#Privacy: Dutch DPA to investigate Dutch vehicle manufacturers

The Dutch data protection authority, Autoriteit Persoonsgegevens (AP) has launched an investigation into the EU General Data Protection Regulation (GDPR) compliance of vehicle manufacturers. 

In a post, AP explained that it has contacted all vehicle manufacturers including cars, commercial vehicles and trucks, asking which personal data it processes, why, for how long, how they have secured it, and with whom they share it. 

By doing so, AP hopes to get better insight into any privacy violations conducted by connected cars. 

“This gives us an idea of how we are doing in the Netherlands,” says AP board member Katja Mur. “We will enter into discussions with the manufacturers based on our findings. Are we seeing something that really isn’t right? Then we can start follow-up investigations and fines may follow.”

The data protection authority hopes to have analysed the results before Summer. 

Mur added: “We understand that many companies are currently mainly concerned with the health of their employees. Or keeping things going in these difficult times. We will of course take this into account and manufacturers will be given extra time to supply information where necessary.”

Mur explained that an inventory among vehicle manufacturers is one way in which AP can ensure that the privacy of motorists is not violated. 

“And that is very important,” says Katja Mur. “Because even though the AP does not yet receive so many signals from motorists about their car, we do see that much has not yet been properly arranged. Many people are simply not yet aware of what their car knows about them. “

To solve this, in February the AP published a manual which includes tips on what to do when motorists buy, rent, or lease a “connected” vehicle. By raising awareness, AP hopes to receive more concrete complaints. 


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/