Client Alert

Germany’s Federal Commissioner for Data Protection Issues Recommendations for Self-Driving Cars

MoFo Privacy Minute

20 Jul 2017

The development of connected and automated (“self-driving”) cars has been the focus of rising regulatory activity in Germany. The Federal Commissioner for Data Protection in Germany (“Federal Commissioner”) and a high-level commission appointed by the German government have separately issued recommendations on the legal and ethical implications of automated driving technology, respectively. Both documents, published in June 2017, are expected to inform the decisions of lawmakers and regulators, but are not directly binding on lawmakers, regulators, or companies.  (The authority of the Federal Commissioner in the private sector is limited to providing information to the public.)

The Federal Commissioner stressed the importance of transparency and data minimization: Users should have easy access to their data to understand what personal information has been collected (for example via a monitor on their dashboard), including where data will be collected with their consent. Users should also be provided with a simple tool to delete data (e.g., by switching the software back to factory settings). The Federal Commissioner urged manufacturers to develop products following the privacy-by-design and privacy-by-default principles, and to collect data only where necessary or anonymize the data. In particular, images of a car’s outer surroundings should be deleted as soon as they are no longer required for the purposes for which they were recorded. The Federal Commissioner also highlighted the importance of data safety and stressed that software must be designed in a way that prevents unauthorized access and guarantees reliable protection against cyber-attacks.

Meanwhile, the commission appointed by the Federal Minister for Transport published a report on the ethical aspects of automated driving. The commission is comprised of a group of renowned experts from industry, science, and the judiciary who have identified 20 rules with a focus on accountability and liability issues arising in accident and manipulation scenarios. Amongst those rules, the commission stressed that IT systems must be designed in a way that prevents manipulation, in particular where such manipulation may undermine trust in road traffic. The report also suggests that drivers’ consent to the processing of their data should only be deemed voluntary if drivers are offered a “practical alternative” to the processing of their data.

For more information, see The Federal Commissioner’s recommendations, as well as the report by the Federal Minister’s commission. Both documents are published in German language only.



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.