On October 17, CNIL issued its personal data protection compliance pack (source document in French) to provide guidance to automotive companies when processing personal data through autonomous vehicles. In its guidance, CNIL identified three scenarios of personal data collection and processing by vehicles: (i) personal data used by the vehicle without further transfer or exchange; (ii) personal data sent to companies for purposes of providing a service to the vehicle owner; and (iii) personal data sent to companies to trigger a vehicle-related action.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.