Self-Driving Grocery Delivery Cars Present Interesting Data Security Questions

November 19, 2018

By: Benjamin D. Jackson

Category: Information Security & Privacy, Transportation

Download PDF

According to the Associated Press[1], Ford Motor Company and Walmart, Inc. have joined forces along with Postmates to test self-driving vehicles for a grocery delivery service.

The tests are expected to take place in Miami-Dade County, and deliver typical grocery and other sundry items from nearby Walmart stores directly to consumers. Questions still remain as to what goods exactly will be available for transport. And it still sounds like the group is working out the practical logistics of using self-driving vehicles to deliver to such a diverse and impromptu group of locations.

This experiment marks one of the first instances we have seen of combining the unique challenges to self-driving technology from both the commercial arena (manifested more in big rig, cross country deliveries or urban sanitation trucks) and more urban and private self-driving cars within populated areas. With companies like Ford and Walmart involved, the development of this process, the lessons learned, and any resulting regulation, will be interesting to follow.

Perhaps even more interesting is the announcement by Walmart that “the vehicles used will collect data about consumer preferences to help the companies understand what people want.”[2] There are several potential data security implications here. First, the protection of customer data, including preferences and habits, and how that data is shared between the companies involved, needs regulation, transparency, and scrutiny. Second, there is potential that both payment data, and certainly customer addresses, cellular phone numbers, GPS location data and e-mail addresses will be held within either the cars themselves or the network used to communicate with them. The protection of that data – and its use by Walmart, Ford, Postmates and perhaps others will be subject to data security laws and regulations.

Finally, the litigation implications, both from discovery, how the law is applied, evidentiary rulings related to electronically stored data, and beyond, could be numerous and landscape changing.

This is just another example of the rapidly approaching future of self-driving vehicles and how the data passed from and between smart and self-driving vehicles is the next wave of data regulation and security in our country. For more information, review some of our previous writing on this subject here and here.

Benjamin D. Jackson is an experienced litigator with a specific legal practice focused on representing commercial clients, financial institutions, hospitals, medical clinics, physicians, and business organizations in matters of data security, risk management, cyber liability defense and medical malpractice defense. He can be contacted at

[2] (All contents (c) copyright 2018 Associated Press. All rights reserved.)

The Between the Lines blog is made available by Mitchell Williams Law Firm and the law firm publisher. The blog site is for educational purposes only, as well as to give general information and a general understanding of the law. This blog is not intended to provide specific legal advice. Use of this blog site does not create an attorney client relationship between you and Mitchell Williams or the blog site publisher. The Between the Lines blog site should not be used as a substitute for legal advice from a licensed professional attorney in your state.