Skip to main content

The Baltic DPAs to carry out joint supervision in the field of short-term rental of vehicles


This summer, the data protection authorities (DPAs) of the three Baltic States – Estonia, Latvia and Lithuania – announced that they will carry out preventive joint supervision in the field of short-term rental of vehicles (e.g., electric scooters). The purpose of the joint supervision is to develop recommendations to improve the processing and protection of personal data in the specified field.

The main focus of the joint supervision is on service providers whose main place of business is located in one of the Baltic States and who offer their services throughout the Baltics. In addition, each country's DPA can independently extend the scope of supervision to the activities of companies operating in only one country.

The purpose of the joint supervision is to verify compliance with the requirements of the GDPR and, therefore, proactively address potential threats to personal data in a sector which has increasingly and rapidly grown in the past years.

To date, the DPAs have not yet published the results of the joint supervision, including any recommendations. Upon doing so, the recommendations will likely serve as a good illustration not only to the providers of short-term rental of vehicles but also to other data controllers.

The decision to carry out joint sector-based supervision was decided in 2021, at the meeting of the Baltic DPAs. At the meeting, among other things, it was concluded that none of the Baltic DPAs have sufficient resources to adequately fulfill their obligations arising from the legal framework. Additionally, it was discussed that the most relevant topics in the Baltic States are the processing of personal data in social networks and via video surveillance. To ensure the maximum use of available resources, it was agreed to provide mutual support in matters related to international cooperation.

Referenced from the website of the Estonian DPA: (in Estonian)


Article provided by INPLP member: Mari-Liis Orav (TGS Baltic, Estonia)



Discover more about the INPLP and the INPLP-Members

Dr. Tobias Höllwarth (Managing Director INPLP)

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.


About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.