AUTOPSY: A Framework for Tackling Privacy Challenges in the Automotive Industry

TL;DR

The paper introduces AUTOPSY, a comprehensive framework with tools and models to enhance privacy in connected vehicles, addressing GDPR compliance and privacy engineering challenges in the automotive industry.

Contribution

It presents a system model, privacy manager, PET selection approach, and architectural framework specifically designed for automotive privacy protection.

Findings

Developed a system model to identify privacy-relevant entities and locations.

Created a privacy manager for better data flow control.

Built a demonstrator for location-based services to evaluate the framework.

Abstract

With the General Data Protection Regulation (GDPR) in place, all domains have to ensure compliance with privacy legislation. However, compliance does not necessarily result in a privacy-friendly system as for example getting users' consent to process their data does not improve the privacy-friendliness of the system. Therefore, the goal of the AUTOPSY project was to support the privacy engineering process in the automotive domain by providing several building blocks which technically improve the privacy-friendliness of modern, i.e., connected and (partially) automated vehicles. This paper presents the results of the AUTOPSY project: a system model to identify relevant entities and locations to apply privacy enhancing technologies (PETs); the privacy manager aiming at more control of the data flow from the vehicle, a PET selection approach based on GDPR principles, and an architectural framework for automotive privacy. Furthermore, we built a demonstrator for location-based services to evaluate the architectural framework.