DRAFT 23 March 2015, Roeland de Bruin.1 Autonomous Intelligent Cars on the European intersection of liability and privacy. 1. Introduction Consumer cars are increasingly being equipped with technology automating certain aspects of driving. Examples of such technologies include lane keep assistance, emergency braking, parking assistance and adaptive cruise control. In the near future, higher levels of car-automation will become available, eventually leading to the introduction of autonomous intelligent cars (AIC). AIC could amongst other things contribute to safety on the roads, and decrease the number of car accidents (93% of traffic accidents are caused by human failure, 2 leading to 1.3 million deaths and 50 million serious injuries worldwide per year).3 A definition of AIC consists of three elements. Autonomy relates to the level of human intervention necessary for operation, which can be seen as a spectrum: a lower need for human intervention implicates a higher level of autonomy. Intelligence relates to the ways in which a system can perceive its surroundings, and is able to adapt behaviour to changing environments. It includes the ability to learn, to reason and to solve problems.4 Ultimately, AIC may become capable of perceiving data and information, which are able to learn and make decisions based upon their experience, used for transportation of goods or people to a certain destination without the need of human intervention. Although it is likely that specific aspects of car-technology will become more automated in the near future, many technological challenges must be met to make fully autonomous intelligent driving available on a large scale to consumers. Besides technological challenges, the introduction of (gradual) autonomy in automotive technology also implicates a number of ethical, legal, societal and economic issues. The legal challenges include many fields law. The question can be raised if, and to what extent the forthcoming introduction of Autonomous Intelligent Cars, given the current regulatory framework in the EU, would lead to desirable outcomes, in relation to the core values underpinning this regulatory framework. These core values include the fair apportionment of risks inherent to modern technology, the protection of consumers and the stimulation of innovation in terms of economic growth. Furthermore, it is the question in which ways and on what levels the regulatory framework can be optimized, to equip both the development of AIC-technology and accepted introduction thereof in society. In this respect, it must be taken into 1 Roeland W. de Bruin LL.M. is Jr. Assistant Professor at the Centre for Access to and Acceptance of Autonomous Intelligence, Molengraaff Institute for Private Law, REBO-faculty, Utrecht University, and IT-lawyer at Mitopics B.V. 2 B. Walker Smith, Human error as a cause for vehicle crashes, Center for Internet and Society at Stanford Law School, 18 November 2013, via http://cyberlaw.stanford.edu/blog/2013/12/human-error-cause-vehicle-crashes. 3 http://www.oecd-ilibrary.org/sites/factbook-2013en/06/02/03/index.html?contentType=&itemId=/content/chapter/factbook-2013-50en&containerItemId=/content/serial/18147364&accessItemIds=&mimeType=text/html, also cited in Gillian Yeomans, Autonomous Vehicles – handing over control: opportunities and risks for insurance, LLOYD’S 2014, via https://www.lloyds.com/~/media/lloyds/reports/emerging%20risk%20reports/autonomous%20vehicles%20final.pdf, (Yeomans 2014) p. 5. 4 See M. de Cock Buning, L. Belder & R.W. de Bruin, Mapping the Legal Framework for the introduction into Society of Robots as Autonomous Intelligent Systems, CAAAI-working paper, p. 3-4, available via http://www.caaai.eu/wpcontent/uploads/2012/08/Mapping-L_N-fw-for-AIS.pdf, and the references to S. Chopra and L.F. White, A Legal Theory for Autonomous Intelligent Agents, Ann Arbor: University of Michigan Press 2011, p.10 (autonomy) and Davies, C.R., ‘An evolutionary step in intellectual property rights – Artificial intelligence and intellectual property’, Computer Law & Security Review 27, 2011, p. 601-619 (intelligence). 1 account that legislators tend to respond to the introduction of new, disruptive technologies such as photography, the VCR and software,5 with the instalment of case specific legislation, without the level of flexibility necessary for anticipating new innovations as well as the societal adoption thereof.6 This paper will discuss the possible impact of the current regulatory framework on the development of AIC and deployment thereof in society by looking at the intersection of civil liability law and data protection law in the European Union based on a – simple – case study. The question will be addressed in which ways the current EU regulatory framework on establishing liability for damages caused by AIC (insofar that is present to date), using for example vehicle tracing technology, may interfere with the right to data protection of consumers of AIC-technology. An analysis will be made of the harmonized rules on product liability law, followed by a case study of (non-harmonized) liability for car owners/possessors in the Netherlands. This will show that AIC-technology in itself will contribute to answering the question as to how to establish liability. For instance AIC equipped with black boxes,7 or vehicle tracing technology recording (and communicating) sensory information, decisions of the systems and input from the driver will be used to establish the cause of an action leading to damage. The fact that AIC technology can also assist in allocating liability may form an incentive, for instance, to insurance companies to insure certain risks involved in AIC, which may in turn contribute to development and deployment of the technology. However, the same fact that AIC will be able to process and store massive amounts of (personal) data, possibly being connected to other AIC’s, or (interconnected) networks, forms a potential threat to the privacy of its drivers, which may hinder acceptance of the technology. Finally, this paper will conclude with some remarks on potential challenges for the EU regulatory framework given the core values of the allocation of risks, consumer protection and the EU Horizon 2020 ambitions on innovation and economic welfare, in view of the pending introduction of Autonomous Intelligent Cars. 5 See M. de Cock Buning, ‘The History of copyright protection of computer software, the emancipation of a work of technology towards a work of authorship’, in: Handbook The History of Information Security (Reed Elsevier International), August 2007, p. 121-140. 