Guidelines for data privacy in connected cars

On the 17th of October 2017, the French public authority in charge of data privacy, the CNIL (Commission nationale de l’Informatique et des Libertés) published guidelines for the use of data in connected vehicles. These guidelines are aimed at giving a clear and predictable framework to businesses and users, in line with the European Directive which will be applicable from May 2018.


3 scenarii are studied:

  • In-In: data collected in the vehicle stay in the vehicle, without external transmission.
  • In-Out: data collected in the vehicle are transmitted externally in order to provide an additional service specific to the user.
  • In-Out-In: data collected in the vehicle are transmitted externally in order to create an automotic reaction in the vehicle.


The CNIL voiced 4 main recommendations:

  • All data which can be linked to a user, which is identified or could be identified, are personal, protected data.
  • Principles such as self-determination, transparency and loyalty should be at the core of businesses.
  • Privacy by design should be the primary approach.
  • The In-In scenario should be privileged: data should be processed within the vehicle, without transmission to the service provider.

These guidelines will be regularly updated in order to take into consideration the latest developments and state of the art of connected driving.


Source: CNIL


    In: Connectivity & Automation, Data
    • Topics