Autonomous vehicles (AVs), including self-driving cars, hold the promise of revolutionizing the way we experience transportation. Original equipment manufacturers of AVs and AV components (AV OEMs), and primary suppliers of AV parts and systems (Tier 1 Suppliers), have benefited from the enthusiasm for this emerging technology. However, the data AVs are capable of collecting may be more valuable than the technology used to operate the AVs and their equipment.

Data evolutions in other consumer goods stand as models for the AV market. Take for example the mobile phone, a device that transformed from a convenient way to stay in touch to the curators of our digital lives, often facilitating the derivation of data and profiles from our communications, digital activities and physical presence using geolocation. AVs will likely evolve into similar mobile platforms capable of collecting robust consumer data from a slightly different perspective. However, AVs also present a unique opportunity to collect valuable data that is more difficult to collect with present day mobile platforms¾extensive details about the physical environment in which individuals interact and offline, real-world observations of the habits and behaviors of AV users and bystanders. This means that AVs could be capable of not only identifying an individual's proximity to a physical object or another person, much like mobile phones do with geolocation and cell signals today, but also of potentially identifying an individual's level of engagement and interest in the physical objects and persons nearby.

AV OEMs and Tier 1 Suppliers willing and able to build unique data collection and use opportunities into their AV parts and components are likely to realize stronger valuations due to the market interest in big data. To do this, companies must be prepared for the ever-increasing web of privacy and data security laws that could disrupt data collection and use practices and have a detrimental impact on an AV company's bottom line.

1. Opportunities to Leverage Big Data

The success of AVs will largely be determined by their ability to collect, process, and execute upon an unprecedented volume of data. Experts are predicting this volume of data may surpass most processing activities carried out today, including a 2016 report by Intel estimating that AVs will generate approximately 4 terabytes of data per day.

Some of this data will remain "essential data," or data that is needed for the AV to operate safely and effectively (e.g., GPS and camera data used to keep AVs on the road). Due inherent safety risks of automotive transportation, essential data is likely to evolve well beyond mere calculations of speed, distance and road condition to a state where AVs have a heightened awareness of their surroundings closer to artificial consciousness. An advanced ability to track objects in the environment, analyze human behavior and predict others action could prevent tragedies only anticipated by knowing that behind every bouncing ball is a running child.

However, these advanced technologies also create an opportunity for AVs to increasingly collect and process "non-essential data"—data not needed for safe and effective AV operation—or develop non-essential use cases for essential data. Technologies used to authenticate passenger identity or anticipate when a bystander may step into a street could in turn be used to develop personalized passenger and bystander experiences even more advanced than online behavioral advertising used across websites today.

As a result, companies are developing unique ways of using these combined sets of essential and non-essential data to differentiate themselves in the AV market, as well as to create additional cash flows relating to the sale and operation of AVs. A few examples of how a company may use AV data to generate revenue or cost savings include:

• Improving efficiency and performance of AVs by analyzing passenger characteristics and trends, including predicting when a passenger will need transportation, the type of vehicle needed for the trip and the impact of the passenger's needs on ride time and fuel efficiency using factors such as passenger size and luggage amount.
• Creating personalized passenger AV experiences, such as by adjusting route, entertainment, speed, temperature, lighting, and seating based on personal profiles of each passenger;
• Displaying personalized advertisements through the AV's entertainment system or on the surrounding environment using augmented reality by considering the personal profile of each individual passenger, thereby increasing the value for which each advertisement may be sold;
• Selling data relating to passengers (such as, travel preferences, destinations, interests) to data aggregators to improve consumer profiles for cross-sector advertising; and
• Utilizing data relating to bystanders observed by AVs, such as recording the device ID of an individual admiring a passing AV to develop a list of individuals possibly interested in purchasing their own AV.

2. Value of AV Data in the AV OEM and Supplier Market

The treasure trove of data that may be collected using AV technology, including microphones to analyze passenger conversations or cameras to observe passenger and bystander behavior, is likely to add substantial value to the AV market. A 2016 report by McKinsey & Company predicted the overall revenue from car data monetization could be as high as $750 billion by 2030. AV OEMs and Tier 1 Suppliers that willing and able to build unique data collection and use opportunities into their components are likely to realize stronger valuations than their competitors and greater market interest from non-AV investors and business partners.

A report by Axios suggests that markets and investors believe the value relating to the sale and operation of AVs may be outpaced by the gold mine that AV data could produce. As a result, AV OEMs and Tier 1 Suppliers exploring a sale of, or investment in, their company should consider the potential impact that big data collection may have on anticipated transaction value. In addition, AV companies foregoing the market should assess the potential capabilities of their AV components to play a role in the big data race.

