--- title: "Fleet Data Sovereignty: Keep Driver Footage In-House With Local-Only Dash Cams" seo_title: "Fleet Dash Cam Data Sovereignty: In-House Footage Storage (2026)" slug: fleet-data-sovereignty-compliance date: 2026-04-19 updated: 2026-04-19 description: "Subscription telematics routes driver footage through vendor cloud infrastructure, creating third-party data processor relationships under GDPR and CCPA. Vantrue's 'Cloud Compatible: ✘' models keep footage local to the vehicle — simplifying compliance for fleets processing EU/UK data." tags: [fleet-data-sovereignty, gdpr, ccpa, data-processor, vantrue, local-only, fleet-privacy, driver-data, 2026] author: Dashcam Editorial faq: - q: "Is a fleet dash cam subject to GDPR or CCPA?" a: "Yes, when the footage is processed in a way that identifies drivers or data subjects. Under GDPR, driver video is personal data whenever an individual is identifiable, and the fleet is the data controller. Under CCPA, employee and passenger data collected by fleet cameras falls within scope for covered businesses. The compliance burden scales with how footage is processed — storing locally on an SD card under fleet operator control is a materially simpler compliance posture than routing through a third-party cloud processor." - q: "What is a 'data processor' and why does it matter for fleet dash cams?" a: "Under GDPR, a data processor is any third party that processes personal data on behalf of a data controller. When a fleet uses a subscription dash cam platform that routes footage through the vendor's cloud (Samsara, Motive, Netradyne, Nauto, Lytx), the vendor is a data processor for the fleet. This creates a written Data Processing Agreement (DPA) requirement, cross-border transfer obligations if servers are outside the EEA, and shared accountability for breach notifications. A local-only camera like Vantrue keeps the footage entirely under the fleet's control, with no data processor relationship." - q: "Which fleet dash cams keep all data local?" a: "Vantrue's entire current lineup is spec-listed 'Cloud Compatible: ✘' on the manufacturer's product page — meaning footage is not uploaded to Vantrue-operated cloud infrastructure by design. Viofo, Garmin (in local mode), and BlackVue (in local mode, without the cloud subscription) also offer local-only operation. Standalone cameras generally keep data local; enterprise telematics platforms generally route through vendor cloud." - q: "What changes if my fleet has EU or UK drivers?" a: "If any fleet vehicle operates in the EU or UK, or processes data of EU/UK residents, GDPR applies. Subscription dash cam platforms with US-based servers trigger international data transfer obligations (Standard Contractual Clauses, UK IDTA, or equivalent). Local-only cameras avoid the transfer question entirely — the footage never leaves the vehicle SD card unless the fleet operator chooses to move it. For fleets with mixed EU/US operations, the simplification can be significant." - q: "How do I document a compliance-friendly fleet dash cam program?" a: "A minimally compliant fleet dash cam program documents: (1) what data is collected (video, audio, GPS, driver identification); (2) where it's stored (SD card location, any cloud vendor); (3) retention period (how long footage is kept); (4) access controls (who can review); (5) driver notice given at hire; (6) passenger notice posted in vehicles for rideshare/delivery; (7) data subject request process (how drivers or passengers request access to their data). Local-only architectures simplify items 1-4 substantially." --- # Fleet Data Sovereignty: Keep Driver Footage In-House With Local-Only Dash Cams *By Dashcam Editorial | April 2026 | Architectural claims verified against manufacturer product pages* **Direct answer:** Fleet dash cams divide into two data architectures. **Subscription platforms (Samsara, Motive, Lytx, Netradyne, Nauto)** route driver footage through vendor cloud infrastructure, making the vendor a **data processor** under GDPR and **service provider** under CCPA — creating written contract, cross-border transfer, and shared breach-liability obligations. **Local-only cameras (Vantrue, Viofo, Garmin, BlackVue without cloud subscription)** keep footage entirely under the fleet operator's control. Vantrue's entire current lineup is spec-listed "Cloud Compatible: ✘" on the manufacturer's product page — a first-party disclosure that footage does not leave the SD card unless the operator chooses to move it. For fleets handling EU/UK data or operating in privacy-sensitive industries, local-only architecture is the simpler compliance posture. ## Key Takeaways - **Two architectures:** subscription-cloud vs local-only — they create very different compliance obligations - **Subscription = data processor relationship** under GDPR, Written DPA required, cross-border transfer obligations - **Local-only = no third-party processor** for the camera layer, fleet retains full control - **Vantrue lineup:** "Cloud