Privacy-first telematics in Gibraltar is already achievable by designing and operating connected car services in line with the Gibraltar General Data Protection Regulation (Gibraltar GDPR), the Data Protection Act 2004, and local communications and consumer rules and by turning those legal requirements into clear product commitments and intuitive user controls.
Location data, vehicle diagnostics, driver profiles, and voice interactions can be used transparently while respecting secondary users, limiting data collection, and managing retention responsibly throughout the vehicle’s lifecycle. Cross-border data flows between Gibraltar, the UK, and the EEA also need structured safeguards, supported by practical governance tools that embed compliance into everyday operations.
This perspective reflects Gibraltar’s post-Brexit data protection framework, which broadly mirrors the EU GDPR with local modifications, and builds on established regulatory guidance and operational best practice.
What Data Do Connected Cars Process?
Connected vehicles routinely process identifiable location traces, vehicle diagnostics and event data, in-vehicle profiles and preferences, and increasingly voice interactions. Under the Gibraltar GDPR, these datasets constitute personal data where they relate to an identified or identifiable driver or passenger, regardless of whether processing occurs within the vehicle, through companion mobile applications, or in cloud services. Certain processing may also fall within special categories of personal data where biometric identifiers, such as voiceprints used for authentication, are processed for the purpose of uniquely identifying an individual, or where health-related inferences are generated. In such cases, a lawful basis under Article 6 must be paired with an applicable Article 9 condition and supported by appropriate safeguards, typically documented through an appropriate policy document and strengthened security and governance controls.
Data rendered truly anonymous falls outside of scope, but pseudonymised data remains personal data where re-identification remains reasonably possible. As a result, most telemetry used for safety improvement, service optimisation or product analytics continues to attract full Gibraltar GDPR compliance obligations.
Lawful processing in connected vehicle environments should therefore be purpose-specific and recorded within a clear record of processing activities. Contractual necessity commonly supports core connectivity and safety services actively requested by users, such as remote access functions or roadside assistance. Legitimate interests may justify proportionate safety analytics and product improvement where a documented legitimate interests assessment demonstrates necessity, low impact on individuals, and effective safeguards. Consent remains the appropriate basis for optional or value-added features, including location-based infotainment services, data sharing for usage-based insurance products, or voice analysis beyond command recognition. For example, such consent must be freely given, specific, informed and easily withdrawable. Processing based on vital interests may apply in genuine emergency situations, such as automated crash notification, while legal obligations may justify processing required for recalls or regulator-mandated logging. In all cases, these bases should be narrowly framed, transparent, and communicated clearly in advance.
Transparency
Moving from privacy notices to meaningful control
A privacy-first connected car experience depends less on lengthy legal notices and more on timely, understandable explanations built into the product itself. Drivers and passengers should understand what data a feature uses, why it needs it, and how they can control or stop that use at any time.
In practice, this means replacing single, static privacy policies with layered information presented at relevant moments in the vehicle interface or companion app. Users should be able to see, in plain language, what data categories are used, who receives the data, how long it is kept, and what rights they have, with links to deeper detail for those who want it.
As connected vehicles operate within ecosystems of manufacturers, connectivity providers, app developers, and service partners, clarity about roles is critical. Users should be able to distinguish between the vehicle platform operator and independent third-party services and understand how to exercise their rights with each. Advertising, behavioural profiling, or non-essential tracking in vehicle or app environments must be clearly disclosed and, where required, based on user choice, with withdrawal as easy as acceptance.
Controls inside the vehicle and app should directly reflect user rights and be easy to access. For example:
- toggles for precise vs coarse location sharing;
- options to pause or limit data collection;
- deletion of stored voice recordings; and
- profile reset or deletion before resale or transfer.
Where automated decisions or profiling significantly affect users, people should understand how decisions are made and have a clear path to human review and challenge.
Behind the scenes, good governance means correctly categorising partners as processors or independent controllers, using appropriate contractual arrangements, and strictly limiting onward data sharing. Commercial reuse or licensing of telematics data must remain consistent with what users were originally told and, where relevant, based on consent or another appropriate lawful basis.
Connected vehicles are often used by more than one person, so systems must distinguish between primary users, such as owners, and secondary users, such as passengers or temporary drivers. Consent given by the primary user should not automatically apply to others, and vehicles should provide guest or limited-data modes so data collection reflects who is actually using the vehicle at the time.
Data Minimisation
Designing for less data and clean ownership transitions
Systems should collect only what is necessary for a defined purpose and retain data only for as long as that purpose genuinely requires.
Location traces and voice data are particularly sensitive. Often, aggregated or reduced-precision data is enough for analytics or diagnostics.
Security safeguards must match the sensitivity of telemetry and account data. Encryption, strong access controls, resilience planning, and regular security testing are baseline expectations. Importantly, outsourced vendors providing connectivity or cloud services must meet equivalent standards, since accountability ultimately remains with the vehicle platform provider.
Retention discipline matters just as much as collection discipline. Rather than indefinite storage, organisations should define clear retention periods aligned with operational needs, legal obligations and realistic litigation risks.
Vehicle resale or transfer is a critical privacy moment. Systems should make it easy to remove personal data before ownership changes. Good practice includes:
- one-step factory reset routines;
- automatic account unlinking when vehicles are deregistered or transferred;
- dealership processes confirming account removal; and
- notifications to former owners confirming data collection has stopped.
These steps prevent unintentional ongoing data collection linked to previous users and build long-term trust in connected vehicle ecosystems.
/Passle/5e2ef0738313d50b64779f79/MediaLibrary/Images/2026-01-22-14-03-54-150-69722e4ab0183f59ca4aff23.png)
AI, Regulation and the Gibraltar Instinct.
The AI Futures & Foresight Conference in Gibraltar yesterday provided a useful snapshot of where the conversation has now settled. AI is...
/Passle/5e2ef0738313d50b64779f79/MediaLibrary/Images/2026-01-30-11-06-22-086-697c90aef654f2a02de18758.png)
/Passle/5e2ef0738313d50b64779f79/MediaLibrary/Images/2026-01-19-10-37-07-594-696e0953377579228cc6937c.png)
/Passle/5e2ef0738313d50b64779f79/SearchServiceImages/2026-02-02-07-23-54-624-6980510a3a76054f3939abae.jpg)
