Modern vehicles are expected to integrate a variety of connectivity features to enrich safety, entertainment, and driver comfort. This connectivity raises confidentiality and privacy concerns with the risk for the driver to lose control on his data. As vehicles are intended to be used for several years, a major challenge is also to design stable but flexible solutions that can withstand changes in legislation as well as advances in cryptography. Legal frameworks are currently being investigated and implemented to regulate the use of drivers' and vehicles' private information. However, the transcription of these regulations in practice remains an open problem. In this paper, the first formally proven security protocol for connected vehicles is proposed. It enforces a fined-grained access control policy while providing the flexibility to support recent schemes resistant to a quantum adversary. Its detailed security analysis is assessed using the ProVerif formal verification tool. In addition, a method to generate the access control policy in compliance with the laws is proposed along with an illustrating use case. The method supports both legislation and driver access control to data. Finally, a performance evaluation of the security protocol is provided.