Exploring the Legal Issues of the Autonomous Vehicle/IoT Ecosystem
As the ecosystem of these increasingly integrated devices and vehicles continues to mature, the corresponding legal concerns and risks come more into focus.
December 13, 2019 at 02:00 PM
8 minute read
Although today's autonomous vehicles (AVs) are still generally focused on navigation-related tasks, their increasing connectivity to smart technologies, and the general evolution of the Internet of Things (IoT), will inevitably expand the role and capabilities of AVs in everyday life. As the ecosystem of these increasingly integrated devices and vehicles continues to mature, the corresponding legal concerns and risks come more into focus. The below hypothetical, set in the not too distant future, explores such an AV/IoT ecosystem and the legal risks it raises.
|A Glimpse Into the AV/IoT Ecosystem of the Future
Using their smart home technology, the families of the future will be able to contact their personal AV to coordinate the pick-up and drop-off schedules for the day, have the AV collect groceries (ordered from the "smart" kitchen and packed into the AV by the store's robot assistant), and charge itself on various self-charging roadways or at other charging stations around the city.
The car will be able to analyze the results of regularly scheduled maintenance scans and alert the family to any repairs that should be done. The AV will be able to run cursory searches of the parts and repair shops to get estimates of the time and costs of the repairs and will seek permission to proceed with formal arrangements. With the family's authorization, the AV will initiate its AV Automated Purchasing Agent to identify certified part blueprint providers, 3D printing shops, and repair shops that can collectively get the required parts printed, delivered, and installed into the car within the necessary time frame for the family's other activities. The Purchasing Agent will also verify and store the certifications of each vendor along the process to ensure that the parts are genuine and the repairs are being done by a qualified professional. All of these transactions, as well as the required smart contracts, are logged on a blockchain for later retrieval.
On the day of the scheduled repairs, the AV arrives at the designated repair shop at the designated time. When the car arrives, the parts have already been properly printed by the local certified 3D printing shop and delivered by drone to the repair shop location. Although the lead mechanic has worked on this particular make and model of AV and, separately, the particular parts that need to be repaired, she has not made these specific repairs on this exact make and model. As such, the mechanic wears augmented reality goggles that project a step-by-step repair video directly onto the parts-at-issue and records the repairs on a blockchain for later retrieval. Upon completion, the AV runs another diagnostic to confirm the repairs were successful. Once confirmed, the AV's purchasing agent initiates payment to the parties involved per the smart contracts, including the 3D design maker, the 3D part printer, and the mechanic. The AV then returns to its normally scheduled pick-ups and drop-offs per the family's instructions.
Later that day, after the AV picks up one of the parents from work, the parent accidentally spills hot coffee on herself and the instrument panel. Recognizing the increased heart rate and verbal cues from the parent, the AV inquires whether it should change its travel plans to visit the local hospital and provide the necessary data to the hospital before they arrive. As the parent begins to indicate that it is not a serious issue and that no change should be made, a warning indicator comes on alerting the car and the parent to an engine problem. As the light comes on, the parent grabs the steering wheel, causing the car to change direction suddenly and swerve into an oncoming car, and seriously injuring the parent and an occupant of the other vehicle. Local law enforcement is dispatched, and "kill" commands are used to download the data from both cars and disable the engines and batteries to prevent fires.
|Legal Issues
Data Protection and Privacy: Much of the future scenario involves the collection and transmission of data. The AV has scheduling and location information for all members of the family, its own diagnostic data, biometric data from passengers, and communication records. A government agency is collecting data from the AV. Resolving the legal issues relating to permission to collect the information (including occasional or one-time passengers), storage of the information, who has access, and whether or how the information is shared will be paramount.
Currently, there is no overarching federal law in the United States that governs data privacy. There is also no uniform definition of what personal information consists of and what should be protected. Individual states have passed data breach notification statutes but have differences in what is considered protected personal information. The high-water mark of these state-initiated rules is California's Consumer Privacy Act (CCPA).