6 See M. de Cock Buning, ‘Auteursrecht en informatietechnologie, over de beperkte houdbaarheid van technologiespecifieke regelgeving’, (dissertation), Amsterdam: Otto Cramwinckel 1998, and M. de Cock Buning, De mediamachine als zevenkoppig monster (inaugural lecture Universiteit Utrecht), Otto Cramwinckel: Amsterdam 2006. 7 An option also mentioned in Yeomans 2014, p. 18. 2 Table of Contents 1. Introduction ..................................................................................................................................... 1 2. Autonomous Intelligent Cars on the EU roads? .............................................................................. 4 3. Civil liability for damages caused by Autonomous Intelligent Cars ................................................ 6 3.1 A Scenario ................................................................................................................................ 6 3.2 Harmonized framework on Product Liability .......................................................................... 6 3.2.1 Regulatory framework: Core Values of the Product Liability Directive .......................... 6 3.2.2 Addressing the questions under the Product Liability Directive ..................................... 8 3.3 3.3.1 France .............................................................................................................................. 9 3.3.2 Netherlands ................................................................................................................... 10 3.3.3 United Kingdom ............................................................................................................. 11 3.4 4. Interim observations ............................................................................................................. 12 AIC tracing technology and information privacy ........................................................................... 14 4.1 AIC tracing technology? ......................................................................................................... 14 4.2 Current framework ................................................................................................................ 14 4.2.1 EU Data Protection Directive ......................................................................................... 15 4.2.2 Forthcoming EU General Data Protection Regulation................................................... 18 4.3 5. Less harmonized: framework on liability for motor vehicles .................................................. 9 Interim observations ............................................................................................................. 18 Summary and conclusions ............................................................................................................. 19 3 2. Autonomous Intelligent Cars on the EU roads? The European Union aims to promote innovation, which is seen as a key driver of economic welfare and growth.8 It is observed that, while the EU market is the largest in the world, it is not innovationfriendly enough. The EU Member States are together spending 0.8% of GDP less than the US, and 1.5% less than Japan yearly in research and development.9 A number of measures taken to stimulate innovation is set out in the Digital Agenda for Europe.10 Investing in the development of robotics in Europe lists high on the Digital Agenda and it aims to contribute to inter alia productivity and competitiveness, reindustrialisation, health, environment and security.11 Autonomous Intelligent Cars form an example of the development of robotics in Europe. Besides furthermore contributing to safety on the European roads, AIC may be beneficial for efficient use of the road network, may lead to reducing CO2-emissions and could contribute to mobility of disabled people.12 Not everyone is optimistic about a driverless future. It is stated that while in general AIC will be beneficial to road safety, other risks will follow from the introduction of autonomous vehicles, which will (when interconnected) for example be vulnerable to hacking. Also businesses and jobs that rely on the way in which logistics processes for persons and goods are organised, such as taxi and transportation markets will change significantly and eventually become obsolete after the autonomisation of driving.13 It is also observed that accident risks will increase when autonomous and non-autonomous cars co-exist on the same roads. Furthermore, some are just reluctant to give up the pleasure of driving.14 Many steps towards automating driving have already been made. Modern cars are often equipped with some of the following technologies: lane-keep-assistance, electronic blind spot assistance, traffic jam and queuing assistance, adaptive cruise control, emergency breaking and crash avoidance. There are prototypes available which are able to drive without someone controlling the car. Google is currently pioneering self-driving car technology, and has announced to put a fully functioning prototype of an autonomous intelligent car to road tests (Bay Area, California, United States) in the beginning of 2015.15 Also in the European Union, car manufacturers concentrate on the development of AIC-technology.16 For example Scania is testing “Platooning” technology: on 9 February 2015 a road train of self-driving trucks was deployed on the Dutch roads, which were autonomously following a human controlled truck heading the convoy.17 Volvo has planned to deploy 100 cars 8 See Communication from the Commission “Europe 2020, A strategy for smart, sustainable and inclusive growth”, COM(2010) 2020 final. 9 http://ec.europa.eu/research/innovation-union/index_en.cfm?pg=why (accessed 17 March 2015). 10 http://ec.europa.eu/digital-agenda/. 11 Communication […] “Horizon 2020 – The Framework Programme for Research and Innovation”, SEC(2011 1427 & 1428 final, COM(2012) 808 final (Horizon 2020). See also http://ec.europa.eu/digital-agenda/en/robotics. 12 See for example Yeomans 2014, p. 5. Also A. Pawsey & Ch. Nath, “Autonomous Road Vehicles”, Parliamentary Office of Science & Technology, POSTnote no. 443, September 2013 (POSTnote 2013), p. 1. Available via http://www.parliament.uk/briefing-papers/post-pn-443.pdf; and E. Palmerini e.a., D 6.2, “Guidelines on Regulating Robotics”, 22 September 2014 (RoboLaw 2014), p. 42. 