Connected vehicles generate data that can be used to provide or enhance services such as navigation, traffic information, roadside assistance, remote diagnostics, usage-based insurance (dependent on driving behaviour), on-demand entertainment or fleet management. Examples of data generated by connected vehicles include geolocation, usage (e.g. driving style) and technical data (e.g. speed, wear and tear affecting a vehicle’s parts). Data generated by connected vehicles may in some cases be personal data, unless it is anonymised.
Cullen International’s new benchmark examines the policy and regulatory aspects related to the development of connected and automated vehicles in eleven European countries, including specific rules applicable to data generated by connected vehicles.
The research shows whether the researched countries:
- have published rules and/or guidance by data protection authorities (DPAs) that are specifically applicable to data generated by connected vehicles;
- restrict the processing of personal data in the context of connected vehicles, including setting specific data retention periods; and
- set specific rules on access by third parties to vehicle data.
The research reveals that DPAs in four countries (Austria, Belgium, Germany and France) set specific rules and/or guidance. See visual overview
In these four countries, the national rules/guidance restrict the processing of personal data in the context of connected cars. For example, Belgium, France and Germany lay down specific rules for the processing of geolocation data (although in Belgium, these rules only apply in the context of an employment relationship).
France and Germany also set specific rules on access to vehicle data by third parties, such as law enforcement authorities, rescue services, or insurance companies.
To access the full benchmark, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our European Digital Economy service.
more news
10 July 25
WhatsApp and other communication apps must allow legal interception in less than half of the EU countries
Our new pan-European benchmark examines national rules of lawful interception obligations for number-independent interpersonal communications service providers, such as WhatsApp.
09 July 25
Countries tighten IoT rules with new security, numbering and device measures
Our Quarterly Regulatory Update on IoT and M2M Services (Q2 2025) highlights how national regulators are shaping the future of IoT and M2M services in areas such as cross-border connectivity, device regulation, and security.
08 July 25
Copper decommissioning emerges as critical challenge in global transition to gigabit networks
Our latest Global Trends report examines how 15 major markets are approaching the transition from legacy copper infrastructure to future-proof gigabit networks.