In this eighth article in our series on "Big Data & Issues & Opportunities" (see our previous article here), we look into liability issues in the context of new technologies, including with respect to big data, applied in the transport sector.

Setting the scene

The term "liability" is to be understood rather broadly, as meaning the responsibility of one party (or several parties) for harm or damage caused to another party, which may be a cause for compensation, functionally or otherwise, by the former to the latter.[1]

Liability has already been recognised as a legal issue to be carefully assessed and further examined by EU and national authorities. More particularly, some Member States have already adopted limited initiatives to permit – under strict conditions – highly or fully automated vehicles on their road infrastructures.[2] At EU level, there has been no regulatory intervention to date. However, both the European Parliament and the European Commission have been very active in relation to the identification of the liability issues surrounding new or disruptive technologies, notably through the following recent publications and initiatives:

  • The European Parliament resolution of 16 February 2017 with recommendations to the Commission on Civil Law Rules on Robotics;
  • The Study on emerging issues of data ownership, interoperability, (re-)usability and access to data, and liability; a study (SMART 2016/0030) prepared by Deloitte for the European Commission and published in 2017;
  • The Workshop on liability in the area of autonomous and advanced robots and Internet of Things systems, organised by the European Commission and held in Brussels on 13 July 2017;
  • The establishment by the European Commission of a Working Group on Liability and New Technologies, which includes two formations, i.e. the Product Liability Directive and the New Technologies; and
  • The European Commission Staff Working Document on liability for emerging digital technologies accompanying the Communication from the Commission on Artificial intelligence for Europe, which was published on 24 April 2018.

It clearly follows from the foregoing that the European institutions recognise the need to potentially review the current rules on liability to take into account the rise of disruptive technologies. The above initiatives however specifically aim to assess and rethink the rules in light of Artificial Intelligence, devices that are (fully) automated and able to take autonomous decisions, and robots. Undeniably, the output of such technologies is more far-reaching than big data analytics, even if they are not mature yet. Such technologies may however rely on big data in order to function properly. Accordingly, any initiatives in relation to more far-reaching technologies will also be relevant to big data.

This article therefore aims to provide a general overview of the liability issues that may arise in relation to new technologies, focusing in particular on big data in the transport sector. It will also determine whether regulatory intervention is desirable in the long and the short term.

Extra-contractual and statutory liability and safety regimes

The current extra-contractual, statutory and safety-related liability legal framework in the EU is rather complex. This is mainly due to the high number of legal instruments regulating parts of the issue, but also to the discrepancies that may exist between Member States.

An attempt to schematise the current system in a simplistic manner may look as follows[3]

For instance, given that various products and services generate data, which is ultimately being processed, the availability and quality of data is considered essential. However, in case of faulty or corrupted data, or situations of supply of erroneous data or analyses, the allocation of liability is unclear under the current regimes, which leads to legal uncertainty. Such issue is of course of utmost importance to all actors in the (big) data value chain.As clearly affirmed by the European Commission, the above regimes are not specifically applicable to damages caused by new or disruptive technologies but they "certainly constitute helpful precedents or points of reference to which one can turn to further a reflection about how to best address, from a normative standpoint, certain distinguishing elements of risks and damages created by the emerging digital technologies." It goes without saying that it should be clearly assessed whether changes to the above legal systems are needed in order to ensure effective redress mechanisms for victims, but also legal certainty for the various actors involved in such technologies.[4]

In the context of its Staff Working Document on liability for emerging digital technologies, the Commission provides two examples relevant to the transport sector. It however does not dig into the intricacies related to the highly complex data value chain and the number of actors involved in purely data-related services (collection, analysis, aggregation, etc.), which could – to a greater or lesser extent – cause damage.

Contractual liability

While the previous section only looked into the extra-contractual liability aspects, one should not ignore the contractual liability issues, which are particularly relevant with respect to the relationship between the actors of the (big) data value chain, as well as the relationship with the end-user.

On the one hand, the customer wishes to be able to act against the big data analytics host or provider in case it suffers any damage related to the use of the service. On the other hand, the big data analytics host/provider is looking to limit as much as possible its liability in case of failure, such as service failures. Also, it will want to include provisions in order to cover the hypotheses where the customer from its side may be held responsible for types of use of the platform that are not allowed.

In this sub-section, we examine issues related to limitations and exclusions of liability, both in a business-to-consumer ("B2C") and business-to-business ("B2B") context.

As a matter of principle, limitations and exclusions of liability can be regulated contractually. However, although this is possible throughout the EU Member States, there still remain discrepancies between national systems and case law.

The general principle is that parties may freely agree on liability limitations or exclusions. However, in certain instances, mandatory statutory provisions prohibit, and thus invalidate, limitation or exclusion of liability. This is typically the case for fraud, wilful intent, physical damage, or death. The question can however be a bit more complex when a party wishes to limit liability for gross negligence. In some EU Member States, liability limitations for gross negligence are prohibited, whereas in other countries these are not. Moreover, under many laws, the exoneration clause may not have the effect of rendering the agreement devoid of any meaning or purpose.

