RGPD

Connected vehicles and mobility: what the CNIL plans in terms of compliance in 2025

As automotive technology evolves at a breakneck pace, the question of personal data protection within connected vehicles is becoming crucial. The French Data Protection Authority (CNIL) is actively engaging in this area through its "compliance club"

Contents
Schedule a discussion

Reading time:

6 min

As automotive technology evolves at a breakneck pace, the question of personal data protection within connected vehicles is becoming crucial. The French Data Protection Authority (CNIL) is actively engaging in this area through its "compliance club", created to encourage dialogue among the sector's stakeholders. With an ambitious work programme for 2025, the CNIL is preparing to issue essential recommendations, particularly on the use of in-vehicle cameras, or "dashcams", which raise significant concerns relating to users' privacy and security. This club will serve as a platform for setting out guidelines tailored to current legal and technical challenges, while involving various stakeholders in the process. Let us explore together the scope of the upcoming work and the expected impact on mobility and innovation.

If you wish to retain a lawyer specialising in personal data law, contact me!

What recommendations is the CNIL developing regarding the use of in-vehicle cameras?

The rise of connected vehicles has led to the increasing use of in-vehicle cameras, or dashcams, which have become common equipment in many modern vehicles. These devices, whether built in by manufacturers or added by individuals, make it possible to record video for various purposes, such as gathering evidence in the event of accidents, preventing theft, or even using footage for driver training. However, their use raises major questions in terms of personal data protection and respect for privacy. To address these concerns, the CNIL's "compliance club" is taking action by developing specific recommendations designed to govern the use of these cameras.

These recommendations form part of a proactive regulatory approach, taking into account the extensive feedback from the public and private stakeholders concerned. Indeed, faced with the absence of a clear legal framework on the use of dashcams, the CNIL aims to ensure that these devices respect users' fundamental rights, particularly with regard to the recording and processing of captured images. The forthcoming recommendations will seek to establish principles of good practice as regards the purposes of recording, the conditions for data retention, and the provision of information to the persons filmed. This approach will not only make it possible to identify the situations in which the use of dashcams is justified, but also to guarantee the transparency essential to maintaining users' trust in the technologies deployed in connected vehicles.

In addition, the CNIL is paying particular attention to the possibility of implementing security measures to protect the data collected and to ensure the anonymisation of footage where possible. Thus, the CNIL's reflection forms part of a desire to reconcile technological innovation with legal and ethical requirements, ensuring that the use of in-vehicle cameras is carried out in compliance with individuals' rights. The work under way within the compliance club will not be limited solely to the current legal framework, but will also extend to the necessary adjustments as uses and technologies evolve, thereby laying the foundations for dynamic and informed regulation in the field of mobility.

Let's discuss your needs for 15 minutes!

How does the CNIL plan to involve sector stakeholders in the work on data protection?

To address the challenges associated with the use of in-vehicle cameras, the CNIL places the inclusion of all relevant stakeholders at the heart of its working method. By organising thematic workshops, the CNIL intends to foster constructive dialogue among the various participants, including representatives of the private sector, public stakeholders, and users. This collaborative approach aims to gather a broad range of perspectives on the issues raised by the capture of images and the processing of personal data. The workshops, scheduled between April and June 2025, will focus on crucial topics such as the purposes of using in-vehicle cameras, the classification of the data processed, and the legal bases justifying such processing.

By encouraging open discussion, the CNIL hopes that each stakeholder will be able to share their experiences, ask questions, and provide specific answers to everyone's concerns, thereby ensuring a collective understanding and ownership of data protection regulations. Moreover, the workshops will make it possible to address topics such as data minimisation, the limitation of retention periods for recorded footage, and the right to information of the data subjects. The importance of these discussions lies in their capacity to produce pragmatic recommendations capable of balancing the necessary requirements of security and users' privacy within the context of using image-capture devices. This consultation process with the various stakeholders creates an environment conducive to establishing good practices and to the continuous review of the CNIL's recommendations.

As a result, regulation in this area is informed and adapted to technological developments and sector practices, ensuring better consideration of users' rights in the face of technological growth. As the work progresses, it becomes clear that the CNIL intends to broaden these discussions beyond immediate regulatory constraints, taking into account future developments in the sector. The concern to guarantee effective data protection while enabling innovation and the adoption of new technologies remains a central issue, making the collective involvement of all stakeholders indispensable.

I want reliable legal documents!

What future steps await the compliance club after 2025 and how will they be managed?

As the CNIL's compliance club continues its work on in-vehicle cameras, it is crucial to consider the next steps awaiting this initiative after 2025. Indeed, the role of this club is not limited to one-off recommendations; it forms part of a lasting approach of ongoing exchange and dialogue with stakeholders in mobility and connected vehicles. Following the development of recommendations on in-vehicle cameras, the CNIL intends to identify new topics to address. This adaptability responds not only to technological developments, but also to the emergence of new challenges in terms of data protection. The upcoming topics will be determined taking into account the impact of data processing on the persons concerned, and the need to clarify the legal framework, thereby facilitating innovation while ensuring users' security.