13 See for example S. Le Vine & J. Polak, Automated Cars: A smooth ride ahead?, Paper for the Independent Transport Commission, February 2014, p. 14. Via http://www.theitc.org.uk/docs/114.pdf. 14 See W. Cunningham, “Six reasons to love, or loathe, autonomous cars”, CNET.com 8 may 2013, via: http://www.cnet.com/news/six-reasons-to-love-or-loathe-autonomous-cars/. 15 http://en.wikipedia.org/wiki/Google_driverless_car, referring to Matt O’Brian, “Google's 'goofy' new self-driving car a sign of things to come”, Mercurynews.com, 22-12-2014, via http://www.mercurynews.com/business/ci_27190285/googlesgoofy-new-self-driving-car-sign-things. 16 See for instance https://www.media.volvocars.com/us/en-us/media/pressreleases/145619/volvo-car-groups-first-selfdriving-autopilot-cars-test-on-public-roads-around- (Volvo), http://www.pcmag.com/article2/0,2817,2387524,00.asp, (Volkswagen) http://www.bbc.com/news/technology-25653253 (BMW). 17 See http://www.scania.nl/about-scania/media/platooning/ (accessed 20 March 2015). 4 which are claimed to be able to take over all aspects of driving in Sweden by 2017.18 In Germany, a part of the A9-Autobahn between Munich and Berlin is reserved for extensive testing of autonomous vehicles in the coming years.19 First patented "Motorwagen" by Karl Benz in 1886. Via http://www.automotoportal.com/article/when-did-thefirst-car-come-into-our-lives. Interior of the Mercedes Prototype F015 Luxury in Motion, a fully autonomous concept car. Via http://www.motorauthority.com/news/1029271_thefuture-arrives-early-with-mercedes-f015-autonomous-carconcept-video. Fully autonomous vehicles are not available to the public yet, and it is predicted that it will take at least some years if not decades before AIC will be commonplace on the European Roads. The development of autonomy in cars is observed to be a spectrum. Starting from ‘driver only’, the next steps toward ‘full autonomy’, a stage in which drivers eventually become redundant, may be ‘assisted driving’, ‘partial autonomy’ and ‘high autonomy’.20 Phases Driver only Driver assistance Partial autonomy High autonomy Full autonomy Levels A vehicle is fully controlled by a (human) driver. Some automation may be provided Steering and/or acceleration are automated. Other functions are driver-controlled. The driver does not control steering/acceleration, but needs to be attentive at all times, and needs to take back control instantaneously when required Vehicles are able to operate autonomously for some portions of the journey. Transfer of control back to human drivers happens with some warning The vehicle is capable of driving unaided for the entire journey with no human intervention – potentially without a human in the car. Current examples Cruise control, Electronic Stability Control, Anti Blocking System Adaptive cruise control (distance to car in front maintained), Parking assistance (steering is controlled, driver needs to accelerate/brake) Adaptive cruise control with lane keeping. Traffic jam assistance Prototypes Science fiction (in 2015). 18 See http://blog.caranddriver.com/volvo-has-a-production-viable-autonomous-car-will-put-it-on-the-road-by-2017/. (accessed 20 March 2015). 19 See http://www.motorauthority.com/news/1096521_germany-plans-autonomous-car-test-program-on-high-speedautobahn. (accessed 20 Marh 2015). 20 These phases and their descriptions (listed in the table), are cited/minimally adapted from POSTnote 2013, p. 2. These are also used in for example Yeomans 2014, p. 7. 5 3. Civil liability for damages caused by Autonomous Intelligent Cars 3.1 A Scenario An Autonomous Intelligent Car crashes into a group of students on bicycles at 3 in the morning, leaving two of them injured and their bikes heavily damaged. The cyclists ignored a red traffic light. The AIC had, due to a known error, just updated its software for processing optical sensory information for crash avoidance, but the error-log shows that the software dramatically failed to operate as it was supposed to. Instead of slowing down the car, it had accelerated towards the cyclists. Also, the driver may not have been paying sufficient? attention, given the time of night. Who can be held liable for compensating the damages of the injured bicyclists? 3.2 Harmonized framework on Product Liability 3.2.1 Regulatory framework: Core Values of the Product Liability Directive On 25 July 1985 the EEC issued the Directive on the approximation of the laws, regulations and administrative provisions of the Member States concerning liability for defective products (Product Liability Directive, PLD), which has been amended once - by Directive 1999/34/EC. The PLD serves both economic and social goals. The EEC considered on the one hand that harmonization of product liability law contributes to both the correct functioning of the internal market, thus enabling the creation of a “level playing field” for businesses.21 On the other hand, it sees to the effective protection of consumers. It thus seeks to provide a fair apportionment of damages between manufacturers and persons suffering damages from defective, unsafe, products. The PLD is stated to be the “result of a complex balancing of interests, […] those interests include guaranteeing that competition will not be distorted, facilitating the trade within the common market, consumer protection ensuring the sound administration of justice”.22 The PLD provides a set of rules installing a no-fault23 liability regime for producers, creating rights for consumers which cannot be limited or waived,24 to seek compensation for damages caused to people and goods by defective products.25 The regime operates alongside and without prejudice to national regulations on either contractual or non-contractual liability, “in so far as these provisions also serve to attain the objective of effective protection of consumers”.26 Its objective is to create a one-stop-shop for consumers who have suffered damages caused by industrially produced movable goods, including electricity,27 that are defective. Defective are those products lacking a certain amount of safety “which the public at large is entitled to expect, taking all circumstances into account, including (a) the presentation of the product; (b) the use to which it 21 See also J. Stapleton, Product Liability, London: Butterworths 1994 (Stapleton 1994), p. 61. ECJ 25 april 2002, C-52/00 (Commission/French Republic), paragraph 29, also cited in a similar context in C. van Dam, European Tort Law, Oxford: Oxford University Press 2006 (Van Dam 2006), p. 371. 