AI and ethical challenges, liability clauses and more

Example of Open source software (OSS) for public transport

Example of CAV’s used for transport, self-driving taxis/cars and general mobility used for the private transport

Introduction Smart cities are a result of superfast telecoms networks, artificial intelligence, Internet of Things (IoT) and Digital Payments.

The interconnecting key elements of smart cities are networks of sensors attached to real-world objects such as roads, cars, electricity meters, domestic appliances and human medical implants which connect these objects to digital networks i.e. the “Internet of Things” (IoT), “ubiquitous computing” or ubicomp that generate big data (Docherty 2018). One example of a smart city constituent is ‘Mobility as a Service (MaaS)’ or a personalized service available “on demand”, with individuals having instant access to a seamless system of clean, green, efficient and flexible transport to meet all of their needs (Wockatz and Schartau, 2015). MaaS also encompasses car sharing or selling rides, as well as the electrification of transportation. (Fagnant and Kockelman 2015). Other examples of “smart mobility” are Connected and Automated Vehicles (‘CAV’) and peer-to-peer sharing applications on smart phones which provide options of various integrated mobility throughout the city. Thus, proponents of “Smart cities” shape a vision of the future in which (smart) mobility will be framed within many categories. Barcelona is a smart city which identifies citizens’ role in refining urban space with its strong, local democratic governance of data. Matters of citizenship, democratic participation, and municipal regulatory capacity converge with the city’s embrace of free and open source software thanks to its use of software that other cities can freely use (and modify). This does, however come at the cost of vulnerbilities to data breach which is a topic that has not yet been thouroughy examined. According to Synopsys,1 99% of databases contain at least one open source component, and nearly 75% of these codebases contain open source security vulnerabilities. Due to its source security vulnerabilities individuals “human rights” such as right to privacy and right to non-discrimination based on gender, age, disability etc may be at stake. Sentilo, open source software (OSS) is Barcelona’s free, open source system that integrates the city-wide sensor network and all the data it generates. Decidim, another OSS allows for the local peoples participation where the platform is designed to involve residents in as many aspects of municipal government as possible.

Open source software is computer software that is released under a license in which the copyright holder grants users the rights to use, study, change, and distribute the software and its source code to anyone and for any purpose and can be developed in a collaborative public manner. Databases are also intellectual property rights where the database maker, supposedly the municipaliy makes a substantial investment in the making of the database and this may converge with the right for the individual to access their personal information. This kind of democratic innovation offers up one model for the success of a smart city, yet technology and data are never enough and consent, literacy and participation are necessary prerequisites that smart cities should be focusing on. Putting in charge ‘robots’ for human life poses questions in relation to criminal and civil liability; the obligations of manufacturers and insurers and the future regulation of road transportation (Altunyaldiz 2020). Delivering this infrastructure will depend on meeting commercial and security challenges, and establishing effective models of collaboration and more. (Punev, 2020) ‘Gap Analysis’ or Limitations within the Current Regulatory Framework Substantive rules on liability for damages resulting from motor vehicle accidents and breach of data privacy obligations are not harmonised on an EU level, or even international level for that matter.

 There were two main points (Lee and Hess 2020) of criticism surrounding the law pertinent to AI. First, the current liability regulation does not accommodate future autonomous vehicles, for example where the liability rules are likely to create disincentives for owning or choosing CAVs in one member state over another if the regulatory framework remains scattered; therefore, revision of the current liability regime is crucial keeping in mind the speed of consumer/user demand of use of AI in smart cities on the market. Second, the law regarding the ‘black box’ which is a software integrated system, in CAV’s which identifies whether the driver or the system had control at the time of an accident is vague because of this it is unclear who owns the data and so, data privacy could become an issue (Burianski and Theissen 2017).

 1. Competition law challenges

Manufacturers will innovate more as they will compete on the basis of ‘better’ software being embedded in CAVs. Moreover, the manufacturers themselves can influence the safety of the vehicles by means of the designs employed, and they can simultaneously transfer some of the costs back to the consumer (Lohmann 2016, 338).

