Summary: The UK has lofty aims for drones and driverless vehicles, but what are the regulatory, liability and data issues holding back progress? BLP’s Simon Leaf takes a look at some of the clear obstacles which operators of drones and driverless cars will need to navigate in the UK.
Ambitious proposals for ensuring that the UK is at the forefront of technology for new forms of transport, including autonomous and electric vehicles as well as drone technology, were announced on Wednesday 18 May in the Queen’s Speech.
There are clear social and economic benefits associated with autonomous vehicles and drones. The development and deployment of this technology would not only boost Britain’s manufacturing sector, as evidenced by Nissan’s recent decision to include self-driving technology in new Qashqai SUV at its factory in Sunderland, but it also has the potential to transform how we live our lives. Tedious hours spent behind the wheel, estimated to cost the UK economy £20 billion each year, would become a thing of the past, freeing people up to use this time more productively. Waiting in all-day for that urgent package that never arrives (or that arrives in pieces) would no longer be a feature of dinner party discussions. The technology also has the potential to reduce the cost of online transactions even further.
The Government announced that one of its key objectives is to cut red tape and put the right framework in place to allow innovation to flourish. Britain’s car and drone industries will no doubt have cheered this move, but there remain legal hurdles that still need to be overcome if the UK is truly to become a “world-leading transport manufacturing base” that is at the “cutting edge of international transport technology”, as envisaged in the Government’s press-release on this topic. This article focuses on some of these issues.
“Waiting in all-day for that urgent package that never arrives or that arrives in pieces, would no longer be a feature of dinner party discussions and would potentially reduce the cost of online transactions even further”
What are the regulatory issues?
One of the major criticisms of our current legal framework is that too often the laws that we rely on so heavily today were drafted several decades ago in the pre-internet, pre-cloud computing era. Current law struggles to deal with modern technology.
This is especially true when it comes to drones and driverless vehicles, where the pace of technological change has been faster than lawmakers have been able to deal with. In the same way that widespread legislation was needed to deal with the introduction of trains and cars in the 18th and 19th century, new laws are urgently needed.
In terms of the current legislative framework, the good news is that Britain never signed the 1968 Vienna Convention On Road Traffic, which stated that “every driver shall at all times be able to control his vehicle…and every moving vehicle shall have a driver”. This sidesteps the need to fundamentally overhaul the approach to driverless vehicles.
In the UK, any drone that weighs more than 20kg falls under the auspices of the Civil Aviation Authority (“CAA”). The CAA, much like many of its international counterparts, has set strict rules on how commercial drones can be used, reflected in the Civil Aviation Act 1982 and the Air Navigation Order 2009 (“ANO”). For example, a licence and pilot qualification from the CAA is required to operate these types of drone.
Nevertheless, for all drones (irrespective of their size), there are rules that state that they must remain within an operator’s “line of sight” (i.e. no further than 500 meters horizontally and 400 feet vertically from the pilot). Clearly, this would need to change if companies like Amazon are to pursue their reported ambitions to use drones to deliver goods to its customers in the future. It is criminal offence under Article 138 of the ANO to “recklessly or negligently cause or permit an aircraft to endanger any person or property”. In addition, the CAA has shown on a number of occasions that it is prepared to enforce these restrictions via the courts, so there is plenty at stake.
The future regulatory framework for driverless vehicles is much less certain as it is unclear what additional laws will need to be put in place in the longer term. In the short to medium term, we would expect to see a greater emphasis on testing such vehicles as part of the regulatory framework. For example, devising strict rules on both virtual and controlled testing environments to ensure that such vehicles are able to deal with the multiple critical events that force a vehicle into taking the least worst option. It will be interesting to see how the Government approach this in the weeks and months ahead.
“The pace of technological change has been faster than lawmakers have been able to deal with. In the same way that widespread legislation was needed to deal with the introduction of trains and cars in the 18th and 19th century, new laws are urgently needed.”
What are the liability issues?
Another issue facing the drone and driverless vehicle industries is dealing with the inevitable shift in liability from individuals to corporations that is likely to take place. One of the fundamental principles of our legal system is the inability for parties to restrict their liability for death or personal injury arising from negligence. Further, the Consumer Protection Act (1987) imposes strict liability on manufacturers of defective products, making them responsible for harm caused by problematic products. As a result, at the moment, vehicle manufacturers are generally not held liable for the accidents that occur on our roads unless it can be shown that they were in some way to blame.