23 The PLD is not generally considered to provide a strict liability regime, since it leaves room for producers to exonerate themselves based on defenses as to the non-discoverability of defects, and the possibility to reduce liability based on fault (contributory negligence) by consumers of defective products. See also Stapleton 1994, p. 236-237. 24 Article 12 PLD. 25 See the –non-numbered – considerations of the Product Liability Directive. 26 Article 12 PLD as well as the considerations at this point. 27 Article 2 PLD. 22 6 would reasonable be expected that the product would be put”, and “(c) the time when the product was put into circulation”.28 As long as consumers can prove the defect, the damage and the causal relationship between those two criteria,29 compensation is to be sought not only from the actual producer, but also from amongst others the importer, the manufacturer of raw material and components and the end-supplier of the defective product.30 The losses covered for in the PLD may consist in damage caused by death or personal injuries, and damage to items intended and/or used for private consumption by the injured person, other than the defective product itself “with a lower threshold of 500 ECU”31 (Euro). However, whenever damages are caused by both a defective product and a fault of the person suffering damage (defined in the considerations as “contributory negligence”), this may lead to reduction or disallowance of liability of the producer. Liability for producers may be exonerated, when for instance “it is probable that the defect which caused the damage did not exist at the time when the product was put into circulation or that this defect came into being afterwards”.32 Furthermore, the PLD states33 that a producer cannot be held liable when “the state of scientific and technical knowledge at the time when he put the product into circulation was not such as to enable the existence of the defect to be discovered”.34 In the context of this paper, it is relevant to elaborate a bit further on this ‘state of the art’-defence. It can be questioned what is considered to form the “state of scientific and technological knowledge” that must be taken into account in assessing the discoverability of defects. Stapleton suggests three categories, of: a) defects – absolutely – undiscoverable given the state of the art; b) defects that were discoverable, however only by extraordinary means; and c) defects discoverable by reasonable, ordinary means.35 Stapleton furthermore argues that it would be fair to adhere to the third category, which would be in line with the implemented text of 7(e) PLD in the United Kingdom.36 This provision reads: “…that the state of scientific and technical knowledge at the relevant time was not such that a producer of products […] might be expected to have discovered the defect if it had existed in his products while they were under his control”. The ECJ concluded that the wording of the UK-implementation was not manifestly contrary to the Directive, but that the “argument [of the UK, (RW)] that such national provision permits account to be taken of the subjective knowledge of a producer taking reasonable care, having regard to the standard precautions taken in the industrial sector in question, selectively stresses particular terms used in the provision without demonstrating that the general legal context of the provision at issue fails effectively to secure full application of the directive.”37 The ECJ points out that a producer relying on the 7(e)-defence, must prove that the objective, most advanced state of the art, not limited to the industrial sector concerned, was not “such as to enable the existence of the defect to 28 Article 6(1) PLD. Article 4 PLD. 30 Article 3 and 5 PLD. 31 Article 9(b) PLD. 32 Article 7(b) PLD. 33 This is a minimum-harmonization provision, allowing states to take regulatory measures allowing the establishment of liability for producers even when can be proved that a defect could not have been discovered based on the state of the scientific and technological knowledge at the time a product was put into circulation, see Article 15(1)(b) PLD. 34 Article 7(e) PLD. 35 Stapleton 1994, p. 239. 36 Stapleton 1994, p. 242. 37 ECJ 29 May 1997, C-300/95, Commission/United Kingdom. 29 7 be discovered”,38 as long as that knowledge had been accessible at the time when the defective product was put into circulation. Despite this judgment, there still is no consensus amongst EU Member States on the application of the state of the art defence, concluded the European Commission in 2011.39 Some member states even argue in favour of removing this liability exclusion clause from the Directive, for that would lead to a better functioning of the internal market. Industry and insurance companies point out that when such should happen, this would have a direct negative impact on the speed of innovation and the development of new products, and lead to higher insurance costs.40 3.2.2 Addressing the questions under the Product Liability Directive Defective product The scenario sketched in paragraph 3.1 provides that there was a failed update to fix the error in the software processing data from sensors placed on the exterior of the car, which measure the distance between the car and (speed, distance and direction of) other objects surrounding it. This sensory information provides input to a mechanism able to interfere with the systems controlling the direction and the speed of the car on the road, which are able to actuate an emergency-stop of the car, in case objects get into a too close range. Assuming that this is one of the key safety systems of Autonomous Intelligent Cars, the question can be addressed whether or not the AIC was at the time of the accident lacking the amount of safety “which the public at a large is entitled to expect”. Although the scenario does not provide much detailed information on the actual ‘defect’ and other relevant circumstances, one may assume that “the public at a large” should expect an accurate link between systems processing sensory information on speed, distance and direction of other objects on the road and the systems controlling the speed and direction of the car itself. And, if such connection fails, that the driver of a car is properly informed of the existing safety failures. Should that not be the case, victims may be able to prove the existence of a defective product. Damage: personal injury or damage to private property The scenario draws that the accident led to both personal injuries and damage to private property, which are the (only) two categories of damage that may be compensated on behalf of the Product Liability