PECSo: A Privacy Enhancing Framework for Applications in the Automotive Domain

With the advancement of technology in the landscape of automotive, individuals’ control over their personal data is increasingly at risk. Modern cars, equipped with a myriad of sensors and network capabilities, continuously collect vast amounts of data - from driver behaviour and media consumption to precise geolocation tracking. While these innovations enhance the driving experience and vehicle functionality, they also introduce significant privacy risks. The Privacy Enrooted Car Systems (PECS) project was developed to address these concerns by embedding robust privacy safeguards directly into automotive systems. By adopting a proactive approach to data protection, privacy, and cybersecurity, the PECS project aims to deliver a secure and privacy-focused driving environment. In this contribution we delve into the PECSo module of PECS, a framework to provide individuals with the capability to obfuscate their personal data collected by cars before sharing it with third parties, thus ensuring data protection right from the outset. To allow this, PECSo defines three tiers of compliance that impose progressively stricter adherence to PECS specifications. Prescriptions include implementing Privacy Enhancing Technologies (PETs) to safeguard personal data, receiving user-defined privacy policy from another PECS component, and segregation of duties between the application interface and the PET application. We demonstrate the practicality of this framework through two application prototypes tested on a real vehicle, featuring Secure Multi-Party Computation and Federated Learning as PETs to protect data privacy.