For vehicle data, GDPR is just the beginning, the German Brandenburg regional government said in a Q&A. Stay tuned for the Data Governance Act.

Here are some key points:

  • Vehicle manufacturers have to observe GDPR when collecting and processing data. For this purpose, the customer’s consent to the use of their data (e.g. on-board systems such as car apps) should always be obtained when purchasing. They also must abide by GDPR when processing personal data on driving behavior for their own purposes.
  • GDPR is a good foundation for ensuring data protection for data collected, processed and stored by modern vehicles. The legal requirements on “privacy by design” and “privacy by default” are important cornerstones for manufacturers to take into account when developing their products.
  • The large amounts of data accumulating in modern vehicles, and the developments in autonomous and networked driving, repeatedly raise questions about storage, access, disposal and exploitation rights. In addition to the consistent implementation of the regulations, that also makes further legal regulations necessary. For example, the planned EU regulations on data intermediaries in the Data Governance Act should be mentioned here.
  • Consumers must be able to decide individually whether and to whom they grant access to the data sets they have produced. In addition, consumers must be able to delete personal driving data at any time within the framework of the legal limits.