Responsible Use of Data. Data Compliance Management at Mercedes-Benz

Connectivity and digitalization have a crucial role in future mobility. Large quantities of data are the basis for various new business models, including automated and autonomous driving, driving assistance systems, vehicle safety and new services. We are committed to using data responsibly. At the same time, we focus on the needs of our customers. Our group-wide Data Compliance Management System helps us plan, implement and monitor measures to comply with data protection regulations in this process.

Our Data Vision

Data makes it possible for innovative services to offer enhanced security and comfort, i.e. added value. It is important to us that our customers and business partners can trust that their data is handled responsibly and securely. We have defined the Mercedes-Benz Data Vision as our standard for data to be handled sustainably, responsibly and ethically correct.

The Mercedes-Benz Data Vision is fleshed out by various guiding principles of which transparency, choice and data security are crucial to us in this process.

Data protection is of major importance to us. We act responsibly when collecting, storing and using data. Adequate transparency regarding the handling of data is indispensable. We want our customers to know what kind of data we collect, when and for what purpose. As such, we provide them with extensive information in sales literature, on the vehicle homepage, in apps, in operating instructions and – whenever reasonably possible – directly in the vehicle as well.

It is equally important to us that our customers have the choice which services they want to use and which data they want to share – either through consent, by contract or at the push of a button. This choice allows them to selectively enable services in the Mercedes me app and to disable them again at any time, for instance.

High security standards of our customers similarly apply to data security in our vehicles. As a result, we continuously enhance data security with a view to advances in IT in order to protect data from manipulation and misuse.

Handling data responsibly is part of our corporate digital responsibility. We are focusing on transparency, self-determination, and data security. When our engineers develop new services and products, they sit down at a table with their colleagues from the corporate data protection and legal departments so that they can find solutions together. Data protection is a key factor in connected driving in particular, and also in customers’ acceptance of this technology.

Privacy-friendly product development

Ensuring effective data protection in vehicles is an integral component of our product development. Today, drivers of many model series can already make use of services such as live traffic information and the Active Stop-and-Go Assist system. Such applications are based on data processing. One main focus of our data protection activities is thus on a privacy-friendly design for connected vehicles, automated driving functions, and new services and applications. Privacy by Design is the basis for this. This means that our data protection officers already work with engineers and IT developers during the product creation phase and aim for responsible handling of data.

Responsible use of Artificial Intelligence

The use of Artificial Intelligence (AI) also requires clear guidelines. There is a wide variety of application fields for AI within the automotive industry. Interlinked navigation systems, smart voice assistants and autonomous vehicles are just a few examples of the diverse applications for AI. We also want to seize the opportunities that AI entails for our customers. For us, acceptance and trust are fundamental to using AI for data processing. Our guiding principles for data are thus being supplemented by our Principles for Artificial Intelligence. They are the basis for responsible and sustainable handling of AI technology in the company. Together with the guiding principles for data, they serve as an important foundation for our digital responsibility.

Principles for Artificial Intelligence

The Data Compliance Management System

In order to accommodate the regulatory requirements concerning data, we are one of the first automobile manufacturer to combine the existing measures, processes and systems for data security compliance into a Data Compliance Management System (Data CMS). It is based on the Mercedes-Benz Group Compliance Management System already in place. It helps us to systematically plan the measures for complying with data protection regulations based on risk, to implement them throughout the Group and to continuously monitor them. With the Data CMS, Mercedes-Benz Group exceeds the statutory requirements in order to ensure sustainable handling of data in the company.

Anchoring data protection and data compliance in our organization

The Chief Compliance Officer is responsible for the global compliance organization. He reports on current data compliance developments to the Member of the Board of Management responsible for Integrity and Legal Affairs as well as to the entire Board of Management.

The Chief Officer Corporate Data Protection performs the tasks required by law for complying with data protection regulations. Along with his team, he monitors compliance with data protection laws and the Mercedes-Benz Data Protection Policy and manages the Data CMS. He supports all central and local Group units in minimizing data protection-related risks, assesses them derives specific compliance solutions jointly with the respective management

The Chief Officer Corporate Data Protection is furthermore responsible for processing data protection complaints and communication with the supervisory authority. He initiates communication and training measures and advises the business units on e.g. implementing data protection impact assessments. The Chief Officer Corporate Data Protection acts independently and reports directly to the Member of the Board of Management for Integrity and Legal Affairs.

Our approach to an effective management of data protection also relies on local contact persons in our Group entities around the world. They assist the local management in implementing the data compliance measures.