
ABSTRACT
Cars play a vital role in the present-day modern society, offering unparalleled convenience, mobility, and comfort. With the proliferation of connected cars, the automotive industry is witnessing a dramatic transition in this era of rapid technical advancement. These cars are accoutred with unheard-of levels of connectedness, convenience, and consumer-oriented features because of their sophisticated sensors, communication systems, onboard computers, and connection to wide computer networks.
However, since connected automobiles gather, transmit, and communicate enormous amount of data about drivers, passengers, and their surroundings, these advantages come with serious concerns of Data Privacy. A new frontier of cyber risks has emerged as the automobile industry embraces the era of connectivity and most cars now produced are “Connected Cars” for the demand it has created at the global market. Connected automobiles combine internet access, wireless technology, and cutting-edge in-car systems to provide unmatched practicality and efficiency. But this connectedness also makes it easier for perpetrators to take advantage of weaknesses in data systems, networks, and software used by such cars. The threats facing connected automobiles are varied and constantly changing, ranging from remote hacking assaults that target vital vehicle systems to data breaches that expose private driver information. Furthermore, the implications of cyber threats in connected cars go beyond personal vehicle security. In the quest for a smarter, more connected future, it is much required to extensively inspect the privacy implications of connected cars, potential cyber security concerns arising out of the extensive data driven features of modern cars, and the importance of balancing innovation and privacy protection in developing technology of the automobile industry. This paper aims to unveil the possible ramifications for drivers, passengers, and the larger transportation ecosystem as it examines the challenges posed by the changing terrain of cyber security threats the world is facing by connected automobiles and Data Privacy is the greatest concern.
Introduction
The automobile industry is in transition as the widespread use of linked cars promises a revolution in mobility. Connected Cars, also referred as internet-connected cars or linked cars or smart cars, are cars with advanced technologies and internet connectivity installed, to communicate with other cars, networks, and infrastructure. Developments in computing, communications, and automotive engineering have all contributed to the evolution of the idea of connected cars. Though early versions concentrated on simple telematics services like remote diagnostics and car tracking, but subsequently have grown to include advanced connectivity functions.1 These cars, which are equipped with cutting-edge technology and connectivity features, herald a new age of mobility distinguished by convenience. In the connected vehicle age, cars are not merely simply modes of transportation; they are mobile data collection centers which constantly capture and transmit massive amount of data.
Connected cars gather, process, and transfer data with external systems as well as within the vehicle by integrating a variety of sensors, processors, and communication modules, equipped with telematic systems which collect and transmit data that includes information about driver behaviour, vehicle location, performance specifications and the machine diagnostics. These cars can exchange information about traffic patterns, road conditions, and possible risks with other cars in proximity through communication. Due to their seamless integration with other linked devices, networks, and services, connected cars form part of the Internet of Things (IoT) ecosystem.2
However, when it comes to the concern about Data, connected cars which are considered as computer on wheels, equipped with electronic components such as the sophisticated sensors, cameras, GPS systems, and internet connectivity, these computers always gather and send enormous volumes of data. Along with location data, the data mined, collected, transmitted, or communicated may also contain sensitive personal information like voice commands, fingerprints for biometric authentication, behavioural patterns and even health related information like heart rate and sleep cycle monitoring.3
Linked cars are prone to cyber-attacks which include malware, hacking and data breaches.
Unauthorised access to its systems could also facilitate remote control hijacking or tampering of vital computer systems.4 Furthermore, cars that have been compromised can act as gateways for more extensive and sophisticated attacks on its interconnected infrastructure.5
In this era of connected cars, legal frameworks are essential for addressing data privacy issues because they safeguard individual rights, control data collection and use, set security standards, assign accountability, encourage innovation, and boost consumer confidence. Effective legal frameworks are necessary to strike a balance between the advantages of connected car technology and the requirement to protect people’s security and privacy.6 Rapid technological development has made it immensely challenging for the legislative and regulatory framework governing data privacy to evolve with the advancement.
This paper aims to unveil the possible ramifications for drivers, passengers, and the larger transportation ecosystem as it examines the challenges posed by the changing terrain of cyber security threats the world is facing by connected cars and the importance of regulatory frameworks which play an inevitable role in defining requirements for data privacy, security, and protection of consumers in the automobile sector.
RESEARCH OBJECTIVES
- To understand the importance, relevance, and growth of Data in the era of connected cars.
- To analyze the stealthy data mining by car manufacturers and its repercussions.