The move to greater automation is likely to alter the balance from personal liability to product liability. This will make it difficult, if not impossible, for manufacturers to pass any blame for accidents onto their customers. For drones, it is hard to assess what a drone manufacturer’s potential exposure is, as much will depend on how likely loss will be suffered. When it comes to driverless vehicles which can operate both autonomously and non-autonomously, the vehicle’s “black box” will be crucial in determining where the responsibility lies. Volvo, a company that has been leading the way in testing such vehicles, has declared that it would be willing to accept liability if one of its cars were in a collision that had been caused by its technology. The inevitable problem that will need to be resolved is how will liability be determined when the vehicles involved in an incident are from rival manufacturer.
The insurance industry will also need to be on board when drawing out the future legal landscape for drones and driverless vehicles. The early indication is that insurers, at least when it comes to autonomous vehicles, are supportive. The Association of British Insurers has suggested that this could be a “safety revolution” and that its members are working on how to shape the right framework to keep insurance as simple and straightforward as possible for the future of driving. In the case of drones, it remains unclear whether the Government will insist on compulsory insurance policies to cover damage caused to third parties or property. In our view, this could be an opportunity for savvy insurers to develop and write new types of policies to cover the risks.
“The move to greater automation is likely to alter the balance from personal liability to product liability. This will make it difficult, if not impossible, for manufacturers to pass any blame for accidents onto their customers”
What are the data concerns?
Data plays a crucial part in driving the new technology and, given the increased attention by lawyers in this area in recent years, it is no surprise that many of the legal obstacles over the coming months and years will be related to data. In order for the technology to operate effectively and safely, operators are likely to require large volumes of data to help them make their decisions and develop the necessary software. Access to such data is likely to be a key commercial issue affecting the ability of the technologies at play to operate ubiquitously. As you may expect, this is by no means going to be an easy task without having a central body to manage this, especially given that any assistance between rivals is likely to catch the attention of the Competition authorities.
Drones and driverless vehicles have the potential (and, in some cases, need) to process and store large amount of personal data. This includes names, addresses and images – not least in order to ensure safety and analyse accidents. This means it is important that the laws governing data protection are considered from the outset. The Article 29 Working Party, essentially an independent body of representatives of national data protection authorities from each EU member state, has suggested that drone manufacturers must “embed privacy friendly design choices as part of a privacy-by-design approach”. Further, they warn of the current lack of transparency as to what data are collected, what the purpose of this collection is and how such data are used.
These types of concern will be all too familiar to some of the driverless vehicle manufacturers. Google is a prime example, who themselves were heavily fined in a number of different jurisdictions, for a variety of reasons when their Google Street View cars collected images of roads (among other data). It may be necessary for the EU to introduce special rules, which specifically deal with data collected and processed by drones and driverless vehicles, in order to ensure that manufacturers and operators can operate. Otherwise, it may be difficult to comply with the increasingly strict data privacy legislation, which essentially now requires express consent from each individual whose personal information is processed. In addition, it could be argued that the use of such technology may breach rights to respect for private life and the protection of personal data under Articles 7 and 8 of the European Convention of Human Rights, which will also need to be addressed. Drones have been used by the press to gain access to the private lives of celebrities, for example.
The security of data and the software that runs drones and driverless vehicles will also need to be considered. Even modern vehicles currently rely on around 100 million lines of code in order to operate. There has been no shortage of recent examples of manufacturers and their suppliers falling into difficulty when this code has been compromised by determined hackers. Fiat Chrysler had to recall over a million vehicles in July 2015 after a cybersecurity attack had the potential to allow hackers to control elements of their vehicles. In February 2016, Nissan had to disable its Leaf electric car app after a vulnerability allowed hackers to remotely control the vehicles heating, as well as drain its battery. In the case of drones, these risks have led to the Article 29 Working Party recommending that designers of drones engage with “appropriate security experts” to ensure that security vulnerabilities are “properly addressed”. Ultimately, if hackers are able to take control of driverless vehicles and drones, the consequences could be catastrophic. These issues will need to be addressed.
“Access to such data is likely to be a key commercial issue affecting the ability of the technologies at play to operate ubiquitously. As you may expect, this is by no means going to be an easy task”
Where does this leave manufacturers?
The combination of the challenge to build a suitable regulatory framework; to accept product liability; and the apparent need to overcome agreeing on a centralised data provider and the current data privacy and security legislation, might ordinarily be enough to drive any manufacturer out of the market. Given the potential rewards at stake, the spotlight will now be on law-makers to try to resolve these issues as smoothly as possible, although, as this article has shown, the road ahead will not be without its challenges.