The SeDaFa (Secure Data‑Handling for Automotive) project set out to create a privacy‑by‑design framework that could be embedded in modern vehicles. Its core technical work focused on evaluating the SeDaFa architecture, testing individual modules, assessing information‑security measures, and gathering user‑centric feedback before delivering a final, integrated solution. The project’s final assessment, carried out in 2019, confirmed that the proposed architecture is technically feasible, can be implemented with reasonable effort, and offers a user‑friendly interface that supports the requirements of the General Data Protection Regulation.

A key milestone was the construction of a demonstrator vehicle, a Volkswagen Passat fitted with a cockpit‑display system that visualises data flows in real time. The visualisation component, developed by the Technical University of Darmstadt, allowed drivers to see which data points are collected, how they are processed, and to exercise control over their own information. Cryptographic modules that secure data exchange were supplied by Fraunhofer SIT, while the University of Hohenheim provided the legal assessment of the system’s compliance with EU data‑protection law. User studies, conducted by the University of Hohenheim’s Institute for Human‑Computer Interaction, confirmed that drivers could understand and manipulate the privacy settings without undue complexity.

The project’s work packages were organised around a series of evaluations. The architecture evaluation examined the overall design of SeDaFa, identifying strengths and potential gaps in the data‑flow model. Module evaluation assessed the performance and interoperability of individual components, such as the cryptographic primitives and the user‑interface modules. An IT‑security evaluation analysed threat scenarios, performed risk assessments, and proposed mitigation strategies. The user‑perspective evaluation gathered qualitative data on driver acceptance and usability. All these assessments culminated in a final report that synthesised technical findings, legal compliance, and user‑experience insights.

The Data‑Protection Impact Assessment (DSFA) was a central element of the final evaluation. It applied a structured risk‑assessment methodology to identify potential GDPR violations, quantify residual risks, and recommend countermeasures. The DSFA concluded that the SeDaFa solution meets the core principles of the GDPR—lawful, fair, and transparent processing, purpose limitation, data minimisation, and accountability—while also enabling drivers to exercise meaningful control over their data. The assessment highlighted that the system’s design allows for “reasonable effort” to secure personal data, a key requirement for automotive data protection.

The project’s timeline began in 2016, when a 2½‑month delay in the initial phase was compensated by a tight schedule that kept subsequent work packages on track. By 2017, the visualisation and cryptographic modules were integrated, and the demonstrator vehicle was assembled. Iterative testing and refinement continued through 2018, culminating in a final demonstration that showcased the system’s capabilities in a real‑world automotive environment.

Collaboration was the backbone of SeDaFa’s success. Volkswagen AG, the sole funder, provided financial resources and coordinated the consortium. The University of Hohenheim led the legal and compliance work, while the Technical University of Darmstadt and Fraunhofer SIT supplied the technical expertise for interface design and cryptographic implementation. The University of Hohenheim’s Institute for Human‑Computer Interaction and the University of Hohenheim’s Institute for Law contributed user‑studies and legal evaluations, respectively. Together, the consortium delivered a comprehensive, GDPR‑aligned privacy framework that demonstrates how automotive manufacturers can embed privacy by design into their products.