In the era of connected cars, how safe is personal information? Your car knows more about you than you do. This morning, your vehicle, on its way to work, might have recorded your travel route, parking duration, and even your driving habits. While 'connected cars' promise greater convenience through internet connectivity, hidden behind this convenience is a system that collects and utilizes consumer data in real-time. Connected cars constantly communicate with the internet, offering convenient services like real-time traffic conditions, weather information, and route guidance. However, this also means the vehicle collects and stores driver data to obtain such information. Recently, data privacy concerns related to this have emerged as a significant issue in the automotive industry. As communication technology advances and cars themselves become network devices, consumers are no longer just considering the convenience of necessary services but are also starting to worry about whether their information can be securely protected. Beyond being a mere means of transportation, cars have become so sophisticated that they are now described as 'computers on wheels,' offering convenience while simultaneously increasing the potential for personal information exposure. In January 2026, the U.S. Federal Trade Commission (FTC) declared its strong regulatory intent for the connected car industry through a landmark settlement with General Motors (GM), GM Holdings, and OnStar. This agreement includes robust sanctions against unfair and deceptive data notification and consent practices, and it is being hailed as a new milestone for connected car privacy protection. The FTC's action sends a clear signal that car manufacturers can no longer indiscriminately collect and use consumer data. According to the settlement, GM and OnStar are completely prohibited from disclosing location information or driver behavior data to consumer credit reporting agencies for the next five years. This measure aims to fundamentally prevent sensitive driver information collected by car manufacturers from being transferred to third parties and used for credit assessments or insurance premium calculations. Furthermore, consumers must be guaranteed the right to disable vehicle location data collection and to withdraw consent for data collection at any time. These measures are expected to grant consumers substantial control over their data and contribute to increased transparency in data collection. Through this settlement, the FTC has significantly expanded the concept of 'Covered Driver Data'. This is a comprehensive concept that includes not only data directly generated by the vehicle or mobile device but also all related data generated or inferred by algorithms. For instance, raw data such as the number of hard braking incidents, speed patterns, and travel routes, as well as derived data like 'driving risk scores' or 'accident probability predictions' analyzed by AI based on this raw data, are all included under protection. This expanded definition aims to regulate how car manufacturers process and utilize data in various forms, intending to minimize blind spots in data protection. Alongside federal-level regulations, state-level enforcement of personal information protection is also strengthening. In March 2025, the California Privacy Protection Agency (CPPA) initiated a detailed investigation into the privacy practices of connected vehicles and, in the same month, took enforcement action by imposing a hefty fine of $632,500 (approximately 850 million KRW) on a car manufacturer. This was based on allegations that the manufacturer violated the privacy rights of California residents, and the CPPA demanded comprehensive system changes to comply with state privacy laws. These outcomes serve as a strong signal that car manufacturers can no longer treat personal information issues lightly, extending beyond mere financial losses. The CPPA's actions demonstrate that California is one of the states implementing the strictest privacy regulations in the U.S. The California Consumer Privacy Act (CCPA) and its subsequent legislation grant consumers extensive rights over their data and demand a high level of transparency and accountability from businesses. The automotive industry is no exception; in fact, even stricter standards are being applied given the sensitivity and vastness of the data collected by connected cars. Experts predict that starting in 2026, there will be more aggressive enforcement by regulatory bodies, a rapid increase in state-level regulations, and intensified pressure for responsible data management. This will necessitate structural changes in the global automotive industry while also establishing new standards for consumer protection. As data protection principles are strengthened, companies face the need to fundamentally redesign manufacturing processes and in-vehicle systems. Strengthening technical infrastructure for data security is