“Insurance and Data” Conference, Aix-en-Provence, FRANCE, 26-/04/2019-26/04/2019 The presentation recalls the key legal concepts for the protection of personal data, proposes a focus on “criminal offence data” and provides an account of the data needed by insurers, according to the perpetrators, to compensate victims and adapt premiums to the insured’s situation. In view of the legal context (General Data Protection Regulation of the European Union and the Law on information technology and amended freedoms), it appears that the conditions for access to data are legally different according to the purposes pursued by the insurers: legal obligation for one, “service (s)” to the insured person for the other. In all cases, the provisions protecting the rights of persons laid down in the abovementioned texts must be taken into account. After a brief reminder of the main elements of protection, the risks of infringement of these rights and the means that can be used by users to ‘keep the hand’ and by the controllers, the legal risks to the latter in the event of a breach, in the form of administrative and criminal penalties, are analysed. The second part, more directly dedicated to data collected by connected vehicles, refers to the legal context for access to data by insurers and in particular to the proposals included in the draft mobility law, currently under discussion by Parliament.