特征等一系列可用于追踪并区别特定个体的独特生理数据。在汽车行业中,生物特征标识符业务可以带来丰厚的利润。古德资讯(Goode Intelligence)预计,到 2023 年,汽车相关的生物特征标识符业务的市场规模可达 9.69 亿美元。
目前,无人驾驶汽车设计的重点之一在于用户体验,因此车舱内也成了生物特征数据收集的“重灾区”,大量车内应用程序都会收集用户的生物特征数据,以下为几个典型的例子:
-
“注意看路”(Eyes on the road)— 该解决方案可监测驾驶员的专注程度,进而判断其是否有能力从自动驾驶汽车系统处重新接管车辆。
-
个性化和安全性:该技术可以通过面部扫描、虹膜扫描、语音识别和指纹跟踪等手段,确认驾驶员的身份。
-
优化用户体验:该系统允许驾驶员通过触摸全息按钮或转移目光等方式,访问个人基于云的电影或音乐播放列表。
联邦法律下的保护:是否适用?
1996 年,《医疗电子信息交换法案》(Health Insurance Portability and Accountability Act)要求为“健康数据信息的电子交换、隐私和安全”制定相关标准。在此背景下,《隐私条款》(Privacy Rule)正式发布,受该规定限制的单位包括健康计划、医疗信息交换所或传送健康数据信息的医疗服务提供商等“承保单位”及其合作伙伴(即“商业伙伴”)。根据该条例,承保单位及其商业伙伴必须采取额外手段,以保护收集、存储或传送的健康数据信息。
《医疗电子信息交换法案》的规定是否适用“车辆收集生物特征数据和标识符”的条款经常引起混淆。但事实上,除非车辆的数据收集过程涉及至少一家承包单位,否则《医疗电子信息交换法案》和《隐私条款》均不适用。
瞬息万变:各州出台法律,保护生物数据隐私
在综合性联邦生物数据隐私法缺失的情况下,各州纷纷出台法律,保护生物数据隐私安全。尽管,这些法规在保护范围和涵盖方面差别很大,但仍有一个共同点:即要求公司在收集用户数据前必须告知该行为并获得用户许可,同时允许用户拒绝此等个人信息披露,而且还奖励在数据加密时报告更简单明了的公司。
目前,全美共有十六个州已将生物特征数据纳入普通数据隐私法的保护范围,具体受到保护的生物特征种类包括:
最近,全美还有很多州正在寻求出台专门的生物特征数据隐私法,加强对生物特征数据的保护。迄今为止,全美有七个州正在考虑出台相关立法,另有三个州已经通过了立法。
现阶段,在全美多部州级生物特征数据隐私法中,最全面的要数 2008 年通过伊利诺斯州生物隐私法案(BIPA)。为了保护基于生物特征数据的交易,BIPA 法案规定公司必须满足以下要求:
-
公开数据保留政策
-
在获取用户生物特征识别符和生物特征信息之前进行告知并获得用户同意
-
不得向第三方出售用户生物特征信息
-
未经书面许可,除特定例外情况之外,不得传送用户的生物特征信息
-
谨慎处理用户的生物特征信息
遵循伊利诺斯州的模式,得克萨斯州也通过了《生物特征标识符的获取或使用》法案(Captureor Use of Biometric Identifiers,即 CUBI 法案),保护用户的生物特征标识符,包括“视网膜扫描或虹膜扫描、指纹、声纹、手部形状和面部形状等”。根据CUBI 的规定,除非事前通知并征得同意,公司不得出于商业目的获取用户的生物特征数据。未经事先同意,公司不得出售、出租或披露采集的数据。
接着,华盛顿州也在 2017 年颁布了生物特征识别符法,其适用范围小于 BIPA 法,且规定了部分无需获得用户同意的情景(包括防止欺诈等)。事实上,这三部法律的出台均体现了一种新的趋势,即用户生物特征数据的采集、存储和传输未来均将得到更严格的保护。
产品设计:需考虑生物数据隐私问题
未来,许多州将继续增加更多需要特别保护的隐私数据类型,这势必会给自动驾驶或互联系统的研发带来限制。因此,工程师在进行设计工作时应考虑以下因素:
-
加密:所有生物特征数据的传输和存储均应加密,从而最大限度地降低潜在的法律风险
-
同意:系统采集数据前应获得用户的同意(未成年用户则应获得其父母或监护人的同意)
-
知情:用户有权充分了解生物统计数据采集的用途
-
公开数据保留政策:数据保留政策应明示用户
随着美国各州纷纷加强对生物特征数据的保护,相关国际隐私法规(包括欧盟的《通用数据保护条例》)初见成效,汽车设计人员在进行设计工作时必须时刻谨记隐私问题,随时关注相关法规并根据规定及时增加专门措施,保护用户生物特征数据安全,这点至关重要。
Automotive design standards and specifications can be moving targets. In the autonomous realm, the present lack of formal rulemaking and applicable new Federal Motor Vehicle Safety Standards, coupled with emerging industry standards, requires a designer to remain nimble. Building on these technologies to incorporate biometrics into vehicles, yet another moving target emerges: bioprivacy rights.