3. Impact of Privacy and Data Security on AV OEM and Supplier Valuation

There may be tremendous value in AV data, but there are also significant hurdles created by existing and anticipated privacy and data security laws that could reduce its anticipated impact. In addition, the mobility of AVs creates compliance challenges, as different laws may apply depending on the residency of passengers or the location of the AV at any given time.

Comprehensive Laws Granting Consumer Rights

An increasing number of comprehensive privacy laws, including Europe's General Data Protection Regulation (GDPR) and the newly enacted California Consumer Privacy Act (CCPA), grant individuals within the law's jurisdiction specific rights over the collection and use of data identifying or relating to the individual (Personal Data). These rights often include a right to have certain Personal Data deleted and the right to opt out of the sale of their Personal Data. At least 15 states in the U.S. have considered, or are actively considering, similar comprehensive privacy laws granting a right to deletion and right to opt out of Personal Data sales, as well as a right to restrict disclosure or processing of Personal Data more generally. These rights can impede an AV OEM's or Tier 1 Supplier's collection of non-essential data or non-essential use of essential data.

Biometric Laws

Many advanced technologies use biometrics to verify user identities without inconveniencing the user in the process. AVs are likely to rely in part on biometrics to verify the identities of AV owners and passengers. However, the proper use of biometrics has been increasingly debated and legislators are becoming more willing to adopt laws restricting the use of biometric information and impose heightened security obligations. For example, the Illinois Biometric Information Privacy Act imposes strict obligations on a company's collection and care for biometric information, which has resulted in large class actions relating to lack of transparency about, and misuse of, biometrics. These laws introduce increased costs for compliance, restrict the ability of AV OEMs and Tier 1 Suppliers to process biometric information and raise the risk profile for impacted companies.

Children's Privacy Rights

AVs will likely use data to identify passengers and personalize the AV experience. However, the prevalence of child passengers in AVs is likely to subject AV OEMs and Tier 1 Suppliers to laws addressing children's privacy, which are some of the strictest privacy and data security laws impacting technology companies today.

These laws impose exacting restrictions on the knowing collection, use, and disclosure of children's Personal Data. Due to detailed identification and profiling of AV passengers that is likely to occur, it may be difficult for a company to argue that it does not know the age of a child passenger. This knowledge would result in heightened restrictions on the use of that child passenger's Personal Data. For example, the GDPR requires consent for any processing of a child's Personal Data in relation to many online, inter-connected services and the CCPA prohibits the knowing sale of children's Personal Data without prior affirmative authorization from the child or his or her parent or guardian. AV companies may find it difficult to bifurcate and isolate information of adult passengers from child passengers that are in the same AV. As a result, these laws may have a detrimental impact on the ability to use data from a ride involving a child passenger.

4. Key Takeaways

Because of the likely impact of big data practices on the valuation of AV OEMs and Tier 1 Suppliers, they should carefully consider and monitor the following:

• Determine ownership of data collected by AVs and AV components: If AV data is as valuable as experts are predicting, it is likely that data ownership will be strongly debated in the AV market. Companies can mitigate this risk by addressing ownership concerns early in the AV development process. Proper contract language can ensure all parties involved in the construction and operation of AVs understand which data, if any, each AV OEM and Tier 1 Supplier can use for its own purposes.
• Minimize the impact of privacy and data security laws on valuations: Complex technologies, like those leveraged in AVs, are often subject to a vast array of privacy and data security laws. AV OEMs and Tier 1 Suppliers that build comprehensive privacy and data security programs early on will be well-positioned to minimize the impact of these laws. Well-designed programs can assist companies in building privacy and data security considerations into the components and systems prior to implementation, which is often less disruptive than retrofitting privacy and data security solutions at the end-point of development. In addition, proper contracting practices with vendors and business partners can reduce risk and insulate certain data sharing practices from the more robust restrictions of these laws, including the right to opt out of sales or disclosures.
• Actively consider the impact of AV data on valuation: The AV market is certainly becoming aware of the potential value-add of non-essential data and non-essential uses of essential data. However, AV OEMs and Tier 1 Suppliers can improve the impact of AV data on valuation by owning the narrative and developing their own propositions for how the data they collect or process can be used outside the context of AV sales and operations. By actively considering the impact of AV data on valuation, companies can ensure that investors and prospective business partners fully understand the potential of their technologies and build this potential into the value of a future transaction.

Glynna Christian is an Orrick, Herrington & Sutcliffe partner and co-heads the firm's global technology transactions practice. Aravind Swaminathan is co-head of Orrick's global cybersecurity, data privacy and innovation practice. Nick Farnsworth is an associate in the firm's cyber and privacy practice.