• Home
  • |
  • Insights
  • |
  • Blog
  • |
  • Privacy laws around the world and what it means for the automotive industry

Privacy laws around the world and what it means for the automotive industry

Privacy laws are becoming an important topic in doing business in any industry. Almost every business needs to be aware of the regulations listed in GDPR (EU privacy law) to stay compliant and not break the trust of their clients. In most cases, we can obtain consent to collect and store personal information, like name, email address, phone number, ID number etc. However, there are cases where individuals can’t give their consent and it’s impossible for companies to ask for it. 

One of these corner cases is data collection in the automotive industry. The data is used for various purposes like training ADAS and AD systems, making maps, and many others. However, it is inevitable during the process of data collection to capture individuals’ faces and license plates. To harmonize data collection with privacy laws, companies must implement robust anonymization techniques. This guarantees that any gathered data is stripped of identifiable markers, thus maintaining its integrity for crucial research and development pursuits.  

In this article, we will embark on a comprehensive comparison of the world’s most pivotal privacy laws, encompassing GDPR (EU), PIPL (China), UK Data Protection Act, CCPA (California, USA), and LGPD (Brazil).  

Global Privacy Laws

There are 8 global privacy laws, but in this article, we will focus on the following: 

California Consumer Privacy Act (CCPA) – USA: The CCPA is a comprehensive privacy law in California, USA, that grants consumers various rights over their personal information and requires businesses to provide certain disclosures about their data practices.   

Data Protection Act 2018 – UK: Although the UK was part of the EU when GDPR was enacted, it now has its own data protection legislation, which is largely based on GDPR principles.  

Personal Information Protection Law (PIPL) – China: China’s PIPL is a comprehensive data protection law that governs the collection and use of personal information within the country.  

General Data Protection Law (LGPD) – Brazil: LGPD is Brazil’s data protection law, which applies to the processing of personal data in the country.  

General Data Protection Regulation (GDPR) – European Union: While we mentioned GDPR in the context of the EU, it’s worth noting that GDPR has also influenced data protection laws in many other countries and regions. 

It’s important for companies operating globally to be aware of and comply with the relevant regulations in the regions where they collect and process data. Additionally, staying informed about updates and changes to these regulations is crucial to maintaining compliance, especially if you want to do business with a country that falls under the regulations of one or more of the privacy laws. 

Privacy laws around the world

Aspects of privacy laws essential for the automotive industry

While data privacy regulations like GDPR, CCPA, and others focus on protecting personal data and ensuring individuals’ rights and are mostly applicable to different types of data collection and storage for purposes like website visits, storing your bank card details, healthcare information and other, they do include provisions and principles that are relevant to field data collection, anonymization, and data retention.  

Important aspects of privacy laws when it comes to data collection in the automotive industry to consider are: 

Purpose Limitation: Many data protection laws, including GDPR, require organizations to collect data for specific, legitimate purposes. Data collected in the field must align with these purposes, and organizations should not use the data for other, unrelated activities. 

Data Minimization: Regulations encourage organizations to collect only the data necessary for the intended purpose. Field data collection should follow this principle by avoiding the collection of excessive or irrelevant data. 

Consent: Some regulations, like GDPR, require organizations to obtain the consent of individuals before collecting their personal data. If the data collected during field activities is personal in nature, consent mechanisms may be necessary. Considering it’s impossible to obtain the consent of every person walking, running, driving etc. on the street while you are collecting data, the next step is essential to stay compliant with the privacy laws. 

Anonymization: While not always explicitly mentioned, data anonymization is a recommended practice in many regulations. Anonymizing data before storage and use can reduce the risk of privacy breaches and facilitate compliance. 

Data Retention: Data privacy laws often include provisions regarding how long data can be retained. Organizations are typically required to delete or anonymize data when it is no longer necessary for the purpose for which it was collected. 

Data Security: Regulations typically mandate that organizations implement appropriate security measures to protect collected data, both during collection and during its storage and use. This is critical to prevent data breaches.  

Data Protection Impact Assessments (DPIAs): In certain cases, especially when processing activities pose high risks to individuals’ privacy, regulations like GDPR require organizations to conduct DPIAs to assess and mitigate those risks. Field data collection projects with significant privacy implications may require DPIAs.  

Cross-Border Data Transfer: Some regulations, such as GDPR, impose restrictions on transferring data outside of the region. If your field data collection involves international data transfers, compliance with these rules is essential. 

Accountability and Documentation: Regulations often require organizations to maintain records and documentation of their data processing activities, including data collection in the field. This documentation can be crucial for demonstrating compliance. 

It’s important to note that the specific requirements and interpretations of these principles can vary between regulations. Organizations should carefully review the relevant regulations in their jurisdiction and seek legal counsel or data protection experts to ensure compliance, especially when dealing with field data collection and long-term data storage. Additionally, regulations may evolve over time, so staying up to date with changes is essential for ongoing compliance. 

Anonymize your personal information collected during data collection

Data Transfer

There are cases when data collection is done in one country or region, but the OEM wants to store and use the collected data in a different country. For example, if an OEM registered outside of the EU wants to collect data in the EU, they will collect personal data such as faces and license plates, which are both safeguarded under the GDPR regulation. In this instance, the company will need to follow the GDPR rules before the data transfer occurs to be compliant. Read our guide for international data transfer to make sure you are complying with GDPR. 

Privacy laws are indispensable in today’s global business landscape, with GDPR serving as a cornerstone for compliance. In the automotive industry, where it is challenging to obtain consent for data collection, robust anonymization techniques are crucial to align data gathering with privacy laws. Understanding the nuances of global privacy laws, from CCPA to LGPD, is essential for businesses with international operations. Staying up to date with regulations and seeking expert guidance ensures long-term compliance and fosters trust in data handling practices. 

To facilitate GDPR-compliant data collection and transfers, NavInfo Europe offers a holistic GDPR compliance solution that includes a highly accurate AI-powered anonymization pipeline that can automatically detect and blur personal information from raw visual data. Our solution supports all types of visual data from various types and positions of cameras and in various weather conditions and territories. Additionally, our data tagging solution DriveTag AI can provide automatic tagging on target features and scenarios for optimized development and testing of algorithms for autonomous driving functions. Contact us today, to see how our expertise and experience in data compliance accelerate your way to expand business to Europe and other places in the world. 

Sign up for our newsletter and get the latest insights!

Anonymize your own images

Talk to our Cybersecurity experts today!

Get in touch with our experts to learn more about our Automotive Cybersecurity solution.