For vehicle data, GDPR is just the start | Fox Rothschild LLP
For vehicle data, GDPR is just the start, the German regional government of Brandenburg said in a Q&A. Stay tuned for data governance law.
Here are some key points:
- Car manufacturers must comply with the GDPR when collecting and processing data. To this end, the customer’s consent to the use of their data (for example, in-vehicle systems such as car apps) must always be obtained at the time of purchase. They must also comply with the GDPR when processing personal data on driving behavior for their own purposes.
- The GDPR is a good basis for ensuring the protection of data collected, processed and stored by modern vehicles. Legal requirements for “privacy by design” and “privacy by default” are important cornerstones that manufacturers must take into account when developing their products.
- The large amounts of data accumulated in modern vehicles and developments in autonomous and networked driving repeatedly raise questions about the rights of storage, access, disposal and exploitation. In addition to the consistent implementation of regulations, this also necessitates other legal regulations. For example, the European regulations foreseen on data intermediaries in the law on data governance should be mentioned here.
- Consumers must be able to decide individually whether and to whom to grant access to the datasets they have produced. In addition, consumers must be able to delete personal driving data at any time within the legal limits.