1. Home
  2. Authorities and bodies
  3. European Union
  4. European Data Protection Board
  5. EDPB – Guidelines
  6. EDPB – Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications – Version 2.0
12 May. 2022
EDPB Annual Report 2021
28 Apr. 2022
EDPB Enforcement Cooperation Statement

EDPB – Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications – Version 2.0

As they move into the mainstream, connected vehicles have become a significant subject for regulators, particularly as they require personal data processing within a complex ecosystem.

The EDPB Guidelines aim to clarify the key privacy and data protection risks, including the security of personal data, ensuring full control over processing, and the appropriate legal basis for further processing and how GDPR-compliant consent should be collected in cases of multiple processing.

In order to mitigate the risks to data subjects, the EDPB identifies three categories of personal data requiring special attention:

  1. Location data, which, due to its sensitive nature, should not be collected except if doing so is absolutely necessary for the purpose of processing;
  2. Biometric data, which should be stored locally and in encrypted form;
  3. Data revealing criminal offences and other infractions, the processing of which is subject to the safeguards contained in Article 10 GDPR.

The EDPB also highlights the interplay between the GDPR and the ePrivacy Directive, noting that the connected vehicle and any device connected to it should be considered “terminal equipment” for the purposes of Art. 5(3) ePrivacy Directive.

References

  • SA
  • Case-law
  • Legislation