Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications

Categories Blog, Business, Design / Branding, Free Data Protection Resources, Uncategorized
Date October 9, 2020

Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications

Paragraph 2.1.1 Geolocation data

60. When collecting personal data, vehicle and equipment manufacturers, service providers and other data controllers should keep in mind that geolocation data are particularly revealing of the life habits of data subjects. The journeys carried out are very characteristic in that they enable one to infer the place of work and of residence, as well as a driver’s centers of interest (leisure), and may possibly reveal sensitive information such as religion through the place of worship, or sexual orientation through the places visited. Accordingly, the vehicle and equipment manufacturer, service provider and other data controller shall be particularly vigilant not to collect location data except if doing so is absolutely necessary for the purpose of processing. As an example, when the processing consists in detecting the vehicle’s movement, the gyroscope is sufficient to fulfil that function, without there being a need to collect location data.

61. In general, collecting geolocation data is also subject to compliance with the following principles:

− adequate configuration of the frequency of access to, and of the level of detail of, geolocation data collected relative to the purpose of processing. For example, a weather application should not be able to access the vehicle’s geolocation every second, even with the consent of the data subject;
− providing accurate information on the purpose of processing (e.g., is geolocation history stored? If so, what is its purpose?);
− when the processing is based on consent, obtaining valid (free, specific and informed) consent that is distinct from the general conditions of sale or use, for example on the onboard computer ;
− activating geolocation only when the user launches a functionality that requires the vehicle’s location to be known, and not by default and continuously when the car is started;
− informing the user that geolocation has been activated, in particular by using icons (e.g., an arrow that moves across the screen);
− the option to deactivate geolocation at any time;
− defining a limited storage period;