The shift from ‘connected cars’ (cars communicating with their manufacturers, traffic lights, surrounding vehicles etc.) to ‘self-driving’, ‘driverless’ or ‘autonomous cars’, will impose new challenges to GDPR compliance. Business models and use cases of such cars will change, as will controllership, processors, purposes, and types of data being processed. In this article, we will discuss the repercussions and challenges to GDPR compliance in this paradigm shift.
To protect the rights of the data subjects it is crucial to determine the controller and processors for data processing activity, as these individuals or teams can be held accountable for activities regarding difference stages of data management. Considering the complex business structures in today’s world, the legal obligations attached to these two roles can be misinterpreted. Although controller and processor roles seem