On March 24, 2020, the Dutch Supervisory Authority (“SA”) announced the launch of a broad investigation into automobile manufacturers, to determine whether any violations of data protection laws have occurred in relation to connected cars.

The Dutch SA sent a questionnaire to all Netherlands-based car and truck manufacturers, asking what types of personal data they process, how long they keep it, what measures they take to secure it, and with whom they share it. On the basis of the results, the SA intends to engage in dialogue with the sector and, where it deems necessary, initiate enforcement actions.

The SA mentioned in its announcement that, thus far, it has received few complaints on this topic, but attributes this to a lack of privacy awareness among drivers. The SA also alluded to its current understanding that “much is not properly addressed”.

Finally, the SA acknowledged that many automobile manufacturers do not have headquarters or a “main establishment” in the Netherlands. Therefore, the SA indicated it will share evidence or suspicions of data protection violations with the competent authorities of such manufacturers, for further follow-up action and possible enforcement.

This investigation follows the publication of guidelines for connected car manufacturers by the European Data Protection Board back in February 2020.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Kristof Van Quathem Kristof Van Quathem

Kristof Van Quathem advises clients on information technology matters and policy, with a focus on data protection, cybercrime and various EU data-related initiatives, such as the Data Act, the AI Act and EHDS.

Kristof has been specializing in this area for over twenty…

Kristof Van Quathem advises clients on information technology matters and policy, with a focus on data protection, cybercrime and various EU data-related initiatives, such as the Data Act, the AI Act and EHDS.

Kristof has been specializing in this area for over twenty years and developed particular experience in the life science and information technology sectors. He counsels clients on government affairs strategies concerning EU lawmaking and their compliance with applicable regulatory frameworks, and has represented clients in non-contentious and contentious matters before data protection authorities, national courts and the Court of the Justice of the EU.

Kristof is admitted to practice in Belgium.