Data Protection Impact Assessment: what are the risks when using a connected car?

, ,

Institut Mines-Télécom’s Values and Policies of Personal Information Chair presented its report on the Data Protection Impact Assessment (DPIA) applied to the case of connected cars, during its 22nd Meeting in partnership with Télécom Paris’ Connected Cars and Cyber Security Chair (C3S). Claire Levallois-Barth, a teacher-researcher in law, and Jonathan Keller, a research engineer in law, have been conducting research on cars, an everyday object which, when connected, collects a large amount of personal data relating to the driver, the presumed owner, and the passengers. Their report details the available methodologies and risk typologies as well as the position of the supervisory authorities and judges (French, European, international). It is a step-by-step guide to conducting an impact analysis and processing personal data in accordance with the legislation in force.

Claire Levallois-Barth, Coordinator of the Values and Politics of Personal Information Chair: “The Data Protection Impact Assessment is still an empirical approach, based on our personal assessments of the relationship to risk. In addition, the rapid evolution of technologies with AI or digital twins, as well as the growing number of stakeholders, complicate the analysis; they generate new types of risks, both ethical and societal. We still have a lot of progress to make before we have efficient Data Protection Impact Assessments that take into account the entire ecosystem. Through this report, we hope to engage stakeholders in a positive way in controlling the risks generated by our digital society and in constructing laws in a rapidly changing environment“.

To download the report :