HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ifjimelse

no profile record

comments

ifjimelse
·5 jaar geleden·discuss
I’m not sure where you got that idea from. Consent is just one of the six available lawful bases under the GDPR.

https://ico.org.uk/for-organisations/guide-to-data-protectio...
ifjimelse
·5 jaar geleden·discuss
Yes it likely would be, if it’s timestamped log data. Even if there are multiple drivers, the data recorded still relates “to an identified or identifiable individual”. Simply knowing who was driving the car when, which shouldn’t be difficult if it’s your car, makes the specific individual identifiable.

Not having individuals’ names / email addresses etc. in a dataset of multiple people, doesn’t mean that the data is anonymous. See for example https://www.nytimes.com/interactive/2019/12/19/opinion/locat...
ifjimelse
·5 jaar geleden·discuss
Yes, that’s true. I was more thinking about the general research they were doing into establishing what data various Tesla models record. i.e. purchase a vehicle, drive it around (perhaps crash it if the research grant can stretch to that), submit a SAR. Any discrepancy between what personal data Tesla provide and what they found when they decrypted it themselves feels like the main story here to me.
ifjimelse
·5 jaar geleden·discuss
In the EU at least, GDPR got this covered:

https://ico.org.uk/your-data-matters/your-right-to-data-port...
ifjimelse
·5 jaar geleden·discuss
If they are making a Subject Access Request under the GDPR (which they should be), then yes, Tesla should be providing:

* what personal information the organisation holds about them;

* how they are using it;

* who they are sharing it with; and

* where they got their data from.

https://ico.org.uk/your-data-matters/your-right-to-get-copie...
ifjimelse
·5 jaar geleden·discuss
No, but they do have the GDPR, which affords data subjects the right of access to their own personal data.

Seeing as “the vehicles also record speed, accelerator pedal position, steering wheel angle and brake usage” and that personal data is "information that relates to an identified or identifiable individual", that sounds in scope of GDPR to me. I’d like to know what lawful basis they are using for this. I can see no other valid basis other than consent.

Tesla being less than forthcoming about what personal data they are processing is likely also problematic when it comes to the right to be informed too.