German auto giant Volkswagen has agreed to pay 1.1 million euros (U.S. $1.1 million) to resolve allegations of violating the General Data Protection Regulation (GDPR) when a camera on one of its test vehicles recorded nearby drivers without their knowledge.
The fine, announced Tuesday by the State Commissioner for Data Protection in Lower Saxony, marks the first violation of the European Union’s data privacy legislation for Volkswagen. The company cooperated with the case and accepted the penalty, according to the Lower Saxony authority.
The regulator described the alleged violations as “low severity” and noted Volkswagen immediately remedied the deficiencies.
The details: A Volkswagen vehicle testing the functionality of a driver assistance system to avoid traffic accidents was stopped by Austrian police near Salzburg in 2019, according to the Lower Saxony authority. There, officers noticed the cameras on the vehicle, which were recording nearby traffic for error analysis, among other reasons.
At issue was that the vehicle did not include messaging to inform other drivers they were being recorded, who would be controlling that data, and where and how long it would be stored, according to the Lower Saxony authority. The regulator’s investigation further found issues with the contract with the service provider carrying out the research trips and the lack of a data protection impact assessment that led to violations of Articles 28 and 35 of the GDPR, respectively.
“The actual research trips were not objectionable in terms of data protection law,” said Barbara Thiel, state data protection officer in Lower Saxony, in a translated press release. “We have no concerns about the resulting collection and further processing of personal data.”
A spokeswoman for Volkswagen did not return a request for comment.
Kyle Brasseur is Editor in Chief of Compliance Week. His background includes expertise in user personalization with ESPN.com.
No comments yet