In addition, the CNIL plans to organise public consultation sessions before the final adoption of its recommendations. This democratic method will ensure that all voices are heard, thereby making it possible to refine the directions taken regarding the regulation of connected vehicles. The CNIL undertakes to publish the new work programme for 2026, reflecting the concerns and developments of the sector.

Finally, the compliance club aims to be a dynamic space for exchange, making it possible not only to address current issues but also to remain responsive to future challenges. Through this proactive approach, the CNIL aspires to ensure effective and fair regulation, safeguarding individuals' rights while stimulating innovation in the connected vehicle sector. Stakeholders in the field will therefore need to remain attentive to upcoming developments and to participate actively in the dialogue proposed by the CNIL, in order to contribute together to building a future that respects privacy and is rich in innovation.

For more information, please consult the CNIL's article: https://www.cnil.fr/fr/club-conformite-vehicules-connectes-programme-de-travail-2025-cnil#.

To learn more

Why is the CNIL interested in connected vehicles?

Because connected vehicles generate a mass of personal data (location, driving habits, footage). The CNIL runs a dedicated compliance club to encourage dialogue with sector stakeholders and to develop recommendations tailored to the data protection and privacy challenges specific to connected mobility.

What is the CNIL's compliance club on connected vehicles?

It is a platform created by the CNIL to bring together stakeholders in the connected mobility sector and to define guidelines tailored to legal and technical challenges. It aims to develop recommendations, particularly on in-vehicle cameras, drawing on feedback from public and private stakeholders.

Do dashcams raise data protection issues?

Yes. In-vehicle cameras (dashcams) record footage that may contain third parties' personal data (faces, number plates). Their use raises questions of purpose, retention period, and information of the persons filmed. Faced with the absence of a clear framework, the CNIL is developing recommendations to govern these devices.

What recommendations is the CNIL preparing on dashcams?

The CNIL is working to establish principles of good practice on the purposes of recording (evidence, prevention, training), the conditions for data retention, the information of the persons filmed, and security measures. The aim is to identify justified uses and to guarantee the transparency and protection of the captured data.

Can a dashcam be used as evidence in the event of an accident?

Dashcam footage may serve as evidence, but its use must respect data protection: a legitimate purpose, a limited retention period, information of the persons filmed, and security of the recordings. The CNIL's forthcoming recommendations are aimed precisely at governing these uses in order to reconcile evidentiary value with respect for privacy.

What data do connected vehicles collect?

Connected vehicles collect a great deal of data: location, journeys, driving habits, performance, and sometimes footage via in-vehicle cameras. This data, often personal, is subject to the GDPR. Its processing requires a legitimate purpose, information of the persons concerned, security, and respect for their rights, issues at the heart of the CNIL's work.

How can automotive innovation be reconciled with data protection?

The CNIL seeks to reconcile technological innovation with legal and ethical requirements: governed purposes, limited retention, information of the persons concerned, security, and anonymisation of footage where possible. The challenge is to enable innovation while guaranteeing users' trust and respect for their rights.

Why consult a lawyer on the compliance of connected vehicles?

Because connected mobility combines the GDPR, security, image rights, and sector-specific recommendations still under development. A lawyer specialising in personal data helps to classify the processing operations, govern the use of dashcams, and anticipate the CNIL's recommendations. This support secures innovation while guaranteeing compliance and the protection of users.

Still have questions?

Our team is available!

Have a question?

Vos informations restent strictement confidentielles.
Thank you! We will get back to you shortly. If you'd like to speed things up, schedule a time with me directly here:
Schedule a 15-minute call
Oops! Something went wrong while submitting the form.
Homme en costume bleu foncé avec cravate et pochette blanche, bras croisés, regardant vers l'avant.

Ressources

Aller plus loin

00
article(s) affiché(s) sur
00

16 min

Marketplaces vs. proprietary e-commerce websites: a comparative legal analysis for 2025
In e-commerce, effectively protecting this intellectual property becomes a major issue when it comes to ensuring the long-term viability of your business.

9 min

The 5 Pitfalls to Avoid in Your IT Contracts
In the digital age, IT contracts have become strategic documents, yet they often contain numerous pitfalls to avoid... Discover 5 common pitfalls and how to avoid them.

10 min

NIS 2 and DORA: understanding the impact of the new European regulations on your cybersecurity strategy
The European Union is considerably strengthening its regulatory arsenal in matters of cybersecurity with the adoption of two major texts: the NIS 2 directive (Network and Information Security) and the DORA regulation (Digital Operational Resilience Act). These new regulations, which will gradually come int

4 min

Dropshipping: 5 fatal legal mistakes and how to avoid them
Dropshipping has become a popular method for getting started in e-commerce with a limited initial investment. However, behind this apparent simplicity lie numerous legal pitfalls that can prove extremely costly, or even fatal, for your business. Discover the f

7 min

GDPR and SaaS solutions: legal best practices for publishers
In the age of digital transformation, SaaS (Software as a Service) solutions have established themselves as the standard for distributing professional software. This shift comes with increased responsibility for publishers when it comes to data protection. The General Data Protection

7 min

Participative franchising: a threat to the franchisee's independence?
The emergence of the participative franchising concept raises fundamental questions about the franchisee's independence.
Prendre rendez-vous
Book an appointment