The CCPA, effective as of Jan. 1, 2020, protects the personal information of California residents collected or disseminated by businesses. The CCPA requires that consumers be given notice and access as to what personal information is being collected, sold or disclosed and with whom the information is being shared. Consumers also have the right to opt-out of the sale of such information and to request that a business delete any collected information. Businesses are also forbidden from discriminating against consumers who exercise those rights.
Other state statutes also are implicated in the issues facing our cities of the future, including many that address the collection and use of biometric information, including Illinois (740 Ill. Comp. Stat. 14/1 et seq. (2008)), Texas (Tex. Bus. & Com. Code Ann. §503.001 (2009)), and Washington (Wash. Rev. Code Ann. §19.375, et seq. (2017)). Some other states have included biometric data as protected personal information in their data breach notification statutes (e.g., Iowa—Ia. Code Ann. §§715C.1 et. seq. (2008), as amended (2014); New Mexico—2017 H.B. 15, Chap. 36; and South Dakota—Senate Bill 62 (2018)); while other states have not enacted any data privacy laws.
Additionally, significant issues over the ownership and use of the data created by these systems are raised. Who owns the various categories of data and can disclosure be compelled? What information can law enforcement obtain, when, and about whom? Who will have access to passenger information, under what circumstances, and used for what purposes? In the case of biometric data, if the data is used in medical treatment, the health care providers would likely also be governed by federal laws on privacy and security of an individual's health information (see, e.g., The Health Insurance Portability and Accountability Act of 1996, P.L. No. 104-191, 110 Stat. 1938 (1996)).
Product Liability/Insurance: AVs present unique challenges to product liability and the insurance landscape. With potentially no driver input, traditional personal liability will be obsolete. Instead, product liability for the AV manufacturers, including hardware and software components, and service providers will replace driver liability. For example, in 2016, in response to AV testing on its roads, Michigan amended its motor vehicle legislation for that project and assigned liability to auto manufacturers when an "automated driving system is at fault." Mich. Comp. Laws §257.665b(4) (2018). Cybersecurity and data protection insurance may also be necessary to underwrite potential losses or damages from hacking or smart technology failures.
Blockchain: The network allowing the various transactions to take place and that allows the IoT to flourish may very well be based on blockchain technologies. Blockchain is a digital ledger/database of information (e.g., independently verified transactions, assets, or agreements), for members of the same blockchain network, that is distributed across a network of computers. Blockchain systems operate on a decentralized system and this may lead to significant jurisdictional issues without universal agreement as to governing law. Another concern is data privacy and security. Generally, information once stored in the blockchain cannot be altered and if that information contains personal information, that raises significant privacy concerns (particularly if the information is on a public, and not private, blockchain system). The commercial use of blockchains also gives rise to other legal issues, such as how extensive is the warranty of the information being provided (does a seller warrant that all of the information in the chain is accurate); and if information gets hacked or a defect is found, have contractual rights been breached or representations and warranties been violated?
Intellectual Property: The technological innovations driving the cities of the future will likely be well-protected by a web of intellectual property rights, potentially owned by a myriad of evolving players. The systems driving these cities, however, will need to work together and in an interoperable way. The patents and trade secrets that may be at the technological core will be used to both defend market share positions and drive the industry in particular directions. These intellectual property rights might be held by traditional industry players or newcomers to the space, both of which raise different issues on how to manage the risk of potentially violating those rights.
Paul Keller is a partner and Jenny Shum is a senior associate in the New York office of global law firm Norton Rose Fulbright.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllNew York Sues Charter Bus Operators for $708 Million Over Migrant Transport
Ex-Nikola CEO Sentenced to 4 Years for Securities and Wire Fraud in SDNY
Decision of the Day: Defense Lawyer Disqualified Under Witness Advocate Rule as Integral, Prejudicial Witness
Law Firms Mentioned
Trending Stories
- 1Infant Formula Judge Sanctions Kirkland's Jim Hurst: 'Overtly Crossed the Lines'
- 2Abbott, Mead Johnson Win Defense Verdict Over Preemie Infant Formula
- 3Preparing Your Law Firm for 2025: Smart Ways to Embrace AI & Other Technologies
- 4Meet the Lawyers on Kamala Harris' Transition Team
- 5Trump Files $10B Suit Against CBS in Amarillo Federal Court
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250