Directive. One should note that for instance compensation for damage to the AIC itself cannot be sought from the manufacturer based on the PLD. Furthermore, no damages have to be paid below the amount of € 500,-. Causal relationship The Product Liability Directive does not provide a definition of causality, which is (thus) left to the Member States. Various concepts of causation are used, although in every jurisdiction a “condition sine qua non” (CSQN)-test is applied to establish links between conduct or cause and damage.41 The CSQN-test asks the question whether or not damage would also have occurred without a certain occurrence, being for instance a conduct or negligence. In ‘our’ case, a CSQN-test may be formulated as follows: would the damages to the cyclists and their bikes also have occurred without the defect in the sensory information processing software in the AIC? Given for instance the circumstance that the cyclists ignored a red traffic light – which in case they didn’t may well have prevented the accident, and the suggested fatigue of the driver who may otherwise have had interfered with the self-driving mechanism, this may not be established easily. 38 Idem. Fourth report on the application of Council Directive 85/374/EEC of 25 July 1985 on the approximation of the laws, regulations and administrative provisions of the Member States concerning liability for defective products amended by Directive 1999/34/EC of the European Parliament and of the Council of 10 May 1999, COM(2011), 547 final, (Fourt Report PLD) p. 9-10. 40 Idem. 41 See Van Dam 2006, p. 266-268. 39 8 Contributory negligence Linked to the causality question, the PLD provides that liability of the producer may be reduced or disallowed when the injured person contributed to the causation of damages. The facts that the cyclists didn’t obey the traffic rules and the driver’s condition, may well constitute a reason for at least the limitation of liability of the producer. Defences It is questionable if for instance the “state of the art”-defence would lead to an escape from liability of the producer – should it be established. The producer of the AIC depicted in the 3.1-scenario must then prove that the state of the “scientific and technical knowledge was not as such as to enable the existence of the defect to be discovered”. He may state that the objective state of the art could not reasonably foresee the existence of the error, and that as soon as this error surfaced, he provided a “bug fix” – which was applied to the car. In order to provide some appropriate guidelines for answering the proposed questions, more information would be required on the exact (mal)functioning of the initial software, the ‘bug fix’, the behaviour of the driver influencing the behaviour of the AIC, and the behaviour of the unfortunate cyclists, to draw more accurate conclusions as to the causal relationship between the defect and the damages, contributory negligence and the state of the art defence. These kinds of factual information are to date not easily (re)constructed after an accident took place – but may be in the future. See for example the possibilities a ‘black box’ could offer in paragraph 4. 3.3 Less harmonized: framework on liability for motor vehicles Despite the EC’s attempt in 2002,42 there is currently no framework in place harmonizing rules on liability for damages following from incidents with motor vehicles in general, which is thus individually addressed by the legal regimes of the Member States. The European Commission has issued six Directives on Insurance for motor vehicles, of which one is still in force to date.43 The Motor Insurance Directive44 regulates civil liability insurance for motor vehicles throughout the EU Member States, without setting material norms for determining and apportioning liability. 3.3.1 France In 1985 the French bill “tendant à l’amélioration de la situation des victimes d’accidents de la circulation et à l’accélération des procédures d’indemnisation", the Loi Badinter, was enacted. Its objectives are to compensate the victims of all traffic accidents in which a motor vehicle is involved, to reduce the amount of procedures before court and the large amount of ‘unfair’ transactions between insurers of motorists and victims of traffic accidents.45 The Loi Badinter installed a very strict no-fault liability regime for drivers of motor vehicles which are involved in traffic accidents, obliging the drivers to compensate damages suffered by all “victims other than drivers”.46 Article 3 reads: “Les victimes hormis les conducteurs […] sont indemnisées des dommages résultant des atteintes à leur personne qu’elles ont subis, sans que puisse leur être 42 Its attempt was to harmonize rules on liability for damages caused by motor vehicles to (non-motorized) cyclists and pedestrians, see Van Dam 2006, p. 369. 43 See for an overview: http://ec.europa.eu/finance/insurance/legislation/index_en.htm#maincontentSec8. 44 Directive 2009/103/EC Relating to insurance against civil liability in respect of the use of motor vehicles, and the enforcement of the obligation to insure against such liability 45 See A. Tunc, “The ‘Loi Badinter’ – Ten Years of Experience, Maastricht Journal of European and Comparative Law, vol. 3, 1996 (Tunc 1996), p. 329-311. 46 See Tunc 1996, p. 330. 9 opposée leur propre faute”. One exception to the driver’s liability is formulated: “à l ’exception de leur faute inexcusable si elle a été la cause exclusive de l’accident”, only in case an accident is caused by the inexcusable fault of the victim, the driver does not have to compensate the damages. The Loi Badinter furthermore provides that if victims are younger than 16 years of age, older than 70 or at least 80% invalidated, they are to receive full compensation. One of the major rationales for the French legislator to implement this strict liability system for motorists, it is stated to be that it is often hard, if not impossible to establish the exact cause of an accident, and the level to which a conduct or negligence of the victim had contributed to the accident.47 The rules of the Loi Badinter have been explained by and further developed in case law. It became clear that also vehicles that are not actively involved in an accident, for instance parked cars,48 or cars not involved in the accident at all, which were in the proximity of the accident,49 may fall under its scope, which Tunc describes as “any kind of relation between the car and the accident is sufficient to create the insurers duty”50 to compensate damages. The inexcusable fault of a victim, limiting the drivers’ liability is very narrowly construed: only if the driver can prove that a victim intentionally caused the accident and the damages related thereto, the driver can escape from liability. For instance the case in which a victim who wore dark clothes at night, who was walking in the middle of the road, drunk, trying to fetch a lift home, and who was eventually caught by a car, still led to the liability of the driver. Tunc observes that “For practical purposes, the exception to automatic protection of non-driver victims has been eliminated from the law”.51 Under the French liability regime, one may conclude without much doubt that the driver of the Autonomous Intelligent Car can be held liable for the damages done to the cyclists and their bikes, albeit their disobeying the traffic rules. 