Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications

Section 2.2  Purposes

66. Personal data may be processed for a wide variety of purposes in relation to connected vehicles, including driver safety, insurance, efficient transportation, entertainment or information services. In accordance with the GDPR, data controllers must ensure that their purposes are “specified, explicit and legitimate”, not further processed in a way incompatible with those purposes and that there is a valid legal basis for the processing as required in ar. 5 GDPR. Some concrete examples of purposes that may be pursued by data controllers operating in the context of connected vehicles are discussed in Part III of these guidelines, along with specific recommendations for each type of processing.