In addition to the above-mentioned rules in relation to liability and the limitation or exclusion thereof, it is important to take into account additional rules such as those related to data protection or consumer protection.

Specifically in a B2C context, clauses limiting or excluding liability may rapidly be considered as creating an imbalance between the rights and obligations of the parties. Many of the restrictions stem from European legislation, such as the Directive on unfair terms in consumer contracts.[8]

In a B2B context, the contractual freedom between parties is usually perceived to be without any limit. Nonetheless, in certain cases, clauses agreed between professional parties may be declared invalid in case the limitation of liability clauses could be considered unreasonable. The legal grounds for these considerations differ from country to country.

It follows from the foregoing that when looking into the liability aspects, it is also important to carefully (re-)consider the contractual liability rules as these may have an impact on the actors of the data value chain, but also end-users. However, the current status of these rules, which may differ across the EU, is likely to limit the uptake of new technologies, including big data.

Limitation of liability for intermediaries – Safe Harbour

The liability of intermediaries, those entities offering infrastructures on which massive abuses of third parties' rights can occur, has been brought to the attention and has given rise to a specific liability regime at EU level (the so-called secondary liability regime or "safe harbour"). Such regime was deemed necessary in light of the rise of technologies which had enabled the multiplication of massive abuses of third parties' rights due to the ease of sharing large amounts of information via networks and platforms.

More specifically, Directive 2000/31/EC on Electronic Commerce[9] ("the e-Commerce Directive") aims at promoting electronic commerce and tries to ensure net neutrality. This Directive attempts to achieve those objectives by prohibiting the imposition of a general monitoring obligation, and by introducing three liability exemptions, according to specific activities, namely “mere conduit”[10], “caching”[11] and “hosting”.[12]

In short, the core idea is to protect intermediaries who are not the authors of the infringing or damaging activity but who are involved in the transit or hosting of the infringing content. This allows ‘protecting’, to a certain extent, such intermediaries from the tempting idea of acting against those entities that are easily identifiable, known, and creditworthy. It shall be noted however that the EU Commission is currently examining the rules related to intermediaries, as part of its Digital Single Market strategy.

It goes without saying that the emergence of new technologies and the complexity of the data value chain put pressure on the current safe harbour regime, which was not created in view of new services such as AI, IoT and big data.

Through the Uber ruling, the CJEU made it clear that information society services that form an integral part of an overall service the main component of which consists of a service that is not an information society service, cannot be qualified as an information society service. Other online service providers (such as online platforms) will need to determine whether their services form an integral part of an overall service without an information society service as the main component. If that is the case, their service might not be classified as an information society service.

Liability aspects of the draft Directive on the supply of digital content

The Draft Directive on the Supply of Digital Content (hereinafter the "Draft Directive") aims to deal with the liability of suppliers of digital content towards the consumer (read also our sixth article here on the Supply of Digital Content).[13] This section aims to demonstrate briefly the necessary evolution of liability regimes in the EU in order to tackle new technologies. The below analysis is based on the Commission's proposed text, which has not yet been adopted.

According to the Draft Directive, the supplier's liability is limited to any failure to supply the digital content and for any non-conformity existing at the time of the supply of the digital content or digital service. In a situation where the digital content is provided on a continuous basis, the liability of the supplier is extended over the time of said supply. In other words, the digital content supplier remains liable for defects existing at the time of supply without any time limit.

Because of the complexity characterising digital content, suppliers are in the best position to prove that defects existed at the time of their supply. It is indeed almost or even impossible for consumers to properly evaluate those technical products and identify the cause of their potential defects. In other words, digital content is not subject to the classic "wear and tear" governing more traditional goods. This is why the Draft Directive provides for a reversal of the burden of proof, i.e. the burden of proof will lie with the supplier.

Pursuant to Recital 44 of the Draft Directive the supplier's liability is an essential element "to increase consumers' trust in digital content (…), consumers should be entitled to a compensation for damages caused to the consumer's digital environment by a lack of conformity with the contract or a failure to supply the digital content." The Draft Directive however leaves it up to the EU Member States to define the complete conditions for the exercise of this right to damages.

Conclusion

We welcome the EU institutions' ongoing work regarding extra-contractual and statutory liability. On such basis, it will be possible to determine whether regulatory intervention is required. In all likelihood, intervention should take place in two phases. In the short- and mid-term, non-regulatory intervention, such as the creation of model contract clauses or the identification of appropriate safety standards, should be pursued. In the long term, regulatory intervention should be considered in the form of sector-specific legislation on minimum liabilities to be borne by certain service providers in certain sectors, a general revision of liability law, and/or legislation on insurance-related obligations.

Nonetheless, this article has shown that the current status of contractual liability rules, which may differ across the EU, is likely to limit the uptake of new technologies, including big data in the transport sector.

This series of articles has been made possible by the LeMO Project (www.lemo-h2020.eu), of which Bird & Bird LLP is a partner. The LeMO project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement no. 770038.