Connected Cars under the GDPR

摘要

The General Data Protection Regulation marks a clear difference from previous European legislation on the matter of protection of personal data. The principle of strict accountability of the so-called “Data Controller” is now the rule. This foresees significant implication on the flow of data (particularly international data flow), on the information being given to the data subjects, i.e. the individuals whose personal data are being processed, as well as on the security measures to be applied to the processing of such data. In addition, the conference of the Data Protection Authorities has already expressed its preliminary view on connected cars. Finally, the Regulation that sets the rules on the e-call initiative has already implemented strict rules on data retention that might affect the functioning of a connected car system. This paper aims to address the different issues under privacy laws related to connected cars.