Out-Law / Your Daily Need-To-Know

German data protection watchdog makes recommendations for autonomous and connected cars

Out-Law News | 29 Jun 2017 | 9:59 am | 1 min. read

Tighter rules on data protection are needed for the world of connected and autonomous vehicles, according to a German privacy watchdog.

Federal data protection commissioner Andrea Voßhoff has advocated that data generated by connected and autonomous vehicles is automatically anonymised, unless there are reasons for it to be in personally identifiable form, and said car users should be able to "simply delete personal data" unless there are legal reasons why that information should remain recorded.

In total, Voßhoff set out 13 recommendations on "automated and networked driving" (2-page / 94KB PDF), including a call for specific rules that make it clear which data businesses can process without the "explicit consent" of vehicle users.

She said vehicle users "should be provided with all information on the processing of personal data" generated by connected and autonomous cars, and that it must be necessary to access personal data to process that information for "data-based services" or in the context of car-to-car communications.

Other recommendations included placing a general ban on businesses storing data that is only required for driving operations, and the "effective encryption" of communications between vehicles.

Location data recorded by connected and autonomous vehicles should also be "deleted as soon as they are no longer required for the respective purpose", Voßhoff said.

"The car is a symbol of freedom and independence. The digitisation of road traffic could fundamentally change this. In modern vehicles, countless sensors are already gathering data on the driving behaviour and the distances travelled. From this, detailed personality profiles can be created. Drivers must therefore always have full authority over the use of personalisable vehicle data. In principle, they should be informed about any data use in the sense of complete transparency." 

"For this to happen, data protection-friendly technologies and pre-settings are necessary. A lump-sum consent for any purpose, for example when purchasing an automated vehicle, is not sufficient. Here the manufacturers are the most important. The legislator should, in return, supplement existing rules for safe and environmentally compatible mobility with regard to minimum requirements for data protection and data security," she said.