Business Driver is a leading UK global provider of Practical Driver Training & Risk Management Solutions
    Go Back
  • New Data Laws that will affect company drivers

    The European Parliament has adopted new data protection rules with the aim of protecting the privacy of drivers using company vehicles. The standard for consent will be much higher and the definition of what constitutes personal data will change, there will be tougher sanctions for anyone failing to follow the new regulations.
    Businesses have been given two years to comply with the new, stricter regime, which has been explicitly designed to deal with issues arising from connected products and services, including vehicles.

    “The new rules will ensure that the fundamental right to personal data protection is guaranteed for all,” said Frans Timmermans, first vice-president of the European Commission.

    With the connectivity in cars and vans becoming increasingly more commonplace and the majority of drivers already using apps like Google Maps or sat-navs to plan journeys. Experts predict that by 2020 90% of new cars will be connected, sharing real-time information on a massive scale. Whilst this holds the potential for huge environmental, economic and societal benefits. It does throw up a whole host of data protection issues. Especially where company driver are concerned.

    The new General Data Protection Regulation (GDPR) only applies to personal data. However, with the definition of personal data also changing, legal expert and partner at Pinset Mason, Stephan Appt says much of what will be produced will fall under the new regulation. For instance “Data that identifies drivers indirectly would be considered personal data.”

    GDPR makes it clear that information is treated as personal data whenever individuals can be identified by online information, including GPS information.

    If the UK votes to leave the European Union following the referendum on June 23, British fleets should not expect the new rules to be watered down for them. Appt said: “This legal framework will not only apply to data in the EU, it will apply to everybody supplying goods and services to the EU.”

    Driver consent for data-sharing services will therefore be crucial, with the new rules making it clear that it must be “unambiguous” and communicated by “a statement or clear affirmative action”, he added.
    “Pre-ticked boxes will not constitute consent,” said Appt. “It must be freely given and informed. The relationship between fleet – the employer – and the driver is going to be important.”

    In a strategy paper on connected vehicles released last week, the European Automobile Manufacturers’ Association (ACEA) said that manufacturers aim to design their vehicles and services so that “where possible” drivers can choose whether to share personal data. Furthermore, it said: “Customers will be able to deactivate the geolocation functionality of their connected vehicles and in the connected services that are offered, except where geolocation data must be processed to comply with contractual or legal obligations, for example emergency calls.”

    For fleet operators, location-based data for example would be restricted to business use, much as it is today with telematics. However, Appt says the new rules will require “a balance of interest test” between the interests of the driver and the interests of the business.

    Bauer Medias group fleet and risk manager Debbie Floyde, said that, ideally, consent will be written into contracts between the leasing company and end-users.
    However, she added: “I would definitely make it part of policy that they would have to share data if they want to drive on company business. Potentially, this would be limited to data concerning just business trips, unless it was in their interest to access data on a private trip such as in the event of an accident.”

    Whilst addressing delegates at the Connected Fleets Europe conference in Amsterdam, Appt advised: “Fleet managers talk about ‘my fleet, which implies it’s ‘my data’. But, from a legal perspective, there is no ownership of data.”
    Legally, it is a question of consent and, while many are calling for an open platform so that data can be easily shared between third-party suppliers, carmakers are reluctant to give it away for free.

    In the paper released last week by the ACEA, they say that the EU should establish a standardised framework for access to vehicle data that “takes account of the fact that vehicle manufacturers invest heavily in the ability of vehicles to generate data and are ultimately responsible for ensuring the vehicle’s safety and integrity as well as the protection of the user’s personal data and privacy”.
    For its part, the ACEA recently adopted a statement setting out five principles of data protection to which it says the industry will adhere. These include transparency, customer choice, ‘privacy by design’, data security and the proportionate use of data.

    Erik Jonnaert, secretary general of the ACEA said: “We are committed to providing customers with a high level of protection and maintaining their trust.
    “This is essential if intelligent transport systems and the connected car are to fulfil their potential to contribute towards societal goals such as facilitating traffic management, improving road safety, reducing fuel consumption and bringing down CO2 emissions.”

    Source cited - FleetNews article by Gareth Roberts 3/05/2016