Revolutionizing Our Roadways: Data Privacy Considerations for Automated and Connected Vehicles

This report focuses on data privacy in the context of transportation, and not data privacy in general. Researchers found that there are different definitions of personally identifiable information (PII) in Texas as well as nationwide and internationally, and that this discrepancy could lead to confusion about which data are covered by law. The research revealed the following areas concerning PII and vehicular data privacy that Texas might address to prevent problems arising from new technologies in the near future: 1. There is not a consistent statutory definition of "personal identifying information"; Section 521.002 of the Texas Business and Commerce Code appears to be the most encompassing definition of PII in Texas. 2. The Adequacy of Data Anonymization as the basis for privacy protection of PII gathered by state agencies, for transportation or other uses, may need to be reconsidered. 3. Stakeholders are uncertain about who owns the data from vehicles. 4. There is a rush by stakeholders to monetize vehicular data from automated and connected vehicles. 5. State agencies have made few preparations to deal with the extremely large volume of vehicular data that experts predict will be produced by automated and connected vehicle technologies.