- To examine the landscape relating to Data Privacy in the Automobile Industry.
RESEARCH QUESTIONS
- Whether government is responsible to make the consumer aware of pitfalls of buying connected cars?
- Whether there is any enactment in force which mandates protection of Data?
- Whether Indian legal landscape is prepared to meet the regime of Data Protection vis a vie connected cars?

Data: The New Gold Of Technological Era
“Data is the new gold” signifies the immense value and potential it generates. Data gathered by connected cars through the complex sensors, software, and hardware systems, is consistently generated through user interaction. It is an inevitable resource which helps in the operation and development of connected cars, its user experience and innovation. Data holds great importance for its exponential value, relevance, and growth.7 Data mining processes generating big data, alongside knowledge discovery can be combined to create revealing patterns about netizens who create data. At the same time, data has an unusual characteristic of redefining human existence in manners which are not yet fully perceivable and has the promise to generate new information about netizens, which even the said netizen does not possess. Though, in the era of connected cars, manufacturers utilize data to optimize product quality, user experience and technical advancement which provides the consumers with real time assistance for the purposes such as navigation, vehicle diagnostics for infotainment as per the preferences of the user, reduced travel time by providing users with data such as traffic patterns, route options and road conditions without additional charges, consumers mostly are unaware of the fact that the manufacturers of such cars compensate it by stealthily collecting/retrieving data which includes hardware, software and personal information which is much more valuable and priceless8 to such an extent that the volume of data collected acts as treasure trove of vital information which can be scrutinized and utilized for several purposes by various stakeholders.9
DATA COLLECTION PRACTICES IN CONNECTED CARS
The Automobile industry is one of the most data-intensive sectors worldwide.10 In a research study conducted by the Mozilla Foundation, primarily focusing on the regions of United States of America and the European Union, the result indicated that car brands by tagging their cars as “Connected Cars” have intrinsically transformed cars into computerized cars which collect, transmit and distribute humongous amount of data.11 These cars can collect, process, and transmit the activities of the consumer/customer/user using the internet as a medium. The survey conducted by this U.S based foundation in September 2023, revealed that 25 leading manufacturers which include automobile giants like Renault, BMW, Subaru, Fiat, Chrysler, Nissan, Jeep, Volkswagen, Toyota, Lexus, Ford, Lincoln, Audi, Mercedes Benz, Honda, Kia, Chevrolet, Hyundai and Tesla, which have significant presence in the global automobile industry, collect personal data, probably much more than what is necessary for the operation of the vehicle and its claimed connected features.12 Statistics analyzed from the result of this research, further reveals that the data so collected by the manufacturers was not only utilized for their own use i.e. for the requirement of research and development, marketing or the masked terminology of Business requirements, but, approximately 84 % of the data so collected is shared with third parties such as data brokers, advertisement agencies and for monitory benefits with the collected consumer/user data ranging for their facial expressions to sensitive personal information which even could include information on sexual activity and genetic information.13 Data of the consumer/customer/user is collected by hardware components like sensors, cameras, microphones, and other electronic devices like mobile phones connected to the vehicle and car applications installed on vehicle infotainment system.
A decade ago, when cars had just started getting transformed into computerized automobiles, the data collected was stored within the On- Board Data Collection Device (OBD) installed in the cars and such data could be accessed only when connected to diagnostic hardware such as the Onboard Diagnostic Scanners. Now, with the rapid development in the technology, most cars which are sold in the market are equipped with “Connected Features” which extremely satisfies the consumer/user with topnotch features and convenience, making my thoughts ponder on to the aspects that, their connectivity also facilitates continuous exchange of data with the manufacturers and other stake holders including third parties14. Getting more intrigued with this aspect of collection, transfer and further sharing of data by automobile manufacturers, upon delving into the privacy policies of the major auto giants whose names figured in the Mozilla report, brought out certain startling revelations which are shared through this paper. In our over connected society, wherein each citizen/netizen churns out humungous data, now become more enlightened by the judgement of our Hon’ble Supreme Court in Justice K.S. Puttaswamy (Retd.) & Anr. vs. Union of India & Ors15., by which right to privacy has been declared a fundamental right, and having discussed various types of privacy including ‘data privacy’16 coupled with the enacting of the DPDP Act17, citizens are more concerned about maintaining their data safe, secure, and private. Unfortunately, it appears that automobile manufacturers have stealthily infiltrated this realm. This research relating to the probable types of data that are possibly collected by automobile giants could include:
- Vehicle Telematics- Refers to vehicle information such as the performance statistics pertaining to the speed, rotation per minute of the engine, specifications about fuel efficiency, odometer status and system codes of the vehicle. This data is collected by components such as the computer systems installed in the cars which are equipped with complex sensors wirelessly connected through communication networks.18 This technical information is stored in the On- Board Data Collection Device (OBD) installed in the car.19 The connected computer systems in the linked cars retrieve such data from the storage module and transfer it in real time through wireless medium, primarily through internet networks. Vehicle Telematics data could include:
- Vehicle Location- Primarily refers to information gathered and transmitted by the components of Global Positioning Satellites (GPS) equipped in connected cars. These communicate data about the geographical position of a vehicle which includes real time specification about geographical coordinates, direction of travel and travel time.
