IAPP Europe Data Protection Congress
Cars already monitor and record data from a large number of sensors installed in the vehicle, including air pressure, engine temperature and fuel consumption. In addition, more and more cars are now being equipped by employers, vehicle lease companies and insurers with a black box telematics device. The data collected may include location data, journey records, driver behavior and more. These types of data qualify as personal data and may be of interest for accident alert, fleet management and insurance purposes. But governments also have an interest in this data for the reduction of congestion and pollution, and to aid traffic management plans and infrastructure improvements. Accordingly, there are many data controllers who want to share the data generated by the telematics devices (such as the device manufacturers, vehicle leasing companies, employers, insurance companies and the government, to name a few). As they share the infrastructure, they will each, but also jointly, have to assess how their collection and use of personal data affects users’ privacy, and how they each and collectively can comply with applicable law. In this panel, a case study will be presented and discussed both under EU and U.S. law of a vehicle lease company that gets the request from some of its customers to equip their car fleet with a telematics device. Each of the panelists will represent a specific interested party. They will discuss the technology, what data can be collected, what the functionalities are, the interests of each of the parties in obtaining the data (the opportunities and benefits), the impact of each of the uses on the privacy of the drivers/employees, how the devices can be designed to limit the impact of the privacy issues (potential mitigating measures), which interests of which party pass the legitimate interest test and whether the privacy rules are sufficient or if additional rules are needed.
What you’ll take away: