News site Careers Downloads
DE EN
Menu
A world map with highlighted street networks

BMW Group data ecosystem

BMW Group data ecosystem.

A world map with highlighted street networks

BMW Group data ecosystem

BMW Group data ecosystem.

SECURITY AND DATA PROTECTION.

Data protection and responsible handling of customer data are our key priority at BMW, and BMW AG processes personal data in line with the applicable legal requirements. Customers can find out more from the data protection notice on the relevant BMW Group brand website for their country. This describes in detail the data we use and the purposes we use it for.

Customers can change their privacy settings and data granularity at any time via the data privacy menu in their cars, the My BMW app or their BMW profile on the internet.

Data is collected from vehicles only if it is essential for the operation of specific services within the ConnectedDrive contract or if the customer has explicitly given their consent. With the current generation of vehicles, by entering into a ConnectedDrive contract with BMW AG, customers can use connected functions. Sensitive functions such as speech recognition have to be explicitly activated by the customer. Wherever possible, data is processed purely locally, within the vehicle. Some security functions, such as the Fatigue Assistant, process information (e.g. infrared image data) exclusively locally, within the vehicle, and do not share any data with the BMW Group.

The GDPR is the minimum standard for product development worldwide at the BMW Group. Where additional, country-specific requirements apply, these are taken into account as well, of course. The BMW Group does not sell personal data to third parties – even though this is not a requirement of the GDPR.

BMW Group products are developed on the principle of Privacy by Design. Data from the vehicle is collected only if it is essential for the delivery of services, legally required (e.g. the EU’s eCall) or if the customer has specifically consented. In addition, most services requiring the processing of customer data are deactivated when the customer first comes into contact with their vehicle and have to be activated before they can be used. Functions requiring active consent from the customer are designed to deliver an even better product experience. Speech processing, for example, can take place purely in-car, but carried out off-board with the customer’s additional consent, it can also be used to help improve the BMW Intelligent Personal Assistant’s understanding of speech. Furthermore, based on the driver’s usage patterns, the virtual assistant (“learning navigation”) can make suggestions around potential destinations, charging stops or the activation of driver assistance functions in relevant situations.

Privacy by Design also applies to the in-car use of partner applications such as Spotify, Alexa, YouTube and Bundesliga. Rather than being activated by default, these applications must be switched on by customers wanting to use them in their vehicle. Before they first use them, the customer must accept the relevant partner’s Terms of Use: data processing will then take place within the application, outside BMW’s responsibility.

Customers can change their privacy settings and data granularity at any time via the data privacy menu in their cars, the My BMW app, or in their BMW profile on the internet. They can also have their personal data erased at any time.

The confidentiality and integrity of personal data is a top priority for the BMW Group, and we abide by all the applicable data protection regulations, including the General Data Protection Regulation and supplementary national laws such as the Federal Data Protection Act in Germany. The same applies to the transfer of personal data to third parties, including law enforcement authorities and other public bodies. The BMW Group cooperates with crime investigations as required by law.

The event data recorder (EDR) – or black box of the vehicle – records only data that is legally required. This data cannot be read over-the-air by BMW; it can only be read by experts who have been commissioned for the purpose for official enquiries and rulings. 

At the customer’s explicit request, the BMW Group can release their data to third parties under the BMW and MINI CarData agreement. The customer decides which data to share with which service providers – such as workshops, insurance companies or fleet managers – and which services they would like to receive offers for. CarData is the BMW Group’s foundation to fulfil the EU Data Act and was already in place long before the legislation had even come into force.

The BMW Group’s data strategy is based on a series of fundamental principles that underpin the way we operate and handle data and are designed to guarantee data security and protection at all times:

  • Our vehicles connect to the internet not directly but via a secure connection with the BMW Group backend (a virtual private network, or VPN). For security reasons, third parties cannot access vehicles.
  • The VPN connection also ensures that no personal data relating to individuals can be accessed by unauthorised third parties without the customer’s consent.
  • Personal data is protected by the BMW Group, and customers can view their data at any time. It will only be passed on to third parties if specifically requested and confirmed by the customer.
  • To improve our products, services and general road safety, the BMW Group shares certain data with third parties, such as traffic jam information from vehicle sensors. Before sharing it, the data is anonymised so that it cannot be traced back to the individual.
  • The monetisation of (personal) data is not a core part of our business model.
  • The BMW Group abides by all the applicable laws including the EU’s GDPR, the Federal Data Protection Act in Germany, and other applicable legislation.
BMW Group Dataspecial Grafik

FULL TRANSPARENCY AND CONTROL FOR OUR CUSTOMERS.

The BMW Group strives to ensure customers have control and transparency over their vehicle data at all times. The Data Protection Notice  is available to view online at any time. Customers can see and adjust their settings for how much and which data from the vehicle should be shared in the Privacy menu in their vehicle*, the MyBMW app and the ConnectedDrive website.

The in-car Privacy menu varies depending on the generation of the infotainment system. Essentially, settings can be adjusted on a spectrum between “Allow all services incl. analysis data” and “No services”.

For example, if the customer selects “No services”, their vehicle will behave like a smartphone in flight mode and will not transmit any data to the BMW backend. The only exception is eCall, which is legally required and automatically sends data to the rescue coordination centre, but only in the event of an accident.

Customers can customise, activate and deactivate vehicle services to detailed specification, depending on the equipment package in their car. For the best possible user experience, however, driver, vehicle and fleet should ideally work as a team: the more data is shared by choosing “Allow all services incl. analytics” in the privacy settings, the better the services, forecasts and safety alerts for the benefit of all customers.

Some services only work if the relevant data is shared. Vehicles can learn the customer’s preferences, for example, but to automatically adapt certain comfort features to suit the customer, their usage data has to be analysed. Once that has happened, the car can make personalised suggestions for navigation routes, for instance.

“Traffic information” is a good example to show the importance of sharing real-time data within the fleet around the traffic situation, hazards and expected delays. If every customer who is out driving their car shares their anonymised data, an improved database will enable safer, more accurate route optimisation. Forecasts on traffic conditions, hazards and delays benefit all BMW Group customers as well as those of other manufacturers.

For more on data privacy at BMW, click here.

*The data privacy menu varies between model generations and equipment packages.

DATA IS THE NEW CODE.

card into a vehicle back in 1997 to offer intelligent emergency calls for the first time. Since then, we have put more than 22 million connected vehicles onto the roads. Today the BMW Group fleet as a whole now covers almost the entire (99%) German autobahn network in 24 hours, collecting 56 million items of data from road signs in Germany alone. Over 6 million vehicles generate real-time traffic information, collecting just under 500 million data items on average per day in the EMEA region and about 250 million in the US.

With each newly registered vehicle, the connected fleet grows a little more. Meanwhile, the degree of connectivity and the in-car sensors – comprising cameras, radars, ultrasound and infrared – are improving all the time. Vehicles are becoming increasingly high-tech, able to detect and process more and more data about their surroundings. The information they collect doesn’t just benefit the vehicle’s own functions; data sharing means all the other cars in the fleet gain from “swarm intelligence” too. This means that each vehicle has access to selected information and analyses from millions of other cars, so if a single one detects ice on the road at the end of a bend, the information will be validated and shared with all the others following on the same piece of road – before they detect the hazard themselves.

Video Thumbnail

In certain instances, it can make sense to combine real-time data with data from long-term analyses, as this even allows the fleet intelligence to make predictions. For example, as well as showing the driver where they can park, the car can work out the probability of the spaces being free at the estimated time of arrival. It can then use this data to calculate the rest of the route exactly so as to maximise the chances of finding a parking spot close to the destination – saving the customer time and trouble. In Berlin, for example, cruising for parking accounts for up 40 percent of total traffic (source: German Federal Government, 2017). Reducing it overall would enable massive savings on fuel and emissions in cities – to everyone’s benefit.

Data is fundamental not only to developing innovative services and new functions but also for improving efficiency, quality and safety. At the BMW Group it is processed in line with data protection laws, for the specific benefit of customers and society as well as the continued development of mobility. The spectrum ranges from local hazard warnings and on-street parking information to the customisation of digital services. On the road to automated driving, data is essential for training algorithms and for the virtual validation of driving functions.

For all the benefits, though, we remain uncompromising in our stance: for us at the BMW Group, security and data protection are our premium brand promise and an integral part of our development work. We give our customers transparency and control over how their data is used. Traffic information is anonymised, and data for quality assurance and product development is always pseodonymised so that it cannot be traced back to the customer. We also protect our vehicles from access by unauthorised third parties.

INNOVATIVE SERVICES WITH BMW AND MINI CARDATA.

