Legal expert advises caution over AI, data security and green claims
The motor industry must stay vigilant if it is to navigate the emerging legal and ethical considerations surrounding Artificial Intelligence (AI), data security and environmental responsibility.
Speaking during the Motor Ombudsman and Radius Law Automotive Business & Law Conference held in London on May 15, Iain Larkins, director at Radius Law, said issues of liability in an increasingly automated environment were gaining prominence.
He said the Automated Vehicles draft legislation which was published in November 2023 – and which is a response to recommendations issued by the Law Commission after a comprehensive four-year review – will primarily focus on the handling of personal data and the issue of liability.
The matter of liability is particularly complex, he said, as it involves determining responsibility which has seen the development of new concepts like the Authorised Self-Driving Entity (ASD) and the User in Charge.
“Parliament is still struggling with this and they’re still debating a lot, with complexity of deciphering when liability would switch from the vehicle to the driver, especially as driver handover may vary depending on the factors such as the location of vehicle, the layout of the road, internet connectivity in that in that particular area – so there’s still quite a long, long way to go in working through this Bill,” said Larkins.
Moving to a broader perspective on AI, he said the differing approaches taken by the European Union (EU) and the UK was of interest. The EU is actively legislating in this area with the aim of creating a common legal framework for the development and use of AI products and services, balancing concerns regarding privacy, bias, discrimination, safety, and security.
Larkins said the Eu’s main concerns are privacy, bias, discrimination, safety and security and that its controls have been developed with a risk-based approach. The legislation also categorises the risks and those apps that are considered a threat to people will be banned. “The high risk is probably an area of real focus for vehicles.”
He added that the definition of AI is wide and there is widespread agreement that this is going to cause a lot of problems
“It’s not just about machine learning; it captures potentially all different types of software. Also, businesses are expected to self-assess so businesses have got to choose themselves which risk category their AI product falls into and will have to consider conformity risk management, testing, data use transparency, human oversight, and cybersecurity.”
“Fines are staggering,” he warned. “Non-compliance will lead to fines ranging from €7.5 million or 1.5% of global turnover up to €35 million or 7% of global turnover.”
In contrast, the UK is embracing a more ‘laissez-faire’ approach, focusing on encouraging innovation while providing guidance rather than statutory regulations: “It’s very much one of ‘come here, innovate, and we won’t bother you too much’.”
It was however important to note that despite this approach, businesses operating internationally, including in the EU, will still need to adhere to EU regulations, making the EU’s AI Act highly relevant.
Larkins said there were also important developments in terms of data security legislation, both in the UK and the EU. For instance, the EU Data Act aims to regulate the use and access of data generated through connected devices, ensuring user access and imposing restrictions on charging for data. Compliance with these regulations will be crucial, with substantial fines for non-compliance.
In terms of general data, Larkins said that one of the things that is constantly challenging manufacturers is the repair access to technical information.
“We have this quite important judgement from the European Court of Justice in October that ruled against Stellantis for refusing to grant unrestricted access to diagnostic repair and maintenance data to independent repairers,” he said.
The ECJ however ruled against Stellantis’ argument which centred on data security, and clarified that independent operators must have full access to the vehicle information needed for their task in the field of vehicle repair and maintenance.
On the topic of personal data, Larkins said recent cases highlighted the importance of robust data security measures, with regulators holding both data processors and controllers accountable, meaning that the vetting of data processing contracts and diligent oversight was now critically important.
Furthermore, there are ongoing discussions and developments regarding data transfer agreements and worker monitoring, underlining the need for companies to stay informed and compliant.
“There’ll be an obligation to provide date to those users free of charge which will include that generated through connected devices, particularly around enabling them to port that data perhaps to a new product or a new vehicle that they go on to purchase. Data will have to be provided to other businesses, albeit for a reasonable compensation,” said Larkins.
There are limited exceptions concerning trade secrets and data security and Larkins said it will be interesting to see how that plays out in practice. “No doubt,” he said, “we’ll have some court cases over the meaning of that.” He said the EU is proposing to create model contractual clauses to help clarify.
Data protection under EU GDPR provisions is another cause for concern. “If you have some data like a VIN and you have no access to an identifiable individual with that data, then it’s not personal data. But under EU GDPR if you’ve got access to another bit of data, and therefore you connect those bits of data together to be able to locate or find an individual, it then becomes personal data,” said Larkins. “So, currently unlinkable data can become linkable data, and becomes personal data.”
In the realm of environmental concerns, particularly within the automotive sector, Larkins said the growing focus on sustainability was prompting greater scrutiny of the accuracy of environmental claims.
Regulatory bodies are taking greater interest in advertisements to ensure transparency and prevent misleading claims, especially regarding emissions and range specifications of electric vehicles (EV) and Larkins said the EU’s ban on terms like “climate neutral” or “climate positive” that rely on offsetting should be noted.
“What I am concerned about more is the amount of claims companies that are out there. I’m pretty sure that unless we are really focused on how we advertise EVs in particular, we’re going to start to face claims companies from vehicles being missold and that’s where it is going to really start to hurt financially.”
Issues related to online sales practices, such as “dark patterns” that employ pressure tactics or misleading price comparisons, are also coming under scrutiny by regulatory bodies such as the Competition and Markets Authority (CMA) so businesses must ensure transparency and fairness in their online sales processes to avoid fines or legal action.
4
