Privacy Risks in Connected Vehicles: Profiling Threats and Mitigation Strategies

Abstract

The increasing connectivity of modern vehicles enables advanced services but also raises serious privacy concerns. Continuous data collection from sensors and V2X communications can lead to detailed user profiling and potential misuse, such as tracking, discrimination, or identity theft. This work presents a preliminary methodology for analyzing and mitigating privacy risks in connected vehicles. It combines a Privacy Impact Assessment (PIA) with misuse-case-based threat modeling to identify critical scenarios involving unauthorized access, data tampering, and data loss. We propose targeted technical and organizational mitigation strategies, taking into account the real-time and resource constraints of automotive systems. A re-evaluation of the PIA demonstrates a notable reduction in the likelihood and impact of these risks. Our results highlight the value of structured risk assessments and practical safeguards in protecting user privacy. Beyond enhancing privacy posture, the proposed approach supports alignment with increasingly strict European regulations such as the GDPR and the AI Act, promoting the compliant and responsible deployment of connected vehicle technologies