BMW and MINI customers can request a data archive from BMW and MINI CarData at any time. They can do this by logging into BMW ConnectedDrive or the MINI Connected customer portal for an overview of their telematics data stored at the time of their request. They can also actively set CarData to share their data with service providers such as insurance companies and workshops to benefit from a tailored service offering.

Personal telematics data is stored exclusively on the BMW Group’s own CarData platform. Customers have control over their data at all times and can decide for themselves whether they want to delete it, share it with third parties or withdraw their previous consent. They can also use CarData to share their data with service providers such as workshops and insurance companies that register with BMW and MINI CarData. To make use of services like flexible, mileage-based car insurance, customers must actively give instructions to pass their data on to the company making the enquiry. The required data will then be transferred via an encrypted connection with CarData.

As a member of the VDA and ACEA, the BMW Group supports their data protection principles, which focus on transparency, customer self-determination and in-car data protection through technology. CarData is a secure central server with clearly defined technical and competition rules meeting the “Extended Vehicle” according to ISO 20078. Establishing CarData, the BMW Group laid the foundation to fulfil the EU Data Act long before it had even come into force.

For more on BMW and MINI CarData, click here.

LINKS TO DATA PLATFORMS.

Detail graphic to illustrate the data streams

Data marketplaces serve as platforms for different parties to exchange data. This allows them to improve their own services as well as those of third parties, and enhance safety more generally and the efficiency of traffic flows. Marketplaces allow information to be shared in real-time around topics such as parking spaces and traffic data from the fleet.

Since the middle of 2019, the BMW Group has offered open access to safety-relevant traffic data for non-commercial purposes, allowing companies from other sectors, startups, institutions and government agencies to obtain the data they need from the platforms. Any data the BMW Group shares in this way is anonymised fleet data that does not relate to individuals.

The BMW Group shares safety-relevant data such as hazard warnings around accidents or slippery roads with the open location platform HERE Marketplace. The data concerned is fully anonymised and made available to third parties licensed by the BMW Group so that they can continue improving safety-relevant services like location-centric hazard warning or on-street parking information. The safety-relevant data can also be accessed by developers, service providers and organisations such as traffic control centres, for non-commercial purposes. For us at the BMW Group, road safety is an integral part of our social responsibility.

For more on the open location platform HERE Marketplace, click here.

The Mobility Data Space (MDS) is a data marketplace in which equal partners from the mobility sector exchange data. The data provider remains the owner of the data throughout and can decide for themselves whether and with whom to share it. The aim is to create a cross-company data economy that will allow innovative, eco- and user-friendly mobility concepts to be realised and enhanced. The MDS brings together companies, organisations and institutions, connecting those seeking to monetise their data assets with those who need them for their innovative mobility solutions, and often enabling purposeful data exchanges that are a win for both sides. The MDS provides the framework needed for trusting cooperations.

For more on the Mobility Data Space, click here.

ROAD AND PRODUCT SAFETY DATA.

On BMW Group servers, vehicle data relating to individuals is stored in BMW and MINI CarData. Customers can view their data there at any time and maintain control over it throughout. They decide whether and with whom to share it.

Before processing it in-house, the BMW Group anonymises traffic-related vehicle data, removing any information from the data set that could allow it to be traced back to an individual and leaving only what’s needed for the specific purpose of the processing. So, if a car hits ice, for example, the data on the ice event is extracted for use, leaving aside any other information such as “DSC active, GPS position, time, temperature”. Information as to which car registered the event is also not used. Then, with the data set we have, we can see whether it was aquaplaning or ice that was involved, but we cannot see who reported it.

To identify and resolve product defects in individual cars or model series, in some cases our partners and suppliers need data linked to a certain vehicle. This is provided by encoding any associated personal information – such as the chassis number – with a pseudonym to obscure any real-world personal references. This way, the operation can still be assigned to a specific vehicle but not linked to the chassis number or owner.

The VDA* and ACEA* define data categories that are relevant to road safety, traffic management and product or service quality. This data is anonymised or pseudonymised accordingly in the BMW Group backend.

The BMW Group abides by all the applicable laws including the EU GDPR, the Federal Data Protection Act in Germany, and other applicable legislation. The same applies to the transfer of personal data to third parties, including law enforcement authorities and other public bodies.

Last updated: October 2024

Learn more.

Page Overview: BMW Group Data Ecosystem