Re: How severe does the 'crash' need to be..
> As a bonus, there is a summary of the privacy considerations contained in the technical document above.
Thanks - this is exactly what we needed to see. So to summarise the document: the device is not registered with any network until an accident occurs. This is more stringent than not having a data connection open: the device will not have a way to receive incoming calls, data or SMS. [This should preclude its use for bugging or tracking, including use by insurance or road-use based taxes]. The device will not retain more data than is necessary to establish the current position and the direction of travel - older data will be discarded. All of this being subject to possible change in the final requirement.
In summary, it seems to be designed with privacy in mind, and to be resistant to abuse by state agencies. While I would rather not have one, this appears to be a Germanic product - safety conscious, and also very cautious about the potential for mis-use.