Bella, GiampaoloBiondi, PietroCostantino, GianpieroMatteucci, IlariaMarchetti, MircoRoßnagel, HeikoSchunck, Christian H.Mödersheim, Sebastian2021-05-202021-05-202021978-3-88579-706-7https://dl.gi.de/handle/20.500.12116/36500Cyber risks associated with modern cars are often referred to safety. However, modern cars expose a variety of digital services and process a variety of personal data, at least of the driver’s. This paper unfolds the argument that car (cyber-)security and drivers’ privacy are worthy of additional consideration, and does so by advancing “COSCA”, a framework for “COnceptualising Secure CArs” as interconnected nodes of the Next Generation Internet. COSCA adopts an innovative socio-technical approach. It crowdsources drivers’ perceptions on core privacy topics and it classifies the data collected by cars and processed by manufacturers pursuant the General Data Protection Regulation. These steps inform a risk assessment which highlights the more relevant mitigation strategies and cyber security technologies. Finally, COSCA aims at designing novel interfaces to enable drivers to exercise their rights about personal data collection and processing.enautomotivecybersecurityframeworkprivacyText/Conference Paper1617-5468