- Vehicle Diagnostics: Diagnostic data of cars directly explains about the status, performance and condition of the mechanical and software components used in a vehicle. Information pertaining to such technicalities are stored in function specific modules like Engine Control Module (ECM), Brake Control Module (BCM), Powertrain Control Module (PCM), Transmission Control Module (TCM), Central Timing Module (CTM) and Body Control Module (BCM). These modules when integrated, form the core computer system of a vehicle, forms the On-Board Diagnostic System. It caters to providing diagnostic information about the car
- Accident Record: During usage cars are prone to encounter accidents. Modern day cars are equipped with modules called Collision Sensing Units (CSU). They are a combination of several other units like a video camera, speed detecting unit, steering wheel information detecting unit and an electronic map display unit which collectively generate data in situations wherein cars meet with accidents. The data so compiled is retrieved from the storage unit and is transmitted to servers of the manufacturer and the insurance company through communication networks.20
- Driver Behavior: This class of data pertains to vehicle usage patterns of the consumer/customer/user. It includes data pertaining to speeding, acceleration, braking, driving traits, fatigued driving, and steering analysis.21 Manufacturers of cars claim to collect such data for the purpose of evaluating the driving character of consumer/customer/user, to evaluate and refine safety features and for the purpose of further development and error correction of the car.
- Biometric Data: The capability of a connected car to identify who you are, using the biometric data not only for authentication but rather to evaluate aspects such as the health and wellbeing of the consumer/customer/user. This feature which accurately retrieves biometric information, process them, and transmits required information to the manufacturer.22 The biometric data collected by connected cars include:
- Fingerprint Biometric Data
- Facial Biometric Data
- Voice Biometric Data
- Multimedia and Infotainment data: Connected Cars use multimedia and infotainment data to provide features such as navigation, communication, entertainment etc. It ranges from the simplest of the data about music streaming to complex data pertaining to Smartphone Connectivity, Entertainment Applications, Wireless Connectivity etc. It plays an important role in delivering complex functionalities in connected cars. However, the data so transmitted could also include personal data such as call history, messages and browsing history.
- Vehicle-to-Vehicle (V2V) Data and Vehicle-to-Infrastructure (V2I) Data: Refers to the data gathered and transmitted by connected cars through its continuous communication with other connected cars in close proximity as well as with the road infrastructure in the locality.23 Advanced Driver Assistance Systems (ADAS) have given way to features such as Adaptive Cruise Control, Lane Change Assist, Automatic Parking and Collision Avoidance Systems which are facilitated through data transmission carried on by connected cars through V2V and V2I communication networks. Data regarding lane markings, road signs, traffic signals, road conditions and cars in the proximity, could be captured by complex network of sensors and cameras, communicated over wireless networks among connected cars, road infrastructure as well as to the manufacturers.
Furthermore, cars transfer and receive data through Vehicle-to-Pedestrian (V2P) and Vehicle-to-Cloud(V2C) networks which establish communication between the car with pedestrians and cloud-based services, respectively. Communication carried out by amalgamating all the above mentioned networks is called Vehicle-to-Surroundings (V2X) Communication.
Conjoining the above-mentioned facts, with the new quote trending in the public domain- “Connected Cars are also called as Data Harvesting Machines”24, cannot be said to be out of place.
IMPACT OF DATA COLLECTION: THREATS AND CONCERNS
The Global Market for connected cars is expected to hit $20.5 billion by 2026.25 This acceleration in demand, paves the way for the population around the globe to be more susceptible to cybercrimes associated with the connected car technology. The more connectivity features, the more the cars could be prone and vulnerable to cybercrimes26, which could include:
- Data Breaches: Unveils a serious cybersecurity risk, endangering the security, safety, and privacy of both, the car’s passengers and the larger automotive industry. Connected Cars transmit and receive huge volume of data which could include information such as the vehicle telematics, driver behavior and at times even Biometric Data.