2. Criminal Liability challenges

 In the case of CAV’s, criminal law is not designed to deal with the conduct of non-human actors. This may create a ‘responsibility gap’, where the human in the vehicle – the ‘user-in charge’ even if not actually engaged in driving – cannot be held liable for criminal acts and the vehicle itself was operating according to the manufacturer’s design and applicable regulations. (Punev 2020)

3. Civil Liability challenges

Current fault-based liability regimes may leave the user-in-charge absolved of any liability, with responsibility shifted to the AI-driven vehicle or CAV. This may require new approaches, such as strict liability to ensure that injured parties receive compensation for the damage they suffer.

4. Product Liability challenges

The Product Liability Directive (PLD) sets out rules related to the liability of producers and the rights of consumers for products sold within the EU. It sets a no-fault liability i.e., the producer of a defective product must provide compensation for personal injuries caused by their product irrespective of the negligence of an individual (or driver in CAV case) as per Article 1 of PLD. The presentation of the product, the products ‘reasonable expected use’ and the time when it was put to market are all influential in determining whether the product is “defective” as per Article 6 of PLD. There is a limited list of derogations that can waive product liability according to article 7 of the PLD. Due to that, the PLD only covers liability of producers of defective products and this is not sufficient to deal with producer’s liability for injuries caused by autonomous and semiautonomous vehicles. In addition, the cost of scientifically unknown risks would be borne by the injured party, thus the burden of proof lies with the victim and this can be challenging, to say the least (Lohmann 2016, 337).The PLD upholds the ‘development risk defence’, according to which a producer bears no liability if the state of scientific and technical 8 knowledge at the time the product was put into circulation was insufficient to allow the producer to discover the defect (Patti 2019, 138–9). By adhering to this doctrine, it would be fairly easy for the manufacturer to claim that the defect which caused the damage did not exist at the time the CAV was put into circulation or that it did not become apparent until later on. More importantly, situations involving software failure pose an even greater problem. It is unclear to what extent software can be treated as a product in the hardware-oriented PLD (Dima 2019, 27). Even if we assume that software is a product, what does it actually mean for the software to be defective? And how can this be proven by the consumer, who bears the burden of proof in court? The aforementioned are only some examples of the gap within the current liability regime.

5. Insurance challenges

The Motor Insurance Directive (MID) prescribes only minimum third-party liability insurance. Autonomous vehicles fit the definition of “vehicle” set out in Article 1 of this Directive and so will automatically be covered by its provisions. The MID in its current form only contains two relevant points: vehicles must be covered by motor insurance, and victims can lodge claims directly against the insurer. However, the insured risk is assessed differently in different member states (Evas 2018, 24). Moreover, compulsory insurance does not in itself lead to a no-fault system but only replaces the insured party with the insurer in case of tort (Patti 2019, 130). Furthermore, drivers of CAVs may become the victim in an accident in which their own car is involved, a situation which falls completely out of the scope of existing regulations. The more a system becomes autonomous, the less a driver can be held responsible for any accidents (Marchant and Lindor 2012, 1326). For CAVs the right solution might be compulsory no-fault insurance, supplemented by a shift of liability to the manufacturer. A fault-based system, which relies on the care exercised by drivers, is obviously impractical for CAVs, not only because these vehicles are designed to learn from mistakes, but also because it would be burdensome for the victim to prove the negligence of the driver. The above mentioned considerations motivated England and Wales to get rid of their fault-based (and driver-based) system in 2018 (Punev 2020). Compulsory third-party liability insurance, strictly based on the liability regime, is a necessary step towards establishing a contributive system: every AV manufacturer would contribute to the cost of insuring all such vehicles (Ilková and Ilka 2017, 432). Insurers are key stakeholders in the development of assisted driving technologies, since car insurance is obligatory (Altunyaldiz 2020). They have the power to decide whether or not to insure CAV’s and thereby determine their commercial viability. One way in which insurers can address some of the premium-setting and liability concerns is through the use of pay-as-you-drive (PAYD) systems and ‘black boxes’. PAYD is an insurance model that uses telematics systems to calculate premiums according to individual driving behaviour, and could be employed to ascertain liability. This technology could be used to monitor the vehicle interior and ensure the driver is still paying attention even when using assisted driving technology. PAYD systems are considered fairer as users are charged according to their own driving behaviour and studies have shown that they can positively impact on driver behaviour (Dijksterhuis et al 2015). However, increased monitoring of consumers in this way also raises privacy and security concerns. 2 Article 1(1) Directive 2009/103/EC reads “‘vehicle’ means any motor vehicle intended for travel on land and propelled by mechanical power, but not running on rails, and any trailer, whether or not coupled”. 9

