On 28 January 2020 adopted the European Data Protection Board (“EDPB”) adopted the Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications.
The EDPB states that “connected vehicles are generating increasing amounts of data, most of which can be considered personal data since they will relate to drivers or passengers” and “the challenge is, for each stakeholder, to incorporate the “protection of personal data” dimension from the product design phase, and to ensure that car users enjoy transparency and control in relation to their data.”
The EDPB offers general recommendations “to mitigate the risks for data subjects” on:
Geolocation data
Biometric data
Data revealing criminal offenses or other infractions
Purposes
Relevance and data minimisation
Data protection by design and by default
Local processing of personal data
Anonymization and pseudonymisation
Data protection impact assessments
Information
Rights of the data subject
Transmitting personal data to third parties
Transfer of personal data outside the EU/EEA
Use of in-vehicle Wi-Fi technologies
The EDPB also presents CASE STUDIES (p.21)
For more information , Francesca Giannoni-Crystal