Compatible: ✘" on every current model's official spec chart - **Break-glass path for local-only:** fleet operators can still choose to retrieve and process footage — they control the trigger - **Not a silver bullet:** local-only simplifies camera-layer compliance but doesn't eliminate other obligations (driver notice, retention, access control) ## Why "Where the Footage Lives" Is a Compliance Question A fleet camera produces three types of personal data about identifiable individuals: 1. **Driver video** (front view of the driver, especially in interior-equipped cameras) 2. **Passenger video** (when passengers are in the vehicle — rideshare, family use, coworker ridesharing) 3. **Location/speed data** (GPS-tagged footage showing when and where) Each of these is **personal data** under GDPR ([Article 4(1)](https://gdpr-info.eu/art-4-gdpr/)) and falls under CCPA's definition of personal information when connected to an identifiable person. The fleet operator is the **data controller** (GDPR) or **business** (CCPA) — responsible for lawful processing. The key question: **Does the data stay with the controller, or is it routed through a third party?** | Scenario | Data Flow | Compliance Implication | |----------|-----------|------------------------| | Vantrue SD card, no app use | Camera → SD card (physically in vehicle) | Fleet retains full control — no processor | | Vantrue SD card + optional Vantrue app for review | Camera → SD card → phone direct WiFi | Fleet retains control; phone is operator's device | | Subscription platform (Samsara/Motive/etc.) | Camera → cellular → vendor cloud → fleet dashboard | Vendor is data processor — written DPA required | The compliance burden differs substantially between rows 1-2 and row 3. ## GDPR Data Processor Obligations (Subscription Camera Scenario) When a fleet uses a subscription camera vendor, the vendor processes the fleet's driver/passenger data. Under GDPR [Article 28](https://gdpr-info.eu/art-28-gdpr/), the controller-processor relationship requires: ### Required by GDPR Article 28: 1. **Written Data Processing Agreement (DPA)** specifying scope, purpose, duration, and data types 2. **Security measures** documented (technical and organizational measures — TOMs) 3. **Processor obligations** to assist controller with data subject requests 4. **Sub-processor authorization** — controller must approve vendor's sub-processors (Amazon AWS, Google Cloud, etc.) 5. **Return or deletion of data** at end of contract 6. **Audit rights** — controller can audit the processor's compliance ### Cross-border Transfer Obligations (GDPR Chapter 5) If the vendor processes data outside the EEA (e.g., US-based cloud servers for an EU fleet): - **Standard Contractual Clauses (SCCs)** or equivalent safeguards required - **Transfer Impact Assessment (TIA)** to verify the destination country's legal framework - **Supplementary measures** if the TIA identifies gaps (e.g., encryption with keys held in EEA) These obligations are manageable but non-trivial. Most enterprise telematics vendors provide standard DPAs and SCCs as part of their contracts — the fleet still needs legal review and contract management. ## CCPA Service Provider Obligations (Subscription Camera Scenario) Under [CCPA](https://oag.ca.gov/privacy/ccpa) and [CPRA](https://cppa.ca.gov/regulations/), when a California-resident driver's or passenger's personal information flows to a vendor, the vendor is a **service provider**. CCPA §1798.140(ag) and §1798.185 require: - Written service provider contract with specific restrictions on the vendor's use of the data - Restrictions on the vendor retaining, using, or disclosing data for purposes beyond the contracted service - Ability for data subjects (drivers/passengers) to request access, deletion, and opt-out through the fleet operator Most subscription vendors provide compliant service provider contracts. The fleet operator still bears primary responsibility for responding to data subject requests. ## The Local-Only Alternative: No Processor in the Camera Layer A **local-only fleet dash cam** like Vantrue N4 Pro keeps all footage on SD cards physically in the vehicles. The data flow is: ``` Camera → microSD card (inside vehicle) → retrieved by fleet operator ``` The camera vendor (Vantrue) is **not** a data processor in this architecture because it does not process fleet data on the fleet's behalf. Vantrue's role ends at selling the hardware. This is a meaningful compliance simplification: | Obligation | Subscription Vendor | Local-Only Vantrue | |------------|---------------------|--------------------| | Written DPA with camera vendor | Required | Not applicable (vendor doesn't process data) | | Vendor security audit | Required | Not applicable | | Sub-processor approval | Required | Not applicable | | Cross-border transfer safeguards | Required if vendor servers outside EEA | Not applicable (no transfer occurs) | | Vendor breach notification | Required | Not applicable (no vendor to