6. Privacy and Cybersecurity challenges

CAV’s are data-dependent and data-generating, including sensitive personal data. The data from autonomous vehicles is automatically shared with other autonomous vehicles, with a central system and in some cases with regulatory and law enforcement bodies (Altunyaldiz 2020). The sheer magnitude of the data involved poses a major risk in protecting data protection rights of users of CAV’s. Enhanced diligence is required to ensure a correct balance between data processing that is necessary for the safe operation of autonomous vehicles and respect for and protection of the privacy of drivers, passengers and other users. How can the new regulatory regime find a correct balance between fostering innovation and protecting the privacy of individuals? Within the EU, the GDPR is relevant in this respect. Effective data protection regulations will be an important and necessary part of the overall regulation of autonomous vehicles. If not, hackers could potentially take control of a vehicle through wireless networks, such as Bluetooth, keyless entry systems, cellular or other connections. Some of the data is collected by Event Data Recorders (EDRs). These devices are embedded in the vehicle’s system to collect data that could be referred to in the event of an accident. This data would constitute very important evidence in court cases. However, regardless of any technological advances, manufacturers will have to meet their obligations under the GDPR. Among other things, this means that they will only be able to process personal data if they first obtain the driver’s consent and if the proper information has been provided (AdaptIVe Consortium 2014, 29). Although data minimisation would be welcome, without data collection—and in particular, without the use of EDRs—it would be hard to trace who is liable for an accident in complex situations. If there are no clear answers to the questions of whether EDRs comply with data privacy legislation and whether it is legal to gather complex data from AVs, manufacturers will not be motivated to invest in EDRs (Punev 2020). Within the GDPR one needs to assess that “personal data provided by the data subject” as a condition of the Right to Data Portability (art. 20 GDPR) and access (art. 5 GDPR). The gap appears within this part of the analysis in that the connected device “observes” the data and thus the data is not “provided” by the data subjects. One may argue that limiting the “provided data,” as opposed to data that is “derived” or “inferred”, is a result of regulatory balancing of a data protection right and the IP rights conducted by the legislator.” The scope of the data access is limited since it has been established that still, the GDPR provisions do not apply to “inferred” or “derived” data which is generated through additional steps of data analyses for example for ML purposes. A solution would be to implement a ‘Privacy by Design’1 (‘PbD) type safety measure embedded in the software of the technology used in CAV’s

7. Intellectual property rights challenges

 In the Autobahnmaut decision it was held by the Bundesgerichtshof (German Federal Supreme Court) that a highway company could claim a sui generis right in a database of machine-generated data about motorway use or toll data. The highway company had made a substantial investment in the ”obtaining” of pre-existing data on cars on the motorway and in the processing of such data through software “verifying” and “presenting”. Provided that the same line of reasoning is extended to data that is generated via the use of sensors and connected devices, then the database owner would have a right to exclude others from extracting or re-utilising the data held within the database. The investment in creating the raw material may oftentimes exceed the investment made in segmenting and aligning that pre-existing raw material. In such a case, it might be inadvertently difficult to rely on the SDGR protection. Moreover, the criterion of “verification” of the database contents may become ever more pertinent, especially in a big data context which allows analytics of unstructured data generated from connected devices.