3.3.2 Netherlands In the Netherlands, the Wegenverkeerswet (WVW) provides rules for assessing liability for damages caused by motor vehicles. Article 185 WVW installed a (semi) strict-liability system, which states that the owner or keeper of a motor vehicle can be held liable for damages to goods and persons, other than those inside a motor vehicle, caused by an accident in which a motor vehicle is involved, while driving on a public road. Compensation for damages suffered by victims inside a motor vehicle is governed by the general rules on liability, stated in article 6:162 of the Dutch Civil Code. Keepers or owners of motor vehicles can escape from liability proving force majeure: occurrences of which not the driver but rather the victim, or a third party must be accounted for, causing the accident – and the damages following from it. Force majeure is not easily accepted: the driver of a motor vehicle must prove that he cannot be blamed at all, and that the accident was caused solely by “improbable and unforeseeable behaviour of others”, which the driver could not reasonably take into account. In that respect, it must be noted that drivers of motor vehicles have to anticipate the incautious 47 See Tunc 1996, p. 333: “… it is often difficult, practically, to judge it [the victim’s behaviour, RW] and decide whether it was impeccable, erroneous or faulty. Most of the time, the circumstances of the accident are not clear enough to permit a judgment”. 48 See for a overview of case law on this point Van Dam 2006, p. 360, footnote 28. 49 See Van Dam 2006, p. 360. 50 Tunc 1996, p. 335. 51 Tunc 1997, p. 335. 10 behaviour of other traffic participants.52 The bus driver who hit a bicyclist did not reasonably need to expect the behaviour of the cyclist ignoring a red traffic light, while the chauffeur drove slowly (3035 km/h), passing a green traffic light.53 Should the driver not be able to prove force majeure, the Dutch system sets strict rules on the apportionment of damages to be paid to victims of accidents in which motor vehicles are involved. At least 50% of the damages needs to be compensated by the owners or keepers of motor vehicles. In the apportionment and the allocation of damages amongst the parties involved in the accident, judges take into account if, and to what extent, the ‘own fault’ of the victim contributed to the accident. Percentages of ‘causality’ between the motorists and victim are first taken into account, assessing to which extent behaviour of both parties contributed to the origination of the accident in an objective manner, which can afterwards be ‘corrected’ if reasonableness requires so. Case law of the Supreme Court of the Netherlands provides that the ‘correction for reasonableness’ implicates that whenever a victim is younger than 14 years of age, he will receive 100% compensation, unless intent or gross recklessness at the victims’ side can be proved.54 For victims older than 14, the Supreme Court formulated the 50%-rule: reasonableness requires that even when the victim contributed to the accident (but not in such way that this would constitute force majeure), at least 50% of the damages are to be compensated by the motorist. The ‘Betriebsgefahr’, or dangers involved in and inherent to the operation of a motor vehicle on the public road forms the rationale of this rule.55 For the other 50% of the damages, first the causality is assessed, which can in turn be corrected for the sake of reasonableness. Considering the scenario, it can be predicted that at least 50% of the damages of the bicyclists must be remunerated by the AIC-driver, given the current WVW-regime, for there is ‘Betriebsgefahr’ involved in operating motorised vehicles. Force majeure will be hard to prove, since the case suggests some fatigue at the side of the driver, that he could have noticed the cyclists, and that not only the victims are to blame for causing the accident. It can be objectivised that also the cyclists had part in causing the accident, for they ignored the traffic rules, and crossed a red light. It is hard to predict the outcome of the assessment of a reasonableness correction, although it could very well be that also the cyclists have to take their share in compensating the damages. 3.3.3 United Kingdom In the United Kingdom, the liability regime for damage inflicted by motor vehicles is based on negligence rules. There is no strict-liability regime in place, although the standard of care required from drivers of motor vehicles is rather high. Case law explains that a driver losing his conscience without his fault was acting negligently,56 and so did the driver whose brakes failed, while this failure 52 See for instance T. Hartlief, “Hoofdstuk 5 Aansprakelijkheid voor motorrijtuigen”, in: J. Spier, T. Hartlief, A.L.M. Keirse, G.E. van Maanen and R.D. Vriesendorp, Verbintenissen uit de wet en Schadevergoeding, [AANVULLEN], (Hartlief JAAR), p. 165-166. 53 Supreme Court of the Netherlands 22 May 1992 (ABP/Winterthur), NJ 1992/527. 54 Supreme Court of the Netherlands 31 May 1991 (Marbeth van Uitregt), NJ 1991/721. See also Supreme Court of the Netherlands 1 June 1990 (Ingrid Kolkman), NJ 1991/720, furthermore Hartlief JAAR, p. 163-164. 55 Supreme Court of the Netherlands 2 June 1995 (Marloes de Vos e.a.), NJ 1997/700-702, and 5 December 1997 (Saïd Hyati e.a.), NJ 1998/400-402. The notion of ‘Betriebsgefahr’ is borrowed from the German Straβenverkehrsgesetz. 56 Roberts v. Ramsbottom [1980] 1 WLR 823, also cited in Van Dam 2006, p. 364, footnote 52. 