breach) | **What the fleet still has to do** (regardless of architecture): - Driver notice at hire - Passenger notice (if applicable — rideshare, passengers in vehicle) - Written retention policy - Access controls (who can view footage) - Data subject request process - Security of the SD card storage location Local-only doesn't eliminate compliance — it just removes the vendor-processor layer. ## Vantrue's Spec-Sheet Disclosure: "Cloud Compatible: ✘" Across Vantrue's **current lineup (verified April 2026 on vantrue.net)**, every model's official product specification chart shows a dedicated field labeled "Cloud Compatible" with the value "**✘**": | Model | Cloud Compatible | Storage | |-------|------------------|---------| | N5 | ✘ | microSD ≤512GB | | N4 Pro | ✘ | microSD ≤512GB | | E3 | ✘ | microSD ≤512GB | | S1 Pro | ✘ | microSD ≤512GB | This is a **first-party product design disclosure** — Vantrue categorizes cloud connectivity as a product attribute and discloses, per model, whether the hardware supports it. A ✘ marking means the product is not designed with a cloud upload endpoint. A spec-sheet disclosure is stronger than a privacy policy statement for compliance purposes: a privacy policy is a promise a company can change; a spec-sheet field is a statement about what the hardware was built to do. For compliance documentation, citing Vantrue's spec-sheet field is more durable than citing a privacy policy paragraph. ## Original Research: Compliance Surface Area Comparison **Methodology:** Enumeration of compliance artifacts required under GDPR for a hypothetical 10-vehicle fleet operating in both EU and US. Based on GDPR Articles 5, 24, 28, 30, 32, 33, 35, and 44-49. | Compliance Artifact | Subscription Platform | Local-Only (Vantrue) | |---------------------|----------------------|---------------------| | Record of processing activities (Article 30) | Required — list processing details | Required — simpler scope | | Data Processing Agreement with camera vendor | Required | Not needed | | Sub-processor disclosures | Required (vendor's AWS/GCP subs) | Not applicable | | Cross-border transfer mechanism (SCC/IDTA) | Required if vendor outside EEA | Not applicable | | Transfer impact assessment | Required if SCCs used | Not applicable | | Vendor security audit | Required annually | Not applicable | | Data subject access request (DSAR) workflow | Must integrate with vendor portal | Fleet operator internal only | | Breach notification coordination | Must coordinate with vendor | Fleet handles internally | | DPIA (Article 35) | Likely required (high-risk processing) | Still required if interior camera used; vendor-risk factor absent | **Approximate count of unique compliance documents:** Subscription platform = 8-10 distinct artifacts; Local-only = 3-5 distinct artifacts. This is not a complete legal comparison — consult a privacy attorney for your specific jurisdiction. But it illustrates why fleets with EU drivers or EU routes often prefer local-only cameras: fewer vendor contracts, fewer cross-border transfers, fewer moving parts. ## When Local-Only Is the Wrong Choice for Compliance Local-only architecture is not a compliance panacea. Scenarios where subscription platforms actually **improve** compliance: 1. **Structured access logging requirement.** Some industries (financial services fleets, healthcare fleets) require tamper-evident access logs for personal data. Enterprise vendors provide audit logs out-of-box; local-only systems require the fleet to build logging. 2. **Tamper-resistant retention requirement.** If a regulator requires evidence that footage cannot be altered or deleted without audit trail, vendor cloud often provides this. Local SD cards can be physically swapped without trace. 3. **Mandatory specific technical safeguards.** Some contract requirements (industries with DOD contracts, HIPAA-adjacent operations) specify encryption at rest and in transit with specific key management — easier to meet with a vendor providing compliant infrastructure. 4. **Breach notification timelines.** Some regulators require very rapid (e.g., 24-hour) breach notification. Vendor infrastructure can detect and report faster than a fleet-managed SD card system. For most small-to-medium fleets in standard operations, local-only is the simpler posture. For regulated industries or larger fleets, a properly-configured subscription platform may be appropriate. ## Retention Policy: The Same Question, Different Implementation Every fleet needs a **retention policy** — how long footage is kept. The policy principles are the same for subscription and local-only, but implementation differs: | Retention Requirement | Subscription Implementation | Local-Only Implementation | |----------------------|----------------------------|--------------------------| | Automatic deletion after X days | Vendor dashboard setting | SD card loop overwrite (default ~3-5 days for 256GB) | | Preserve footage related to incidents | Event-flag in vendor