Unanimous Bipartisan Support for AVs and Safety. The House Energy and Commerce Committee, on July 27, 2017, approved seven committee bills including H.R. 3388, Safely Ensuring Lives Future Deployment and Research in Vehicle Evolution Act or the “SELF DRIVE Act” by a unanimous vote of 54-0. https://energycommerce.house.gov/news-center/press-releases/54-0 According to the Committee, this legislation will prioritize consumer safety, reduce traffic-related fatalities, and clarify federal and state government roles around emerging automated vehicle technologies. This will be the first-ever legislation to be voted by the House that concerns AVs.

Exemptions, Preemptions. This proposed bill includes several important pieces of legislation that would significantly affect the auto industry, and ultimately, consumers. For example, the proposed bill would expand the National Highway Traffic Safety Administration’s (“NHTSA”) authority to exempt vehicles (up to 100,000 in any 12-month period) from safety laws that ban cars without certain safety features such as brake pedals, steering wheels, and other components designed to be interactively used by human drivers as required by federal safety standards. The proposed bill would also preempt as many as 18 states’ laws, including those of California and New York, concerning performance standards for self-driving cars. According to the proposed bill, no state may adopt, maintain, or enforce any law, rule, regulation, or standard related to the design, construction, mechanical systems, hardware and software systems, or communications systems of highly automated vehicles or systems unless such law, rule, regulation, or standard is identical to a federal standard. The bill, however, allows states to set rules or laws that were traditionally deemed to belong to state governments such as registration, license, liability, and insurance.

Cybersecurity, Data Privacy. Further, the proposed bill requires AV manufacturers to develop their own “cybersecurity plan” that must include a written cybersecurity policy, setting forth processes for identifying and mitigating any reasonably foreseeable vulnerabilities from cyberattacks, and taking preventive and corrective action to mitigate against vulnerabilities in AVs.

Although this proposed bill shows that the auto industry is about to undergo a significant legal and technical shift, it remains unseen how these new laws would affect future and current laws. One such area would be cybersecurity and data privacy law. The transition to AVs combined with the development of IoT (Internet of Things) will result in daily, if not hourly or minute-by-minute, wireless transmission of a huge volume of information and data among vehicles, drivers, companies, and governments that is potentially vulnerable to cyberattacks. How personal or confidential information should be or could be protected and not disclosed in the era of AVs should be a top priority for governments and companies that are in the AV business. But government agencies likely will require automakers to disclose certain personal or confidential information to enhance safety and develop proper safety regulations for AVs. Many important questions remain unanswered, such as who should be considered as the legal owner of data stored on or being transmitted to/from an AV (e.g., consumer or automaker), who should be allowed to access such information (e.g., consumer, automaker, government, or insurance company), and under what circumstances or conditions access to such data should be allowed (e.g., accident, safety inspection, normal driving).

We will monitor the legislative activities of federal and state government that concern AVs and address potential effects of government activities, particularly those that affect cybersecurity and data privacy, through the next series of articles on this topic.