Speaking Engagement

Case Study: Connected Cars, No Longer Emerging but Reality

IAPP Europe Data Protection Congress

02 Dec 2015 04:15 p.m. - 05:15 p.m.

SQUARE – Brussels Meeting Centre
Glass Entrance
rue Mont des Arts
B-1000 Brussels, Belgium

Cars already monitor and record data from a large number of sensors installed in the vehicle, including air pressure, engine temperature and fuel consumption. In addition, more and more cars are now being equipped by employers, vehicle lease companies and insurers with a black box telematics device. The data collected may include location data, journey records, driver behavior and more. These types of data qualify as personal data and may be of interest for accident alert, fleet management and insurance purposes. But governments also have an interest in this data for the reduction of congestion and pollution, and to aid traffic management plans and infrastructure improvements. Accordingly, there are many data controllers who want to share the data generated by the telematics devices (such as the device manufacturers, vehicle leasing companies, employers, insurance companies and the government, to name a few). As they share the infrastructure, they will each, but also jointly, have to assess how their collection and use of personal data affects users’ privacy, and how they each and collectively can comply with applicable law. In this panel, a case study will be presented and discussed both under EU and U.S. law of a vehicle lease company that gets the request from some of its customers to equip their car fleet with a telematics device. Each of the panelists will represent a specific interested party. They will discuss the technology, what data can be collected, what the functionalities are, the interests of each of the parties in obtaining the data (the opportunities and benefits), the impact of each of the uses on the privacy of the drivers/employees, how the devices can be designed to limit the impact of the privacy issues (potential mitigating measures), which interests of which party pass the legitimate interest test and whether the privacy rules are sufficient or if additional rules are needed.

What you’ll take away:

  • What telematics are and what benefits they can bring
  • The main points to consider when implementing telematics in a car fleet
  • Practical do’s and don’ts when implementing telematics
  • Ethical issues to consider


  • Simon Hania, CPO, TomTom
  • Lokke Moerel, Senior Of Counsel, Morrison & Forester
  • Stefan Weiss, CIPP/E, CIPP/US, Global Data Protection Officer, Swiss Re
  • Wojciech Wiewiórowski, Assistant European Data Protection Supervisor, European Data Protection Supervisor




Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.