Our DLA Piper connected cars webinar was an amazing event with 200+ attendees and interesting speakers addressing the most relevant issues that such kind of Internet of Things (IoT) technology is going to face.

You can find the material and the recording of the webinar on the presentations and events page here and below are my personal top 5 takeaways on the legal issues addressed during the webinar:

1. Regulations might not be ready for self driving cars

Based on the findings of the report issued by The Boston Consulting Group on self driving vehicles, existing traffic and vehicle regulations may not account for autonomous vehicles and prevent them.  Yet, liability obligations are likely to shift if both human drivers and autopilots drive with the role of insurers that might change.  It is going to be interesting to see the timing of such change.

2. Cybercrime risk for connected cars is a question mark

I discussed about the cybercrime risks for Internet of Things technologies.  However, given that this is a new type of technology, there are no data of any real-world remote vehicle hacking.  Research reports purport vehicle hacking with the following:

  • unlimited physical access to interior of vehicle,
  • hard wired connections to various vehicle electronic modules,
  • vehicle engineering expertise and
  • knowledge of vehicle software code.

But car makers are responding to such risks working on reasonable security measures.

3. Data ownership vs. data controlling

Privacy regulations do not provide for data ownership rules.  Data belongs on the relevant individuals to which it pertains, but data protection rules relate to the identification of who is going to be the controller of the data, for which purposes the data can be used and to which it can be transferred.  This is the playfield on which privacy regulations will be tested to identify more flexible and business oriented rules.

4. US connected cars privacy principles are strict

I have already discussed about the commitment by 19 car manufacturers operating in the US to privacy principles for connected vehicles.  Such principles are quite stringent and since car manufacturers announced their commitment to them, they have now become legally binding for such entities.  This is unique for the United States that historically did not have a single set of privacy regulations.

5. Connected cars require a higher level of compliance

Given the large amount of data that can be collected by connected cars, the level of detail on the type of data processed, the purposes of processing, the type of profiling performed is much higher.  This was stressed by the European Data Protection Regulators and more recently by the Italian privacy authority through the paper by means of which it launched the consultation on the Internet of Things.  The sole protection against risks of sanctions, that with the new EU privacy regulation might become up to 2% or 5% of the global turnover, is to implement a privacy by design approach.