Hello. The European Union is trying to head off a day when a connected car is a privacy violator on wheels, WSJ Pro’s Catherine Stupp reports. Regulators there have proposed guidelines for car makers and their partners for handling information about drivers and their habits.

Other news: Debate over facial-recognition shortcomings; ransomware wipes out police evidence in Florida; and robot vacuum could conduct cyberattacks.

European regulators propose privacy, security rules for connected-car data. The regulators warned in draft guidelines that self-driving and internet-connected cars present risks for data privacy as well as cybersecurity, since hackers could exploit connected devices to take control of vehicles and steal information.

The car industry, under rules likely to be final this year, would have to use advanced encryption techniques, offer special protection for biometric data and limit how they store and share data.

The draft spells out that data generated by modern vehicles is often personal, such as drivers’ location along roadways or the fingerprints they use to unlock infotainment systems. One key area is encryption. Companies should protect data with strong, “state-of-the art” encryption and use systems with unique encryption keys that can unlock data only for a specific vehicle.

Read more.

Should government halt the use of facial-recognition technology? Two experts debate the issue in The Wall Street Journal. Critics say false positives are far higher for some groups of people than for others, but supporters of the technology say the actual numbers involved are tiny.

Most systems are developed by private companies that license them to governments or businesses. Companies hide behind claims of trade secrecy, entering into contracts that bypass public-disclosure provisions and enable facial recognition to be deployed in secret. Researchers, lawmakers and the public rarely have access to examine these systems. When researchers do get access, they find it doesn’t work as advertised. Facial recognition is generally applied by those who already have power—such as employers, landlords and the police—to surveil and, in some cases, oppress those who don’t.

Millions of Americans use facial recognition to secure their mobile phones and tag photos. Facial recognition is reducing financial fraud at banks, preventing medical errors in hospitals, protecting small businesses from repeated theft and robbery, and improving security and convenience at schools and airports. Some people fear that facial recognition will supercharge surveillance networks that track everyone’s movements. But Fourth Amendment protections, coupled with deeply held views about civil liberties, put limits on what government can do. Government agencies should set performance standards and use the best-performing systems.

Ransomware wipes out evidence at Florida police department. Prosecutors dropped drug charges against several individuals when certain files couldn’t be restored after a ransomware attack, ZDNet reports. The city of Stuart, Fla., was hit last April by hackers who locked files and demanded an unspecified ransom, according to local TV station WPTV. Police told the station they lost about 18 months of evidence, including photos and videos.

Robot vacuum can conduct cyberattacks, researchers say. The Ironpie M6 connected vacuum cleaner, launched last year by Trifo Inc., can be manipulated by hackers to participate in denial-of-service attacks, Threatpost reports, citing security firm Checkmarx. Malicious actors also can break into the machine’s video system to view owners’ homes, Checkmarx said at the RSA Conference in San Francisco this week. Vulnerabilities reside in the vacuum’s Internet-of-Things system as well as mobile apps and haven’t been fixed, according to the researchers. Trifo, based in Santa Clara, Calif., and Guangdong, China, didn’t respond to Threatpost’s requests for comment.

Write to the WSJ Pro Cybersecurity Team: Kim S. Nash, James Rundle and Catherine Stupp.

Follow us on Twitter: @knash99, @JimRundle and @catstupp. Also, @WSJCyber.

Contact Enterprise Technology Editor Steve Rosenbush at steven.rosenbush@wsj.com or follow him on Twitter: @Steve_Rosenbush.