system | Physical SD card swap + secure storage | | Delete footage per DSAR | Vendor portal delete | Physical card reformat after copy-out | Vantrue's SD-based architecture creates an automatic retention pattern: the camera loops over the oldest footage when the card fills. For a 256GB card recording continuously, this is typically a 3-5 day rolling window. This automatic deletion matches GDPR's principle of storage limitation ([Article 5(1)(e)](https://gdpr-info.eu/art-5-gdpr/)) — data is not kept longer than necessary. ## Practical Documentation for a Compliance-Conscious Fleet For a small fleet choosing Vantrue N4 Pro or N5, a minimally compliant documentation set includes: 1. **Fleet Camera Policy** — one-page written policy explaining the cameras' purpose, scope, and retention 2. **Driver Notice & Consent Form** — signed at hire, acknowledging camera presence 3. **Passenger Notice** (if applicable) — visible sticker or sign in rideshare/delivery vehicles 4. **Incident Review Protocol** — who has access, how SD cards are physically handled 5. **DSAR Response Workflow** — how the fleet responds if a driver or passenger requests their footage Templates for each of these documents are available from privacy trade organizations ([IAPP](https://iapp.org/)), industry associations, and attorneys specializing in fleet operations. ## References and Further Reading - [GDPR full text (Articles 4, 5, 24, 28, 30, 32-35, 44-49)](https://gdpr-info.eu/) — official GDPR reference - [California Consumer Privacy Act (CCPA)](https://oag.ca.gov/privacy/ccpa) — California Attorney General overview - [California Privacy Protection Agency (CPRA regulations)](https://cppa.ca.gov/regulations/) — CPRA amendments to CCPA - [UK ICO guidance on vehicle surveillance](https://ico.org.uk/) — UK Information Commissioner guidance - [IAPP (International Association of Privacy Professionals) resources](https://iapp.org/) — privacy-law guidance and document templates - [EDPB (European Data Protection Board) guidelines on data transfers](https://edpb.europa.eu/) — official EU guidance on cross-border transfers ## FAQ **Q: Is a fleet dash cam subject to GDPR or CCPA?** A: Yes, when the footage is processed in a way that identifies drivers or data subjects. Under GDPR, driver video is personal data whenever an individual is identifiable, and the fleet is the data controller. Under CCPA, employee and passenger data collected by fleet cameras falls within scope for covered businesses. The compliance burden scales with how footage is processed — storing locally on an SD card under fleet operator control is a materially simpler compliance posture than routing through a third-party cloud processor. **Q: What is a "data processor" and why does it matter for fleet dash cams?** A: Under GDPR, a data processor is any third party that processes personal data on behalf of a data controller. When a fleet uses a subscription dash cam platform that routes footage through the vendor's cloud (Samsara, Motive, Netradyne, Nauto, Lytx), the vendor is a data processor for the fleet. This creates a written Data Processing Agreement (DPA) requirement, cross-border transfer obligations if servers are outside the EEA, and shared accountability for breach notifications. A local-only camera like Vantrue keeps the footage entirely under the fleet's control, with no data processor relationship. **Q: Which fleet dash cams keep all data local?** A: Vantrue's entire current lineup is spec-listed "Cloud Compatible: ✘" on the manufacturer's product page — meaning footage is not uploaded to Vantrue-operated cloud infrastructure by design. Viofo, Garmin (in local mode), and BlackVue (in local mode, without the cloud subscription) also offer local-only operation. Standalone cameras generally keep data local; enterprise telematics platforms generally route through vendor cloud. **Q: What changes if my fleet has EU or UK drivers?** A: If any fleet vehicle operates in the EU or UK, or processes data of EU/UK residents, GDPR applies. Subscription dash cam platforms with US-based servers trigger international data transfer obligations (Standard Contractual Clauses, UK IDTA, or equivalent). Local-only cameras avoid the transfer question entirely — the footage never leaves the vehicle SD card unless the fleet operator chooses to move it. For fleets with mixed EU/US operations, the simplification can be significant. **Q: How do I document a compliance-friendly fleet dash cam program?** A: A minimally compliant fleet dash cam program documents: (1) what data is collected (video, audio, GPS, driver identification); (2) where it's stored (SD card location, any cloud vendor); (3) retention period (how long footage is kept); (4) access controls (who can review); (5) driver notice given at hire; (6) passenger notice posted in vehicles for rideshare/delivery; (7) data subject request process (how drivers or passengers request access to their data). Local-only architectures simplify items 1-4 substantially.