FEMA demands inclusion of motorcycles in vehicle data protection guidelines that the European Data Protection Board has published in February 2020.
The European Data Protection Board (EDPB) published the guidelines on processing personal data in the context of connected vehicles and mobility related applications and opened a public consultation that ended 1 May 2020. FEMA has responded of course, and demands inclusion of motorcycles in vehicle data protection guidelines.
We studied the guidelines and came to the conclusion that they give a good protection to vehicle owners in saving their privacy and protecting their rights on the vehicle data. The vehicle owner has the control of the data as much as possible. In certain circumstances other regulations override the General Data Protection Regulation (EU GDPR, Regulation (EU) 2016/679), but we see no problem in that.
However, we noticed that the scope of the guidelines is not clear. In some places it only mentions ‘vehicles’ and in other places ‘cars’ without defining what is meant with ‘vehicles’. Given the fact that in other places the word car is used, it suggests that this is what the Board had in mind when the guidelines were written. Since in EU legislation the word vehicle usually is used for two-track vehicles categories M1, M2, N1 and N2 (cars, busses, vans and large and heavy vehicles or trucks) it might be assumed that these vehicles are also in the scope of the guidelines.
Motorcycles and other category L-vehicles are usually not included in EU legislation, expect specifically mentioned, and are also not specifically mentioned in the EDPB Guidelines. Therefor we fear that motorcycles are not seen as within the scope of the EDPB Guidelines while they should be. We have alerted the European Data Protection Board to this and demanded explicit inclusion of motorcycles within the scope of the EDPB Guidelines. You can read our reaction below.
View of FEMA on the EDPB Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications (version 1, adopted 28 January 2020): “We are concerned about the use of the data of vehicles, including motorcycles and other powered two- and three-wheeled vehicles, by motorcycle manufacturers and others and the privacy of their owners. Therefor we are happy with the Guidelines of EDPB and think they can contribute to the enforcement of right of ownership of data and the protection of the personal life space of vehicle owners and -users. However, the scope of the Guidelines is not clear enough. In the Guidelines (connected) vehicles are mentioned in several places, while in other places cars are mentioned. This gives the impression that only cars (category M1 vehicles?) are in the scope of the Guidelines and not other vehicles like all categories L, N1, M2, N2. Some motorcycles are already connected and at least one brand (BMW) already downloads (personal) data from the motorcycle when it is serviced by a BMW dealer of workshop without the explicit consent or often even knowledge from the owner. As a federation of motorcyclists’ rights organizations in Europe we are very concerned with the developments in data gathering and processing and we think that motorcycles and other L-category vehicles must be explicit included in the scope of the Guidelines.”