11 could not have been foreseen.57 However, victims of accidents caused by motor vehicles have to prove that the drivers were at fault, that is: acting negligently. There is one rule of statutory duty that sets to some degree a strict liability for drivers of motor vehicles approaching a crossing in the road: “The driver of every vehicle approaching a crossing shall, unless he can see that there is no passenger thereon, proceed at such speed as to be able if necessary to stop before reaching such crossing”.58 A defence that a driver has in this respect is force majeure. Drivers being held liable motivated with claims concerning negligence at their side, may defend themselves by stating contributory negligence of victims, regardless their age.59 The English system differs significantly from most other EU regimes on liability for motor vehicles. In the first place, victims have to prove the negligent conduct of the driver who caused them harm, whereas in for instance the Netherlands and France there is a strict/no fault liability regime for either owners/keepers of motor vehicles, or drivers of motor vehicles involved in an accident. Furthermore, English drivers may invoke a contributory negligence claim, which may – in theory – free them from liability, while this is (almost) impossible in France, and in the Netherlands this may lead to a maximal reduction of 50% of the liability of owners/keepers of motor vehicles causing damage to non-motorised traffic participants. It cannot be easily predicted how the English system would qualify matters as explicated in paragraph 3.1. The three bicyclists have to prove that the driver was acting negligently – however that shall be hard for them to prove. The driver may rely on the reported technical state of his vehicle. It can be in his favour to show that his vehicle passed all necessary tests and certifications, and that the defect in the sensory software was beyond his control. Furthermore, the driver could argue contributory negligence of the cyclists, whose behaviour was contrary to traffic rules after all. 3.4 Interim observations The regimes on (harmonized) product liability and on (non-harmonized) liability for damages caused by accidents in which motor vehicles are involved, have not been drafted with the emergence of Autonomous Intelligent Cars ‘in mind’. Most of these regimes use a concept of causality for determining and allocating liability. The notion that cars are becoming more ‘autonomous’, and thus less rely on the input of human operators, and that these cars are increasingly ‘intelligent’, able to operate in changing environments, proposes a challenge in terms of determining causality. A higher level of autonomy may implicate that it is harder to establish the exact cause of a damage inflicting accident. In the sketched scenario, it is hard to prove the relationship between the failed self-update, the behavior of the driver and the damage to the bicyclists disobeying traffic rules. For a claimant, it will be an uneasy task to underpin a claim towards the producer of the car: to prove that the AIC was defective, and that the defect caused or contributed to the origination of the accident. Whereas in most EU jurisdictions the driver or holder of a vehicle will be held (strictly) liable for at least a portion of the damages caused by accidents in which AIC are involved, autonomous intelligence makes it 57 Henderson v. HE Jenkins & Sons and Evans [1970] AC 282, cited in Van Dam 2006, p. 364, footnote 53. Van Dam further takes notice of Worsley v Hollins [1991] RTR 252 (CA), in which the judges held that the victims claim for negligence failed, for the defendant could prove that although his braking systems failed causing damage, his minibus was recently serviced and passed the MOT. 58 Cited in Van Dam 2006, p. 365, footnote 57, referring to Reg. 3 of the Pedestrian Crossing Places (Traffic) Regulations 1941, replaced by the Zebra Pedestrian Crossing Regulations 1971, SI 1971, No. 1524. 59 Van Dam 2006, p. 375 notices that “it is hard to establish contributory negligence of young children under the age of 7”. 12 difficult to establish the respective influences on the origination of the event causing damages, and therefore the definitive apportionment of liability. Uncertainty regarding causation of damages could lead to reluctance of developers to innovate in this field, for legal uncertainty will follow from the fact that it will be harder to calculate liability risks in this respect. Legal uncertainty is observed to often form an impediment to innovation.60 Willingness of consumers to adopt AIC technology may also depend on the question whether or not liability for damages caused by autonomous vehicles they own or drive can be insured. Introduction of AIC thus proposes challenges in terms of the current regulatory framework. Problems in this perspective may interfere with the very objective of liability regimes to fairly apportion risks. A regulatory solution could be to install a regime of strict no-fault liability for damages in which AIC are involved, for drivers or owners of these vehicles, and a more strict product liability regime. With regard to liability of owners and/or drivers of AIC, it would therefore be necessary to harmonize the respective liability regimes of Member States, which has not proven successful in the past at this specific topic. Furthermore, a too stringent liability regime for producers is also observed to form an impediment to innovation.61 Besides optimizing the regulatory framework on liability for damages in which AIC are involved, a practical contribution to a solution of determining the causation of damages could be to equip these vehicles with tracing mechanisms, recording and/or sharing movements and control-actions of these vehicles. 60 See for example J. Pelkmans & A. Renda, “Does EU regulation hinder or stimulate innovation”, CEPS Special Report No. 96/2014 (Pelkmans & Renda 2014), p. 8. 61 K. Horsey & E. Rackley, Tort Law, Oxford: Oxford University Press 2013, p. 363. 