Since most car data can be associated to the registered owner of the vehicle, it qualifies as personal data. According to a recent ruling from the European Court of Justice, data qualifies as personal if it is in the hand of any party that can obtain sufficient information to identify the user. Vehicle manufacturers, who can easily identify vehicle owners, should therefore treat most vehicle data as personal data.
The GDPR protects the portability of data, meaning that citizens may change service providers. This principle applies to car data as well, which means that there should be a choice about who accesses car data and for what purpose. However, without clear legislation on the latency (or delay of delivery) and format, data portability could be compromised as, realistically, third-party service providers may struggle due to delays and unreadable data to provide equivalent services with vehicle manufacturers.
The European product liability and product safety legislation do not justify extensive monitoring of real time car data for vehicle manufacturers.
FIA Region I director general, Laurianne Krid, said “This legal memorandum shows us what the European Data Protection Regulation can and cannot do, when it comes to car data. While it grants users certain rights, we still feel that specific legislation is needed to ensure innovation, choice and ultimately create value for connected vehicle users.”
The study findings were disclosed during a debate in the European Parliament hosted by MEP Ismail Ertug on ‘Autonomous Driving and Data: Access, Ownership, Security’. The legal observations complement the My Car My Data campaign run by FIA Region I, which aims at raising awareness regarding connected vehicles and the use of data.