In the EU the subject of the data is in full control. Each entity which collects data must inform the user of what is being collected and precisely why. Collecting something else or using it in a different way can result in prosecution (max. â300,000 Euro fine, will be increased in the updated regulations to 5% global turnover or â20,000,000, whichever is higher). Any third-party using this data (which would have been agreed to by the data subject themselves) also has to abide by these rules. Every data handler is subjected to spot inspections by the authority overseeing compliance. If you don't want it going to your insurance company, don't agree to it, and it becomes illegal for the information in your black box to end up at your insurance company.
The EU also provides (in the new regulations) the right to transfer your data from one device to another, and to receive a full copy at any time (for free). That means you can get a copy of the data and check its accuracy by yourself should you want.
You are also free to opt out of the data collection entirely at any time you wish.
Lots of shit gets talked about the EU, but their data protection laws are pretty fucking awesome for end users. For companies using the data, not so much (I work at one such company), but for a private citizen, they are wonderful.