- Remote Hacking: Is of the greatest concerns in connected cars as it uses wireless networks like Wi-Fi, Bluetooth, and Cellular Data for generating, transmitting, sharing, and communicating huge volume of data to the manufacturer for various purposes detailed hereinabove. These networks expose the cars to be prone to cyber-attacks like remote hacking, by which perpetrators attempt to gain unauthorized access to the car’s computer system. This could even result the perpetrators to gain access to the critical controls of the car including its acceleration, steering, and braking.27
- Eavesdropping: Connectivity in cars establish a network between the computer system of the car and the computer system of the manufacturer or other cars in proximity or with the road infrastructure over a network. It communicates with other computer systems, transmitting and receiving data which could be sniffed and eavesdropped by cybercriminals, thereby exposing sensitive information about the car and the consumer/customer/user to the perpetrator.28
- GPS Simulation/GPS spoofing: By tampering with the GPS signals of a connected car, perpetrators can manipulate the car navigation system causing serious safety concerns, especially to Connected Cars having autonomous driving feature.29
- Malware and Ransomware Attacks: All computer system in the world function with software/s, which are very vital to control the functioning of a computer system. The computer systems can be corrupted by attackers remotely through compromised software updates, unsecured network or even by means of hardware components.30

LEGAL FRAMEWORK OF DATA PRIVACY IN CONNECTED CARS
The legal framework governing gathering, storing, processing, and sharing of personal and vehicle data by automakers, service providers, and other stakeholders is complicated and dynamic when it comes to connected cars. Various jurisdictions worldwide are grappling with this emerging situation and the legal environment worldwide is being inspired by pioneering attempts:
- General Data Protection Regulation (GDPR): The GDPR governs data protection and privacy in the European Union31. It includes regulations for the automotive industry enshrining provisions relating to access, rectification, erasure, data portability, and demands explicit consent from customer/consumer/user for data acquisition.32 It also enforces data minimization and tight security measures to safeguard personal information. Data collected by connected cars include location data, vehicle data, and personal data, all of which are governed by the GDPR.
- Federal Motor Vehicle Safety Standards (FMVSS): The National Highway Traffic Safety Administration (NHTSA) in the United States oversees FMVSS, which includes rules pertaining to cybersecurity and vehicle data privacy, designed to prevent unwanted access to car systems, guarantee the secure and safe management of vehicle data, and mitigate vulnerabilities associated with software, electronics, and wireless communications.33
- The United States’ California Consumer Privacy Act (CCPA): The Act34 gives Californians rights regarding the control of personal data that companies, including automakers, acquire about them, stipulating that data practices must be transparent, option to refuse data sales, requires appropriate security measures to protect personal data, and penalizes noncompliance.
- UNECE WP.29 Cybersecurity Regulations: The United Nations Economic Commission for Europe on assessing the wide range of cyber threats faced by connected cars, formulated the WP.29 Cybersecurity Regulations. The regulations are applicable to automobile manufacturers of the 56 member States of the UNECE35, primarily located in regions of North America, Europe, Central Asia, and Western Asia to formulate cybersecurity measures to ensure data security in connected cars.
Analysis: European Union Vs. India
Comparing the data protection regime in EU with those in India, reveals that India lacks in clarity on collection, transfer and sharing of data. Although the Digital Personal Data Protection Act, 2023 (DPDP Act) appears to rely heavily on “consent” as a mandatory requirement for processing personal data.36
Thus, in the context of connected cars, obtaining explicit and informed consent from users could possibly be complicated because of the volume, variety and sensitivity of the data being collected and processed for which, users might not understand what they are consenting to, thereby leading to issues of validity of consent. Further, the DPDP Act vis a vie connected cars could probably involve multiple parties like the manufacturers, service providers, software developers etc. In this context, though the said Act obligates data fiduciaries to obtain consent before sharing data with third parties, this mandate could prove to be challenging to be implemented in practice vis a vie ‘verifiable consent’, possibly creating a requirement that data fiduciaries would need to use dedicated consent management platforms which could add to the complexity and cost of collection of data.37
Regarding classification of data, the DPDP Act applies to the broader set of personal data without further categorizing it into sensitive or critical personal data unlike the GDPR which classifies personal data into further subset, into special categories of personal data. The DPDP Act appears to have no express mention regarding core principles guiding the processing of personal data, relating to the lawfulness, fairness, purpose limitation, accuracy, integrity, confidentiality, and accountability, which is manifestly mentioned in the GDPR.
