Uduak Ekott is a Nigerian lawyer and a recognized cyber security and data privacy expert currently working in the Data Privacy and Identity Theft Unit at the Office of the Indiana Attorney General. He holds a Master of Laws (LLM) with a specialization in Information Privacy and Cyber security from Indiana University Maurer School of Law and is a member of the International Association of Privacy Professionals (IAPP), holding CIPP/US certification and several other cyber security certifications. Uduak has written extensively about cyber security and data privacy, particularly focusing on regulatory responses to the risks posed by emerging technologies. In a recent discussion, he shared insights on his research alongside fellow cyber security experts Attamongkol Tantratian and Zhe (C.Z.) Che from the Maurer Global Forum, a research platform of Indiana University Maurer School of Law, that fosters interdisciplinary dialogue on critical issues at the intersection of law and technology.
In this interview, he shares insights on the issue of connected vehicles and its data privacy concerns, explaining that the vehicles raises security questions whether to individuals, groups,, or government alike, and thus compromising national security in the process.
Excerpts:
Let’s start with the basics. What are connected vehicles, and why are they raising privacy concerns?
Uduak: It is my pleasure and great to be here. Connected vehicles are essentially “smartphones on wheels.” They are equipped with technologies that allow access to information via the internet or wireless connectivity. These systems allow for a range of functions, including navigation, infotainment, safety enhancements, remote operations, and data sharing. For example, most modern vehicles with infotainment systems use a large display screen to control nearly every aspect of the vehicle, from autopilot to entertainment features. Connected car systems enhance the driving experience that one can enjoy by providing real-time traffic updates, personalized route suggestions, and advanced safety features like collision avoidance, while also offering convenience through remote vehicle monitoring and access to in-car entertainment.
Its continuous growth is massive as currently 97% of vehicles globally are equipped with smart screens. By 2025, it is projected that there will be over 400 million connected vehicles in operation globally. However, these vehicles collect vast amounts of sensitive data about drivers and passengers, including personal and biometric information, location data, and even details from connected smartphones. This extensive data collection raises significant privacy concerns, as compromising these systems could reveal sensitive information such as financial account details, communication records, and location data, while also enabling malicious remote access to vehicle controls.
Considering your impressive background, how has your expertise shaped your view on the challenges posed by connected vehicles and data sovereignty, especially in regions like Africa?
Uduak: My background as a legal practitioner, a cyber security and data privacy expert has given me a detailed understanding of how emerging technologies, such as connected vehicles interplay with issues of privacy, sovereignty, and regulation. These experiences have allowed me to engage with domestic and international perspectives on data projection and digital sovereignty.
The challenges posed by connected vehicles are particularly prominent in growing economies like Africa and the Global South, where the dominance of foreign technology providers and limited local infrastructure complicate efforts to maintain control over citizens’ data. This brings us to the concept of data sovereignty, which refers to the handling and control of data in accordance with a country’s legal frameworks, cultural norms, and laws, including those governing data protection, competition, and national security. Data sovereignty often involves ensuring that countries retain control over their residents’ and government data. Consequently, relevant policies may include conditions on data transfers and restrictions on reliance on foreign technology that could result in sensitive data being stored overseas.
How are governments and regulatory bodies responding to these privacy concerns?
Uduak: Governments and regulatory bodies are taking notice. For instance, the U.S. Federal Trade Commission (FTC) has stated that it will take action against companies that unlawfully collect and use connected car data. The FTC has also amended rules to strengthen consumer data protections for non-banking financial institutions like car dealers. The California Privacy Protection Agency (CPPA) has also indicated that it will review the privacy practices of connected vehicles and related technologies. In Africa, several countries have implemented data protection laws. Nigeria, for example, has enacted the 2023 Nigeria Data Protection Act, which ensures fair, lawful, and transparent data processing, with a strong focus on data subjects’ rights.
What unique challenges do countries in the Global South, particularly in Africa, face when it comes to connected vehicles and data sovereignty?
Uduak: Countries in the Global South, especially in Africa, face significant challenges due to a lack of locally developed digital technologies. This is compounded by the dominance of foreign companies in the cloud computing market and the storage of data on servers outside the continent. These factors can make it difficult for these nations to maintain control over their citizens’ data and ensure digital sovereignty.
How are African countries in particular addressing these challenges?
Uduak: The African Union (AU) is taking steps to address these issues. They have emphasized that Member States should implement policies ensuring data subjects have control over their personal data. The AU is also exploring new ownership frameworks, such as data trusts and stewardships, which offer alternatives to the traditional individual rights model. Additionally, individual countries are taking action. Nigeria, for instance, has reinforced its data localization laws, requiring all government data to be hosted within the country. Kenya and South Africa have also implemented GDPR-like data protection laws that would apply to personal data collected by connected vehicles.
What potential solutions do you see for African countries to maintain data sovereignty while still benefiting from technological advancements?
Uduak: A shared approach to data governance could be beneficial for African countries. By uniting data protection strategies, African nations could create a distinctly African approach to digital sovereignty. This could help them maintain data sovereignty while simultaneously benefiting from cross-border data sharing. Africa’s vast untapped market and young population position the continent to potentially become a key influencer in shaping global digital sovereignty principles. This unified approach could also help address common challenges and potentially attract more investment in the region’s digital infrastructure.
What advice would you give to individuals to protect their privacy when using connected vehicles?
Uduak: To enhance privacy and security in connected vehicles, individuals should start by familiarizing themselves with their vehicle’s connectivity features and reviewing the privacy policy. It is essential to manage privacy settings to limit data collection, use strong authentication methods, and keep software updated for the latest security patches. Additionally, they should be cautious with third-party apps and permissions given to such apps. These tips can further reduce privacy risks while still allowing consumers to enjoy the benefits of connected vehicle technology.
As a whole, it is crucial that we continue to discuss and address these challenges as technology advances, ensuring that innovation doesn’t come at the cost of privacy and sovereignty.