References  ACEA Report – Vehicles in Use, Europe 2019”, European Automobile Manufacturers’ Association. Access here > https://www.acea.be/publications/article/report-vehicles-inuse-europe-2019  AdaptIVe Consortium. (2014). Final project results. http://www.adaptiveip.eu/files/adaptive/content/downloads/AdaptIVe-SP1-v1–0-DL-D1–0-Final_Report.pdf. Accessed 9 January 2020.  Altunyaldiz.,I, ’Legal aspects of “autonomous” vehicles’, [2020] Draft Resolution adopted by Parliamentary Assembly of council of Europe.  Bundesministerium der Justiz und für Verbraucherschutz, 2013. Straßenverkehrs-Ordnung (StVO). https://www.gesetze-im-internet.de/stvo_2013/index.html# BJNR036710013BJNE005700000  Burianski, M., Theissen, C., 2017. Germany permits automated vehicles. White Case. https://www.whitecase.com/publications/article/germany-permits-automatedvehicles.  Dijksterhuis C, Lewis-Evans B, Jelijs B, de Waard D, Brookhuis K, Tucha O, “The impact of immediate or delayed feedback on driving behaviour in a simulated Pay-AsYou-Drive system.” 2015.  Dima, F. (2019). Fully autonomous vehicles in the EU: Opportunity or threat? Master’s thesis, University of Twente.  Docherty, I., et al, (2018) ‘The governance of smart mobility’Transportation Research Part A: Policy and Practice Volume 115, pages 114-125  European Commission 2019 ‘2018 road safety statistics: what is behind the figures?’ Online access here > https://ec.europa.eu/commission/presscorner/detail/en/MEMO_19_1990  Evas, T. (2018). A common EU approach to liability rules and insurance for connected and autonomous vehicles. European Parliamentary Research Service. Brussels.  Fagnant, D., Kockelman, K., 2015. Preparing a nation for autonomous vehicles: opportunities, barriers and policy recommendations. Transport. Res. Part A: Pol. Pract. 77, 167–181.  Ilková, V., & Ilka, A. (2017). Legal aspects of autonomous vehicles: An overview. Proceedings of the 2017 21st International Conference on Process Control, 428–33.  Lee, Hess, ‘Regulations for on-road testing of connected and automated vehicles: Assessing the potential for global safety harmonization’ [2020] Transportation Research Part A: Policy and Practice Volume 136, pages 85-98  Levin and Beene ‘Investigation Concludes Tesla Not at Fault in Self-Driving Car Crash’ Insurance Journal [2017].  Lohmann, M. (2016). Liability issues concerning self-driving vehicles. European Journal of Risk Regulation 2, 335–41.  Marchant, G., & Lindor, R. (2012). The coming collision between autonomous vehicles and the liability system. Santa Clara Law Review, 52(4), 1321–40.  Patti, F. (2019). The European road to autonomous vehicles. Fordham International Law Journal, 43(1), 125–62.  Punev.,A, ‘Autonomous Vehicles: The Need for a Separate European Legal Framework’ [2020] European View Vol 19(1) 95–102  The EU Commission ‘Vision Zero Initiative’ (2021 and ongoing) Accessible here > https://trimis.ec.europa.eu/?q=project/vision-zero-initiative#tab-outline > 11  The Guardian (2021) ‘Electric cars rise to record 54% market share in Norway.’ Online access at > https://www.theguardian.com/environment/2021/jan/05/electric-cars-recordmarket-share-norway >.  Wockatz, P., Schartau, P., 2015. IM Traveller Needs and UK Capability Study: Supporting the Realisation of Intelligent Mobility in the UK. Transport Systems Catapult, Milton Keynes.