Connected vehicles continuously generate large volumes of sensitive sensor data, which is highly valuable to mobility services, insurers, and third-party applications. However, sharing this data carries security and privacy risks. These risks include unauthorized driver tracking, long-term profiling of driving behavior, inference of sensitive characteristics, and misuse or disclosure of personal data by third parties. These risks must be mitigated in accordance with data protection regulations, such as the GDPR. This thesis addresses these challenges by proposing a privacy-friendly data governance framework for connected vehicles, encompassing onboard access control, inter-organizational data sharing, and privacy-preserving data analytics. First, regarding access control, this work identifies requirements specific to the automotive sector, namely time-, location-, and frequency-based data access, and proposes an extended XACML-based model called XACML4M (XACML for Mobility). XACML4M introduces components such as the Vehicle Data Environment, Time Extension, Geolocation, and Polling Frequency Providers to enable granular, dynamic, and context-sensitive access control. A working prototype was implemented on a Raspberry Pi 4 and validated using policies from real-world use cases, confirming the feasibility of applying dynamic authorizations in vehicular environments. Second, for data sharing between organizations, the thesis presents Sticky-PRE (Sticky-Proxy Re-Encryption), a protocol that combines machine-readable "sticky" policies with proxy re-encryption. Sticky-PRE ensures that user-defined access conditions persist throughout the data lifecycle, including across organizational boundaries, while preserving data confidentiality, integrity, and traceability. The protocol was analyzed using an honest-but-curious threat model and quantitatively evaluated using performance benchmarks for encryption, re-encryption, and decryption, demonstrating secure and efficient operation suitable for connected vehicle contexts. Finally, for downstream data analytics, this work examines the trade-off between confidentiality and utility in analyzing auto insurance data using anonymized real-world data. The study systematically evaluates how anonymization techniques, k-anonymity, and l-diversity (Distinct, Shannon entropy, and recursive diversity (c,l)) influence the performance of machine learning models for predicting claims.The results show that it is possible to substantially reduce the risk of re-identification while maintaining competitive predictive performance. For example, a configuration based on Distinct l-diversity with l=10, combined with a support vector classifier, achieves a residual risk of 0.049% and a k-anonymity level of 2013, with only slight losses in predictive accuracy compared to the original dataset. These results provide practical guidance on how organizations can choose anonymization parameters that balance data protection and analytical value. Taken together, these interdependent contributions constitute a comprehensive framework for secure, traceable, and privacy-respecting vehicle data sharing that adheres to modern data protection principles while enabling the delivery of relevant data-driven services.