Volkswagen was fined $1.1M under the GDPR for collecting unauthorized data.

Volkswagen, a German automaker, has agreed to pay 1.1 million euros ($1.1 million) to settle claims that it violated the General Data Protection Regulation (GDPR) when a test vehicle's camera secretly recorded nearby drivers.

Volkswagen has now broken the law regarding data privacy in the European Union for the first time thanks to the fine, which was announced by the State Commissioner for Data Protection in Lower Saxony on Tuesday. According to the Lower Saxony authority, the company cooperated with the investigation and accepted the punishment.


The regulator deemed the alleged infractions to be of "low severity" and noted Volkswagen corrected the flaws right away.

According to the Lower Saxony authority, Austrian police stopped a Volkswagen vehicle testing the functionality of a driver assistance system to prevent traffic accidents in the vicinity of Salzburg in 2019. Officers there noticed the car's cameras, which were recording the traffic in the area for a variety of purposes, including error analysis.


According to the Lower Saxony authority, the issue was that the vehicle did not have messaging alerting other drivers that they were being recorded, who would be in charge of that data, and where and how long it would be stored. Further investigation by the regulator revealed violations of Articles 28 and 35 of the GDPR due to problems with the contract with the service provider handling the research trips and the absence of a data protection impact assessment.


According to data protection law, Barbara Thiel, the state data protection officer in Lower Saxony, stated in a translated press release, "The actual research trips were not objectionable in terms of data protection law. We have no concerns about the resulting collection and further processing of personal data," the statement reads.


Requests for comment from a Volkswagen spokesperson were not answered.

By fLEXI tEAM