Case Study: Connected Cars, No Longer Emerging but Reality

IAPP Europe Data Protection Congress 2016

11/10/2016 01:30 p.m. - 02:30 p.m.

Privacy + Data Security

SQUARE - Brussels Meeting Centre
Glass Entrance
rue Mont des Arts
B-1000 Brussels

Lokke Moerel

Speaking Engagement


Cars already monitor and record data from a large number of sensors installed in the vehicle, including air pressure, engine temperature, and fuel consumption. In addition, more and more cars are now being equipped by employers, vehicle-lease, and insurance companies with a black-box telematics device. The data collected may include location data, journey records, driver behavior, and more. These types of data qualify as personal data and may be of interest for accident-alert, fleet-management, and insurance purposes.

But governments also have an interest in this data to assist in the reduction of congestion and pollution, as well as aid traffic management plans and infrastructure improvements. Accordingly, there are many data controllers who want to share the data generated by the telematics devices (such as the device manufacturers, vehicle leasing companies, employers, insurance companies, and the government, to name a few). As they share the infrastructure, they will each, but also jointly have to assess how their collection and use of personal data affects users privacy, and how they each and collectively can comply with applicable law.

In this panel, a case study will be presented and discussed in light of both EU and U.S. law of a vehicle-lease company that gets a request from some of its customers to equip their car fleet with telematics devices. Each of the panelists will represent a specific interested party, to discuss:

  • the technology,
  • what data can be collected,
  • what the functionalities are,
  • the interests of each of the parties in obtaining the data (the opportunities and benefits),
  • the impact of each of the uses on the privacy of the drivers/employees,
  • how the devices can be designed to limit the impact of privacy issues (potential mitigating measures),
  • which interests of which party pass the legitimate-interest test, and
  • whether the current privacy rules are sufficient.


Find MoFo Info

Email Disclaimer

Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.

©1996-2016 Morrison & Foerster LLP. All rights reserved.