What does my car know about me — and who gets it?

Modern cars log location, driving style, calls and more, and manufacturers monetise it. Since September 2025 the EU Data Act gives you a hard right to that data — and a say in who else gets it.

A connected car is a phone with wheels: it can log location history, speed and braking patterns, seat-belt events, call and contact data synced from your phone, voice commands, even cabin-camera input in newer models. Manufacturers use it for “product improvement”, sell aggregated mobility insights, and pass driving-behaviour data to insurers where you opted in to usage-based policies — the boundary between “opted in” and “buried in the infotainment T&Cs” being exactly the fight. Your levers, in order: the GDPR applies in full (the car maker and its services are controllers — Art. 15 access requests work, and privacy settings in the car/app control ad-tech style sharing), and the Data Act (Regulation 2023/2854, applying since 12 September 2025) adds the sharp one: you can demand the data your connected device generates, and have it shared with a third party you choose — your independent garage instead of the dealer network, a rival insurer, an analytics app. Data-holders may not use contract tricks to keep it from you. Practical hygiene: run the factory reset before selling a car and unlink it from your account (the previous-owner-still-sees-location problem is embarrassingly common); prune phone-sync permissions in rentals — the next renter should not scroll your contacts; and ask your insurer which events feed your premium before accepting a telematics box. Watch this space: in-vehicle data access rules for repairers and insurers remain politically live in Brussels — updates land on What’s changing.

Verified against the sources above on 18 July 2026. Information, not legal advice.

← Privacy explained📞 Your data protection authority