Autonomous vehicles will expand harvesting of biometric data
Biometric data generally refers to any medical or physiological data relating to a person. A biometric “identifier” offers the ability to trace unique physiological data to a specific individual and includes fingerprints, facial or retinal scans and genetic profiles. Biometric identifiers are lucrative targets for the automotive industry: Goode Intelligence projects the market for automotive-related biometric content may reach a value of $969 million by 2023.
As designers of driverless vehicles focus on the user experience (UX), the following applications become the data collectors for biometric identifiers:
-
Eyes on the road—a disengagement solution system: A potential solution to determine the driver’s ability to return to control after autonomous operation.
-
Personalization and safety: Driver-identification technology can use facial and iris scans, as well as voice and fingerprint tracking.
-
A healthy and entertaining UX: A touch of a holographic button or the shift of an eye could allow a user to access a personal cloud-based movie or music playlist.
Protection under federal law: is it applicable?
In 1996, the Health Insurance Portability and Accountability Act (HIPAA) required the creation of standards for the electronic exchange, privacy and security of health information. In response, the Privacy Rule was released and applied to covered entities (health plans, healthcare clearinghouses or healthcare providers that transmit health information) and their partners (known as business associates). Under the regulations, covered entities and business associates must take additional actions to protect health information they collect, store or transmit.
There often is confusion in the application of HIPAA to biometric data and identifiers collected by a vehicle. Unless that data is collected by or involves a covered entity, HIPAA and the Privacy Rule do not apply.
A fast-changing realm: state law expands protections for biometric identifiers
In the absence of comprehensive federal bioprivacy legislation, state data-protection laws have emerged. While varying widely in their protections and in what information is covered, these laws require notice before data is collected and the ability to opt-out of the use and disclosure of personal information—at the same time rewarding companies with less-burdensome reporting when the data is encrypted.
For biometric data, sixteen states have included biometric-privacy language in their general data-privacy laws. This specific language includes:
More recently, states have sought to enhance protections on biometric data by proposing specific biometric information privacy laws. To date, at least seven states have considered related legislation and three have passed laws.
The most comprehensive of these new bioprivacy laws is the Illinois Biometric Privacy Act (BIPA), passed in 2008. To protect biometric-facilitated transactions, BIPA requires companies to:
-
Make data-retention policies publicly available
-
Give notice and receive consent before obtaining biometric identifiers and biometric information
-
Refrain from selling biometric information to third parties
-
Refrain from disseminating biometric information without prior written consent, absent certain exceptions
-
Handle biometric information with reasonable care
Following the Illinois pattern, Texas passed the Capture or Use of Biometric Identifiers (CUBI) law, which protects biometric identifiers including “retina or iris scan, fingerprint, voiceprint, or record of hand or face geometry.” Under CUBI, a company may not capture biometric data for commercial purposes unless the individual is informed before the capture and provides consent. After the capture, a company may not sell, lease, or disclose the data without consent.
More recently, Washington enacted its Biometric Identifiers law in 2017. It is narrower than BIPA and acknowledges situations where consent is not required (including fraud prevention). These three laws hint at an emerging trend to render biometric data subject to heightened collection, storage and transmission protection standards.
Making important design decisions involving bioprivacy
Many states will continue to add to the types of data requiring additional protection and privacy considerations. In developing autonomous and/or connected systems that collect biometric data, engineers should take into consideration the following:
-
Encryption: biometric data should be transmitted and stored in an encrypted state to minimize potential legal risk
-
Consent: systems should provide an opportunity to obtain the consent of each individual that has data being collected and the consent of any parent or guardian for minors
-
Notice: individuals that are providing biometric data should have full knowledge of the uses that will occur
-
Transparency in data-retention policies: the data-retention policy for each system should be inconspicuously available
As states move to provide heightened protections and the impact is felt from related global privacy regulations—including the European Union’s General Data Protection Regulation (GDPR)—it is critical to emphasize privacy by design and to incorporate protections specific to bioprivacy. Engineers and designers must take note of these trends to incorporate the proper protections mandated by law, thereby leaving a privacy-oriented fingerprint on the design.
Author: Jennifer Dukarski
Source: Autonomous Vehicle Engineering
等级
打分
- 2分
- 4分
- 6分
- 8分
- 10分
平均分