EU Mandatory Driver Monitoring Cameras (ADDW) – Privacy Risks and Practical Implications

EU Mandatory Driver Monitoring Cameras (ADDW) – Privacy Risks and Practical Implications

The EU now requires every new car to monitor the driver’s face

Starting July 7 2026, all new vehicles sold in the European Union must be equipped with an Advanced Driver Distraction Warning (ADDW) system – an infrared camera that tracks eye‑gaze and flashes a light, sound, or vibration when the driver looks away for more than 3.5 seconds at highway speed (or 6 seconds at lower speeds). The system activates automatically above about 20 km/h (12 mph) and cannot be permanently disabled.

Safety rationale is solid, but the implementation is problematic

EU‑funded research estimates driver distraction contributes to 5 %–25 % of crashes, and the broader safety package that includes ADDW is projected to save over 25,000 lives by 2038. However, early field tests show the system can be overly sensitive, triggering warnings during normal glances at scenery or infotainment screens. Users report that the warning cannot be fully turned off – it re‑activates after each engine start or when any “problematic viewing behavior” is detected.

"10 mins into driving, the distraction warning kicks in and tells you to take a break… I found this incredibly distracting," – Reddit user u/premium_bawbag (r/privacy)【source】

The regulation is silent on data retention and transmission

The EU General Safety Regulation (GSR) mandates that ADDW operate in a closed‑loop fashion, meaning eye‑tracking data must stay inside the vehicle and not be transmitted as biometric data. Yet the law provides no independent audit, no definition of what constitutes “necessary” data, and no specified retention period.

  • No audit requirement – manufacturers can claim closed‑loop operation without external verification.
  • Ambiguous “necessary” – the regulation does not clarify which data must be stored, for how long, or when it must be deleted.
  • Potential breach impact – if footage were exposed, it could reveal daily routines, locations, and passenger identities, enabling identity theft or targeted phishing.

Real‑world precedents show how driver data can be misused

In March 2024, the New York Times reported that GM, Honda, Acura, Kia, Hyundai, and Mitsubishi sold driver‑behavior data (mileage, speed, hard braking) to data brokers LexisNexis and Verisk, leading to a 21 % insurance‑premium increase for one driver and a $12.75 million California settlement.

A 2023 Reuters investigation revealed Tesla employees sharing internal video recordings from customer cars, including crashes and even footage of occupants in private moments. These incidents demonstrate that once data leaves the vehicle, it can be repurposed, sold, or leaked.

The Mozilla Foundation’s 2023 privacy review found that 84 % of car brands share or sell driver data, and 76 % sell it outright.

GDPR still applies, but gaps remain

Even though the GSR is vague, the EU’s General Data Protection Regulation (GDPR) treats facial‑gaze data as personal data. Manufacturers must therefore:

  1. Collect only data that is strictly necessary.
  2. Retain it only for a limited period.
  3. Provide drivers with rights to access, rectify, and erase their data.

However, without a clear definition of “necessary,” compliance remains uncertain.

What drivers can do today

  1. Read the automaker’s privacy policy – look for explicit statements about footage retention, sharing with insurers or brokers, and whether data ever leaves the vehicle.
  2. Know the warning behavior – the alert can be silenced for a single drive but will reactivate on the next detection of distraction.
  3. Treat driver‑camera data as a personal‑data risk – consider identity‑theft protection services that monitor for leaked personal information.

Bottom line

The EU’s ADDW mandate promises substantial safety gains, but its lack of precise data‑handling rules creates real privacy risks. Clear definitions of “necessary” data, mandated retention periods, and independent audits are needed to ensure that driver‑monitoring cameras improve safety without compromising privacy.

Sources