The motor industry must stay vigilant if it is to navigate the emerging legal and ethical considerations surrounding Artificial Intelligence (AI), data security and environmental responsibility.
Speaking during the Motor Ombudsman and Radius Law Automotive Business & Law Conference held in London on May 15, Iain Larkins, director at Radius Law, said issues of liability in an increasingly automated environment were gaining prominence.
He said the Automated Vehicles Draft Bill which was published in November 2023 – and which is a response to recommendations issued by the Law Commission after a comprehensive four-year review – will primarily focus on the handling of personal data and the issue of liability.
The matter of liability is particularly complex, he said, as it involves determining responsibility which has seen the development of new concepts like the Authorised Self-Driving Entity (ASD) and the User in Charge.
“Parliament is still struggling with this and they’re still debating a lot, with complexity of deciphering when liability would switch from the vehicle to the driver, especially as driver handover may vary depending on the factors such as the location of vehicle, the layout of the road, internet connectivity in that in that particular area – so there’s still quite a long, long way to go in working through this Bill,” said Larkins.
Moving to a broader perspective on AI, he said the differing approaches taken by the European Union (EU) and the UK was of interest. The EU is proactively legislating in this area with the aim of creating a common legal framework for the development and use of AI products and services, balancing concerns regarding privacy, bias, discrimination, safety, and security. “Fines are staggering. Non-compliance will lead to fines ranging from €7.5 million or 1.5% of global turnover up to €35 million or 7% of global turnover.”
Contrastingly, the UK is embracing a more ‘laissez-faire’ approach, focusing on encouraging innovation while providing guidance rather than statutory regulations: “It’s very much one of ‘come here, innovate, and we won’t bother you too much’.”
It was however important to note that despite this approach, businesses operating internationally, including in the EU, will still need to adhere to EU regulations, effectively making the EU’s AI Act pertinent to all.
Larkins said there were also important developments in terms of data security legislation, both in the UK and the EU. For instance, the EU Data Act aims to regulate the use and access of data generated through connected devices, ensuring user access and imposing restrictions on charging for data. Compliance with these regulations will be crucial, with substantial fines for non-compliance.
In terms of general data, Larkins said that one of the things that is constantly challenging manufacturers is the repair access to technical information.
“We have this quite important judgement from the European Court of Justice in October that ruled against Stellantis for refusing to grant unrestricted access to diagnostic repair and maintenance data to independent repairers,” he said.
The ECJ however ruled against Stellantis’ argument which centred on data security, and clarified that independent operators must have full access to the vehicle information needed for their task in the field of vehicle repair and maintenance.
On the topic of personal data, Larkins said recent cases highlighted the importance of robust data security measures, with regulators holding both data processors and controllers accountable, meaning that the vetting of data processing contracts and diligent oversight was now critical.
Furthermore, there are ongoing discussions and developments regarding data transfer agreements and worker monitoring, emphasizing the need for companies to stay informed and compliant.
The EU Data Act aims to regulate the use and access of data and metadata generated through connected devices.
“There’ll be an obligation to provide those users free of charge for the data that is generated through connected devices, particularly around enabling them to port that data perhaps to a new product or a new vehicle that they then purchase. Also, data has to be provided to other businesses, albeit that can be for a reasonable compensation,” said Larkins.
There are limited exceptions concerning trade secrets and data security and Larkin said it will be interesting to see how that plays out in practice. “No doubt,” he said, “we’ll have some court cases over the meaning of that.”
He said the EU is proposing to create model contractual clauses to illustrate how data should not be shared.
An additional element of data security was data protection EU GDPR provisions. “If you have some data, like a VIN, and you have no access to an identifiable individual with that data, then it’s not personal data. But under EU GDPR if you’ve got access to another bit of data, and therefore you connect those bits of data together to be able to locate or find an individual, it then becomes personal data,” said Larkins.
“So currently unlinkable data becomes linkable data, and then it becomes personal data. And then of course, that then flows into all the requirements that GDPR has over this data that sits in your businesses.”
In the realm of environmental concerns, particularly within the automotive sector, Larkins said there was a growing focus on sustainability and the accuracy of environmental claims.
Regulatory bodies are scrutinising advertisements to ensure transparency and prevent misleading claims, especially regarding emissions and range specifications of electric vehicles (EV) and the EU’s ban on terms like “climate neutral” or “climate positive” that rely on offsetting, should be noted.
“What I am concerned about more is the amount of claims companies that are out there. I’m pretty sure that unless we are really focused on how we advertise EVs in particular, we’re going to start to face claims companies from vehicles being missold and that’s where it is going to really start to hurt financially.”
Issues related to online sales practices, such as “dark patterns” that employ pressure tactics or misleading price comparisons, are also coming under scrutiny by regulatory bodies such as the Competition and Markets Authority (CMA) so businesses must ensure transparency and fairness in their online sales processes to avoid fines or legal action.