Connected Cars – Is the Law Roadworthy?
12 February 2020
The next shift – electric vehicles become connected and intelligent
In recent years, much attention has focused on the slow but steady shift to electric vehicles on our roads. In the first nine months of 2019 alone, purchases of electric cars in Ireland accounted for roughly 10% of all sales and it is anticipated that over one million electric vehicles will be sold across the EU in 2020. As electric vehicles are gaining traction, the auto industry and disruptors like Google and Uber are already well on the way to launching the next generation of transport – connected and automated vehicles. To do so, many of them are partnering with telecommunications companies and the wider tech industry to enable connectivity features.
While driverless cars are indeed on the horizon, connected vehicles are likely the more immediate precursor to automated vehicles in mass market terms. We look at the novel legal issues presented by connected vehicles.
Connected vehicles – a catch-up
A connected vehicle has its own in-built communications connection, usually (at least currently) via a wireless local area network. This network allows the car to share data with other systems both inside and outside the car. The connection allows the vehicle to communicate with the manufacturer’s remote fault repair system, the owner’s smartphone, other cars, infrastructure such as traffic lights and even pedestrians. Connectivity is facilitated via telcos and the tech industry – creating another new marriage across industries to address future solutions. Think of this as the first wave of future intelligent cars.
Automated or driverless vehicles, in comparison, go a step further and allow the vehicle to drive without human driver input. Vehicles of the future will likely be both connected and automated.
Existing connected vehicles
Many vehicles on the road today are already equipped with connected technology. Since March 2018, under the EU E-Call Regulation (2015/758), most new vehicles in the EU must be equipped with an in-vehicle emergency call system. This system allows the occupants to communicate with emergency services through a mobile wireless connection without the necessity for the occupants to have their own mobile phones or other communications devices on board.
Many newer existing vehicles also allow remote diagnostics and vehicle health reports to be communicated with the car’s manufacturer or for vehicles to connect directly with breakdown services. Increasingly, cars are marketed with connected functions such as remote car location and locking/unlocking via a smartphone app.
Technology wars for connected vehicles
A connected vehicle needs an in-built communications platform to communicate. The technology to do this is currently a hot issue of debate and is, at least in part, why we are yet to see a proliferation of connected cars on the market. Parts of the industry favour wireless communication through wireless local area networks (WLAN) while others champion communication via cellular signals like 3G/4G and, in time, 5G. Think of it like the Betamax/VHS and HD DVD/Blu-ray wars.
Existing WLAN/WiFi and cellular technologies are not interoperable. Allowing one technology to be adopted by manufacturers as standard risks excluding the other in the mass-market future roll-out of connected and automated vehicles. For this reason, some EU governments and the telecoms industry opposed plans in 2019 by the European Commission to introduce draft legislation on Intelligent Transport Systems The draft legislation favoured a type of WiFi as the standard for connected cars in the EU. Until the technology debate is resolved, a new EU Directive on Intelligent Transport Systems, which updates the previous Directive 2010/40/EU, is awaited.
Connected vehicles and legal issues
Currently, there is no bespoke Irish (or EU) legislation addressing the range of legal issues applicable to connected cars. A patchwork of existing legislative instruments applies. Some of the novel legal issues that arise are:
How will telecoms regulation apply to the connectivity features in connected cars?
This will depend on the type of system but it seems likely that the regulatory burden will fall mainly on the telecoms operators/providers facilitating the in-car connectivity.
How will cybersecurity and personal data risks be addressed?
Like all connected systems, connected vehicles are vulnerable to hacking. The nature of vehicular transport means that a successful hack could cause devastating effects for human safety, traffic chaos and significant personal data breaches. For example, in 2015, security researchers in the United States remotely disabled a Chrysler manufactured Jeep Cherokee on a highway by hacking the vehicle’s entertainment system. This resulted in Chrysler recalling close to 1.5 million vehicles for a software patch-update.
A host of existing cyber security requirements apply under the General Data Protection Regulation, the ePrivacy Directive, the NIS Directive and the EU Cybersecurity Regulation. Of note:
- For now: on 28 January 2020, the European Data Protection Board adopted Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications on Connected Vehicles; and
- For the future: under the NIS Directive, operators of intelligent transport systems can be designated as operators of essential services and be made subject to the cybersecurity and incident notification obligations under it. It seems likely that such designations will occur only once connected vehicles reach mass market penetration on our roads.
How will liability issues be addressed?
Conventional liability norms for traffic accidents will need to be looked at closely. There will undoubtedly be cases where it will be difficult to clearly attribute liability for a road incident to human error or to systems failure in the on-board communications system. Similarly, attribution of liability between auto industry manufacturers and the telecoms and tech industries for technical and communications malfunctions will become a battle-ground in time. At the very least, it is expected that liability under defective products rules and the provisions of the GDPR and e-Privacy Directive will need to be considered.
In the coming years, we expect that EU legislators will publish bespoke legislation dealing with the host of legal issues arising in respect of connected and automated vehicles – likely under the heading of legislation for Intelligent Transport Systems. For now, the auto, telecoms and tech industries must look to a patchwork of existing legislation and guidance issued by different EU and national bodies. For these industries, this is an important area to watch for legal developments in the near future.
The content of this article is provided for information purposes only and does not constitute legal or other advice.