Connected Cars, Data & Privacy

GlobalB Law advises automakers, suppliers, fleet operators and mobility apps on connected-vehicle data, KVKK/GDPR compliance and UNECE vehicle-cybersecurity obligations.

A modern vehicle is a connected data platform, generating location, telematics, behavioural and sometimes biometric data continuously, and that data sits at the centre of both privacy law and vehicle cybersecurity. GlobalB Law advises manufacturers, suppliers, fleet operators and mobility apps on governing it lawfully and turning it into a compliant asset.

On data protection, we apply the KVKK, and the GDPR for EU operations, to vehicle-generated personal data: the right lawful basis, transparency to drivers and passengers, handling of location and event-data-recorder (EDR) data, data sharing with insurers and third parties, monetisation, and cross-border transfer. We map the flows and build the framework rather than retrofitting it after launch.

On cybersecurity and type-approval, we advise on the UNECE WP.29 regulations, R155 on a cybersecurity management system and R156 on a software-update management system, which in the markets that apply them are conditions of type-approval, covering over-the-air updates, incident response and product-security obligations across the supply chain.

What we do

Services in this practice

01Connected-vehicle data mapping & KVKK/GDPR compliance
02Driver/passenger consent & transparency notices
03Telematics, location & EDR data governance
04Data-sharing & monetisation agreements (insurers, third parties)
05UNECE R155/R156 cybersecurity & OTA-update compliance
06Cross-border transfer & incident-response frameworks

پرسش‌های متداول

پرسش‌های پرتکرار

Is data generated by a connected car personal data?

Yes, in most cases. Location, driving behaviour, in-car identifiers and event-data-recorder logs that relate to an identifiable driver or passenger are personal data under the KVKK, and the GDPR for EU markets, so they require a lawful basis, transparency and proportionate use. We map the data flows and build the compliance framework around them.

Do drivers have to consent to telematics data collection?

Consent is one lawful basis, but not always the right one. Some processing relies on contract or legitimate interest, while sensitive data and marketing uses generally need explicit consent. We determine the correct basis for each purpose and prepare the driver and passenger notices accordingly.

What are UNECE R155 and R156?

They are UNECE WP.29 regulations requiring a certified cybersecurity management system (R155) and a software-update management system (R156) for vehicles; in the markets that apply them they are conditions of type-approval. We advise manufacturers and suppliers on meeting these obligations, including the governance of over-the-air updates.

Can connected-car data be shared with insurers or third parties?

Yes, with a proper legal basis, transparency and a data-sharing agreement that defines roles, security and the driver's rights. Sensitive data and cross-border transfers need additional safeguards under the KVKK and GDPR. We draft the data-sharing and monetisation agreements and the transfer mechanism.

شروع کنید

وقت ملاقات بگیرید

موضوع خود را با ما در میان بگذارید تا شما را به وکیل مناسب وصل کنیم.

با تیم تماس بگیرید