The Interface of Privacy and Data Security in Automated City Shuttles: The GDPR Analysis

Benyahya, Meriem; Kechagia, Sotiria; Collen, Anastasija; Nijdam, Niels Alexander · 2022 · Crossref

DOI: 10.3390/app12094413

archive: archived pipeline: cataloged verified

Get this paper ↗ (DOI — opens at the source; we link to it, we don't host it)

Summary

This paper addresses the regulatory and technical challenges at the intersection of privacy and data security in Automated City Shuttles (ACSs). As ACSs deploy advanced sensors and artificial intelligence to achieve high-level autonomy, they generate and exchange vast amounts of real-time data through vehicle-to-vehicle, vehicle-to-infrastructure, and vehicle-to-cloud communications. This data often includes personal information, such as facial identities and location traces, which can reveal sensitive details about passengers’ health or political opinions. The authors investigate how the General Data Protection Regulation (GDPR) applies to this complex ecosystem, specifically analyzing data processing principles, stakeholder roles, and the compatibility of legal requirements with privacy-preserving technologies. The study employs an interdisciplinary analysis to evaluate GDPR implications within the ACS landscape. The authors examine the core GDPR data processing principles—lawfulness, purpose limitation, storage limitation, accuracy, data minimization, security, and accountability—and assess their feasibility in an environment characterized by perpetual data usage for AI training and autonomous navigation. The research identifies the specific rights of data subjects, such as the right to be informed and the right to access, and maps the responsibilities of various stakeholders, including original equipment manufacturers, service providers, and public transport operators, who may act as data controllers, processors, or sub-processors. Furthermore, the paper categorizes privacy-preserving techniques, focusing on pseudonymization and anonymization, to determine their effectiveness in mitigating re-identification risks. The findings reveal significant tensions between GDPR requirements and the technical realities of ACS deployment. The perpetual nature of data collection for autonomous driving jeopardizes the principles of data minimization and purpose limitation, as data collected for navigation may be repurposed for profiling or commercial services. The analysis highlights that the complexity of ACS systems complicates the implementation of "privacy by design" and "privacy by default." Additionally, the study identifies a gap between legal definitions and technological implementations of privacy-preserving techniques. While pseudonymization and anonymization are recommended by the GDPR, the authors note that current technical implementations often fail to adequately address re-identification risks, particularly when combined with other datasets. The mixed and shifting roles of stakeholders further obscure accountability, making compliance difficult to monitor and enforce. The significance of this work lies in its comprehensive mapping of GDPR pitfalls within the automated mobility sector. The authors conclude that current data protection laws require strengthening to address the overlapping stakeholder roles and the blurring lines of privacy-preserving techniques in ACS ecosystems. By providing a detailed reference for policymakers, manufacturers, and operators, the paper advocates for an interdisciplinary approach to ensure that legal frameworks evolve alongside technological advancements. The study underscores the need for clearer guidelines on data controller responsibilities and more robust technical standards for anonymization to prevent privacy violations in smart city transportation networks.

Provenance

The full processing record for this entry. Every stage of this paper's journey through the pipeline is logged — what ran, with which tool and model, how many attempts it took, and when it last completed.

StageOutcomeToolModelPromptAttemptsCompleted
discover success Crossref 1 2026-06-25
archive success openalex 5 2026-06-26
extract success cached 2 2026-06-26
clean success clean 1 2026-06-25
chunk success chunk 1 2026-06-25
embed success embed Qwen/Qwen3-Embedding-8B 1 2026-06-25
promote success 1 2026-06-25
summarize success llm qwen3.6-27b-prismaquant summ-v5 1 2026-06-26
tag success vector_similarity 6 2026-06-25
verify success 1 2026-06-26

Summary generated by qwen3.6-27b-prismaquant on 2026-06-26; verification: verified.

Topics

Ranked by relevance to this paper. Hover a topic for its definition.