What data do self-driving cars use

GDPR and autonomous driving - who owns the data?

By constantly dealing with smartphones, computers, smart homes or connected cars, we are constantly generating more data that is stored locally or in the cloud, transmitted to services or shared with other applications. Nobody knows for a long time which data is used for which purpose. Only recently, the General Data Protection Regulation (GDPR) was launched in Germany so that users can obtain information about their own data and have it back at their disposal. It has been legally binding since May 2018. But how does the DCGVO affect connected or autonomous driving? Which data are affected by this? And what does that mean for the vision of the self-driving car?

Data-driven business models

According to a study by the digital association Bitkom, 69 percent of the Germans surveyed are of the opinion that the owner of the car should decide who is allowed to use the data generated in their car. However, 42 percent are willing to consent to the storage and further use of the data, provided that this is associated with a social benefit. 27 percent would pass on their data for an individual benefit. “Users are ready to share data when they know who is collecting the data and what it is being used for. In the future, private individuals will be directly protected by the GDPR. At the same time, however, the GDPR is a major challenge for companies, as they have to drive enormous procedural and organizational effort in many areas in order to meet the binding requirements, "says digitization expert Dr. Michael Müller, managing director of Magility GmbH.

Customers want to see benefits

The transfer of the data is increasingly linked to the condition that a concrete benefit arises from it. It is no longer a secret that data is a valuable asset. Accordingly, many customers are becoming more and more economical with the transfer of their data. At the same time, with many digital services and apps, it was impossible to avoid consenting to the data processing, so that the desired autonomy over the data was no longer granted. This is where the new GDPR comes into play.

Personal data in the autonomous vehicle

According to the new General Data Protection Regulation, almost all data are considered to be directly or indirectly personal. According to a declaration by the Verband der Automobilindustrie e.V (VDA) and the data protection authority, all data collected that can be associated with the vehicle identification number (VIN) or the vehicle registration number are indirectly personal. These include average speed, consumption, fill levels or other measured values ​​determined by sensors. They allow conclusions to be drawn about the behavior of the driver, provide insights into his everyday life or provide information about the location and must therefore be protected in particular.

What exactly will change with the GDPR?

The GDPR regulates the processing of personal data of EU citizens. The aim is to strengthen consumer protection and to create transparency, as well as to ensure self-determination over one's own data. By storing and linking personal data, it was previously possible for many companies to create detailed personality profiles, to save them permanently and, if necessary, to use or even sell these profiles. The regulation now wants to take action against this burgeoning business with user and customer data. The three main points are:

  • privacy
  • Right of the customer to his own data
  • Right to information, correction and deletion of the data

GDPR - transparency, data minimization and information

For consumers in the EU, the new basic regulation means more information, transparency and documentation. In the case of autonomous driving, however, it is primarily about storing the data collected. Since May 2018, the consumer has enjoyed even more protection. Among other things, he is now granted the following when handling his data:

  • Affected persons are informed what exactly their data is being used for (transparency)
  • The company is only allowed to store data that it really uses (data minimization).
  • Data may only be processed for the purpose for which they were collected (non-linkability).
  • The customer's rights (information, information, correction, restriction, data portability and deletion) are effectively granted (intervening).

What does the GDPR mean for connected driving?

The new General Data Protection Regulation also applies to services relating to the autonomous and connected vehicle. However, it is currently not foreseeable how it will be implemented in individual cases. What is certain is that the providers of the relevant services must clearly communicate the purpose for which the data collected will be used and must first obtain consent to the data processing. It remains exciting to see how the GDPR will look like in the field of connected driving when implemented in practice.