Probably, the only provision in force is the negatively worded Section 43(A) of the Information Technology Act, 200038 which deals with compensation for failure to protect data together with Rules 3,4, and 5 of The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 201139, which mainly caters to sensitive personal data or information. Sensitive personal data or information consists of information relating to passwords, biometric information, medical records, health conditions, and sexual orientation.
Furthermore, India is making conscious efforts in formulating the Automotive Industry Standards under Central Motor Vehicles Rules.40 A draft available in the public domain, dedicatedly discusses V2X vulnerabilities, threats relating data breach, data confidentiality, loss of data availability etc., while suggesting verification of authenticity and integrity, strong cryptographic keys etc. oriented towards mitigation of the same in vehicles.
Conclusion and Suggestions
It is incontrovertible that technological advances in the history of mankind have a proven record of enhancing convenience and quality of life. However, Information Communication Technology, has permeated to almost all aspects of human life as never before in the history of mankind. The antithesis is probably that, unlike other technological advances, for example telephone, steam engine, jet engine etc., ICT alone poses significant threat to the core and basics of human life which includes privacy and security. Having said so, it is iterated that advances in ICT unfortunately appear only to focus on providing convenience rather than focusing on safety, security, and privacy. The flip side of ICT is ever evolving and throwing up new challenges that pose serious threats to data safety which is a growing concern among the global community.
ICT has stamped its presence to stay without any reversal to happen. Thus, the issue boils down ultimately on choosing between convenience and safety. Therefore, as a welfare State, the onus under S. 18 (2) (e), (f), (g), (j) and (l) of the Consumer Protection Act, 2019 41 to ensure effective enforcement of consumer rights; undertake and promote research in the field of consumer rights; spread and promote awareness on consumer rights; issue safety notices to alert consumers against dangerous or hazardous or unsafe goods or services and issue necessary guidelines to prevent unfair trade practices and protect consumers’ interest, is heavy on the Central Authority, under the said Act.
In the light of the fact that DPDP Act is yet to come into force, the Government ought to enlighten/spread awareness among customers/consumers/users regarding the actuality, seriousness and impact of data being collected by connected cars including its risks and pitfalls.
It is indeed a very difficult equation when law tries to govern/control/regulate technology. Having said so, it is rather inevitable that in the existing scenario where a netizen creates data almost every second, which warrants a need to have some effective Law, Rule/s or mandate/s that could practically be workable to protect personal data from being misused by perpetrators resulting in catastrophic damage which is mostly irreversible.
Footnotes
- Nitin Kamble, Journey through time: A comprehensive look at connected vehicles, HINDUSTAN TIMES
https://www.hindustantimes.com/ht-insight/future-tech/journey-through-time-a-comprehensivelook-at-connected-vehicles-101699868248598.html . ↩︎ - Md. Abdur Rahim et al. , Evolution of IoT-enabled connectivity and applications in automotive industry: A review, SCIENCEDIRECT
https://www.sciencedirect.com/science/article/abs/pii/S2214209620300565 . ↩︎ - Joel R. McConvey, Equipped with biometrics and spatial scans-cars are now guzzling data, BIOMETRICUPDATE.COM https://www.biometricupdate.com/202312/equipped- withbiometrics-and-spatial- scans-cars-are-now-guzzling-data. ↩︎
- Infosys BPM, The rise of automotive hacking: How to secure your cars against hacking?, INFOSYS BPM://www.infosysbpm.com/blogs/business-transformation/the-rise-of-automotive- hackinghow-to-secure-your- cars-against-hacking.html. ↩︎
- Id. ↩︎
