The integration of high technology software and sophisticated systems in automobile design has produced cars that have become complex computers teeming with billions of data. Built-in sensors, Internet-connected dashboards, video content-sharing capabilities, and infotainment platforms have made these smart cars hyper-efficient data collecting machines. While this development presents exciting opportunities, it is critical to have a robust strategy to address the associated risks.

1. Designed with Data Security in Mind

Automakers will need to consider privacy and data protection compliance when developing built-in vehicle software for smart cars. The unique risks associated with smart cars stem from the kinds of data that can be collected, used, and stored, which potentially reveal an individual’s personal life and which are heavily regulated by privacy and data protection regimes around the world. The data collected includes personal information such as names, usernames, phone numbers, passwords; behavioural data such as speed, driving patterns, acceleration, places frequented; and biometric data such as fingerprint, face or voice recognition.  

Automakers will be able to fully leverage the data collected only if the quality, integrity and security of the data are duly preserved. As such, automakers should be vigilant when building security systems such as encryption and authentication measures, to ensure that they actively target potential data vulnerability issues, particularly in today’s environment that is highly vulnerable to data breach. In addition, automakers will need to minimize data collection when it is no longer required for its intended purposes in order to reduce privacy risk. If systems are hacked and data is misused or mishandled, the financial and reputational risk to the automaker will be significant, and potentially catastrophic.

2. Speeding Around the World

Governments around the world are quickly recognizing the data protection implications of smart cars, and reacting. For example, the German Ethics Commission recently reported that user consent is required to use vehicle data for any reason beyond safety. The European Commission is actively developing Intelligent Transport Systems (ITS) to recognize how data can improve various driving factors such as road safety, accident notifications, and infrastructure. Moreover, Europe’s strategic policy on clean energy is encouraging automakers to build real-time data-sharing systems with other stakeholders to promote Europe’s clean energy transition. Similar to Europe, China, the world’s largest auto market, is ramping up efforts to develop intelligent transportation technologies vis-à-vis smart cars. For instance, China’s National Technical Committee of Auto Standardization issued a notice to review current vehicle standards and relevant laws and regulations to assess how such regulations need to be modified to be compatible with automated driving technologies. In Canada, automakers have engaged federal privacy officials to understand compliance requirements when developing new smart car technologies that are inevitably accompanied by privacy implications.  


The range of potential applicability of automotive technology is likely beyond one’s imagination. While the significant disruption expected in the automotive sector will reshape business models and value chains, the evolution and application of data protection laws for smart cars remains paramount. Apart from privacy and data protection laws, smart car technology development will also need to be guided by product liability, insurance, competition, and road safety laws.  

Contributors – Maneesha Gupta, and Sarah Mavula


Theo heads Baker McKenzie's Canadian Information Technology/Communications practice and is a member of the Firm's Global IP/Technology Practice Group, and Technology, Media & Telecoms and Financial Institutions Industry Groups.