Browsing by Author "Toikkanen, Ilkka"

This Master's Thesis examines the compatibility of the European Union's present and future data protection law with connected traffic, which encompasses traffic technologies utilizing various electronic communication networks. The new forms of traffic enable services that, for instance, enhance safety, reduce pollution and make driving automatic. However, they require a constant flow of electronic communications data, most of which is considered personal data under the EU data protection law. This Thesis concentrates on scrutinizing consent as a lawful basis for processing of the location data used in the new traffic solutions. The main method of this study is the legal doctrinal method, and the future EU law is examined from a de lege ferenda perspective. First, the Thesis posits an answer for the research question “how do the present and future ePrivacy legal instruments of the EU regulate the legal basis for location data processing in the context of connected vehicles?”. After that, solutions are proposed for the second research question “how can these obligations be met in a way that would make connected traffic possible?”. The current data protection framework of the EU consists of the General Data Protection Regulation and the ePrivacy Directive. These legal instruments set consent as the sole applicable basis for the majority of location data processing in connected traffic. In the light of the opinions and proposals of the EU legislative institutions, the new ePrivacy Regulation, which is currently prepared, does not seem to change the situation. Under the GDPR, consent has to be freely given, specific, informed and unambiguous indication of the data subject's wishes. The forms of data processing essential for connected traffic, especially the communication taking place only between machines (M2M), do not enable acquiring consents from the drivers in accordance with the requirements of the GDPR. This Thesis aims at solving the consent issue by examining anonymization and pseudonymization, consent management services, M2M exemptions and alternative legal bases for data processing to consent. To enable the location data processing necessary for connected traffic, the EU legislators should utilize all these solutions in the new ePrivacy Regulation. The study posits that the protection of personal data and the confidentiality of communications can be integrated with the new traffic technologies by acknowledging the different purposes of data processing in connected traffic and defining a suitable legal basis and a level of regulation for each purpose. The new legal bases can be supported by the use of pseudonymization, the further study and utilization of consent management services and the introduction of a household exemption to enable the M2M communications taking place between vehicles.