- Vinay Raghunath, The connected car era: Navigating the challenges of automotive cybersecurity, EY://www.ey.com/en_in/automotive-transportation/the-car-is-connected-now-but- arewesafe#:~:text=Connected%20cars%20are%20vulnerable%20to,surface%20for%20potential%20exploits%2 0expands/ #google_vignette . ↩︎
- Michele Bertoncello et al. , Unlocking the full life-cycle value from connected-car data, MCKINSEYhttps://www.mckinsey.com/industries/automotive-and-assembly/our-insights/unlocking- the-full- lifecycle-value-from-connected-car-data . ↩︎
- Id. ↩︎
- Jen Caltrider et al., It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy, MOZILLA FOUNDATION
https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category- wehave-ever-reviewed-for-privacy/. ↩︎ - Id. ↩︎
- Id. ↩︎
- Id. ↩︎
- Id. ↩︎
- Katharine Kemp, How cars get away with collecting and sharing your data, UNSW SYDNEY https://www.unsw.edu.au/newsroom/news/2023/10/how-cars-get-away-with-collecting-and- sharingyourdata#:~:text=Cars%20can%20collect%20data%20via,are%20to%20be%20kept%20safe.&text=Your%20connected %20car%20can%20transmit,you%20go%20about%20your%20life. ↩︎
- Justice K.S. Puttaswamy (Retd.) & Anr. vs. Union of India & Ors., (2017) 10 SCC 1. ↩︎
- Id. ↩︎
- Digital Personal Data Protection Act, 2023, No. 22, Acts of Parliament, 2023 (India). ↩︎
- Katharine Kemp, supra note 14. ↩︎
- IBM CORPORATION, https://www.ibm.com/docs/en/mft/7.6.2?topic=data-telematics-collection-import- processoverview ↩︎
- Chiradeep Basumallick, What Is Telematics? Meaning, Working, Types, Benefits, and Applications in 2022, SPICEWORKS (Mar. 29, 2024, 11:07 AM), https://www.spiceworks.com/tech/iot/articles/what-is-telematics/ . ↩︎
- Raman Kumar & Anuj Jain, Driving behavior analysis and classification by vehicle OBD data using machine learning, J Supercomput 79, 18800–18819 (2023), https://link.springer.com/article/10.1007/s11227-023-05364-3 ↩︎
- AWARE, https://www.aware.com/blog-biometrics-on-the-road-to-automotive-identity/ ↩︎
- MEDIUM, https://emqx.medium.com/connected-cars-and-automotive-connectivity-all-you-need-to- knowd27b2f8f0d3c ↩︎
- Katharine Kemp, supra note 14. ↩︎
- MARKETSANDMARKETS, https://www.marketsandmarkets.com/PressReleases/connected-cars.asp ↩︎
- EY-PARTHENON, https://assets.ey.com/content/dam/ey-sites/ey-com/en_in/topics/automotive- andtransportation/2024/ey-cyber-securing-connected-cars-2-navigating-opportunities-and-risks-in-the-digital- era.pdf ↩︎
- HELP NET SECURITY, https://www.helpnetsecurity.com/2024/01/22/ivan-reedman-ioactive-connected- vehiclescybersecurity/#:~:text=Some%20of%20the%20main%20cybersecurity,such%20as%20braking%20and% 20steering ↩︎
- SOC CSIRT, Why Connected Cars Vulnerable to Cyber Attacks, SECURITY INVESTIGATION https://www.socinvestigation.com/why-connected-cars-vulnerable-to-cyber-attacks/# . ↩︎
- SOC CSIRT, supra note 28. ↩︎
- Id. ↩︎
- General Data Protection Regulation, (EU) 2016/679, Regulation of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, 2016 (EU). ↩︎
- EURPEAN COMMISSION, https://ec.europa.eu/commission/presscorner/detail/en/MEMO_18_387 ↩︎
- M., Chaka et al., H, FMVSS considerations for vehicles with automated driving systems: Volume 1, DOT HS 812
796, NATIONAL HIGHWAY TRAFFIC SAFETY ADMINISTRATION 1, 43-47 (2020) ,
https://www.nhtsa.gov/sites/nhtsa.gov/files/documents/ads-dv_fmvss_vol1-042320-v8-tag.pdf . ↩︎ - California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100-1798.199 (2018). ↩︎
- UNITED NATIONS ECONOMIC COMMISSION FOR EUROPE, https://unece.org/member-states-and- memberstates-representatives ↩︎
- Digital Personal Data Protection Act, 2023, § 6, No. 22, Acts of Parliament, 2023 (India). ↩︎
- Id. ↩︎
- Information Technology Act, 2000, § 43(A), No. 21, Acts of Parliament, 2000 (India) ↩︎
- Ministry of Electronics and Information Technology, The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, Rules 3, 4, 5, G.S.R. 313(E) (Apr. 11, 2011). ↩︎
- Automotive Industry Standards Committee, Draft D2/AIS 189: Approval of Vehicles with Regards to Cyber Security and Cyber Security Management System (2023). ↩︎
- Consumer Protection Act, 2019, § 18(2)(e)-(g), (j), (l), No. 35, Acts of Parliament,2019 (India). ↩︎