13 4. AIC tracing technology and information privacy 4.1 AIC tracing technology? Insurance companies sketch that the emergence of Autonomous Intelligent Cars could lead to a shift in motor car insurance. While the advent of AIC technology is promising in terms of increased safety on the roads, resulting in less damage to be covered for, it is also thought that severity of accidents may increase the amount of damage caused by AIC accidents.62 They also observe that accidents caused by autonomous technology “would need extensive software and hardware analysis expertise in order to how and why it occurred”.63 One of the options to assess the cause of an accident, and therefore to aid in answering the question of where liability lies, could be to equip vehicles with black boxes, or with telematics technologies connecting AIC to a dedicated infrastructure, and/or to remote servers.64 Objectives of these types of technologies are amongst other things to record movements of autonomous cars, and operational choices that are made by either the car itself or the driver controlling its movement, as well as data concerning events and objects in the vicinity of an autonomous vehicle. While black box technology would be in a way similar to the functionalities that airplanes are currently being equipped with, leaving the gathered data inside the vehicle and offering a potential for assessment for instance after an accident took place, telematics technology may have wider applications. Telematics technology could not only be used for assessing errors and damage causes after accidents have happened, it could even contribute to preventing accidents from happening. Examples of telematics technology for that purpose, are Vehicle-to-Vehicle communication (V2V), for collision prevention between cars, and Vehicle-to-Infrastructure communication (V2I), for “safety, mobility and environmental benefits” in general.65 V2I are to “provide continuous, real time connectivity”66 in the operation of AIC on the roads. Although black box technologies and telematics solutions as V2V and V2I communication may be promising in terms of preventing accidents and distributing damages caused by AIC-accidents, the right to information privacy of people inside and surrounding cars equipped with these kinds of technology (error tracing technology), should be carefully observed. 4.2 Current framework Privacy has been defined by Warren and Brandeis in 1890 as “the right to be left alone”.67 It is the fundamental right of citizens that sees to the protection of a (both virtual and physical) personal sphere, in which neither the government nor other citizens should interfere without permission. Many forms and types of privacy have been recognized in literature. These can be categorized for instance as relational privacy (comprising communicative, physical, medical and spatial privacy), versus information privacy.68 Information privacy is the right to control the use of the personal information held by others than the individual it concerns. It is this kind of information that can be 62 See for instance Yeomans 2014, p. 15, 18, and also A. Sharman, “Driverless cars wait for green light”, FT.com, 8 December 2014, via http://www.ft.com/cms/s/0/6572716e-7565-11e4-a1a9-00144feabdc0.html#axzz3TbnUD5DB (Sharman 2014). 63 Yeomans 2014, p. 18. 64 Yeomans 2014, p.18. Also Sharman 2014. See furthermore J.M. Anderson and others, Autonomous Vehicle Technology – A Guide for Policymakers, RAND Transportation, Space and Technology Program 2014, (RAND-report), p. 94-95. 65 RAND-report, p. 81. 66 Idem. 67 S. Warren & L. Brandeis, “The Right to Privacy”, Harvard Law Review no. 4, 193, 1890. 68 See for a different view for instance R. Finn & D. Wright, “Seven Types of Privacy”, Selected works of Michael Friedewald 2013 (Finn & Wright 2013), via http://works.bepress.com/cgi/viewcontent.cgi?article=1070&context=michael_friedewald (last accessed on 11 March 2015), who distinguish between Privacy of: the person; behaviour and action; communication; data and image; thought and feelings; location and space; and association. See also D.J. Solove, Understanding Privacy, Cambridge (Mass.): Harvard University Press 2008 […]. 14 collected, processed and stored through AIC tracing technology. In the European Union, a regulatory framework is in place harmonizing the (informational) privacy of citizens. Article 7 of the Charter of Fundamental Rights of the European Union (Charter), which is an integral part of the Lisbon Treaty, states that “Everyone has the right to respect for his or her private and family life, home and communications”.69 Article 8(1) Charter adds that “Everyone has the right to the protection of personal data concerning him or her”. 8(2) specifies that such data should only be processed for specified purposes, which may only be done after the consent of the person concerned, or on another basis “laid down by law”. Furthermore must everyone have access to the collected personal data, and everyone must have the right to rectify the data. Paragraph 3 adds that an independent supervisory authority should see to the compliance with the rules. 4.2.1 EU Data Protection Directive There are a number of? harmonization directives providing more detailed rules on information privacy, of which the Data Protection Directive dating from 1995 (DPD) forms the core.70 This Data Protection Directive is currently being revised, and will eventually be replaced by the Data Protection Regulation, which shall have a direct effect in the Member States.71 4.2.1.1 Core values The objectives of the DPD are mainly twofold: It seeks to create a free movement of personal data between the Member States, which has positive effects for the EU internal market, while on the other hand it sets strict rules for the processing of personal data, in line with the protection of the fundamental right to privacy of EU citizens.72 The protection of privacy in general, and personal data specifically, are observed to be beneficial for consumers trust in for instance cross border industry development, and thus innovation and growth.73 The DPD applies to the processing of personal data by both analogue and digital means.74 Personal data are defined as “any information relating to a identified or identifiable natural person”, a datasubject. A person is identifiable when an individual can be identified, directly or indirectly, “in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”.75 Processing personal data is defined very broadly, any action or “operation” with regard to personal data, such as the collection, storage, adaptation and deletion are considered as processing.76 Persons (either legal or natural) processing data are “controllers” in sense of the DPD, those who process personal data on behalf of controllers are called “processors”.77 Personal data may only be processed “fairly and lawfully”,78 and may only 69 This text differs a little from article 8 of the European Convention of Human Rights, which is also applicable in all EU Member States. 70 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. For an overview of the applicable EU regulatory framework on data protection, see http://ec.europa.eu/justice/data-protection/law/index_en.htm. 71 See for the proposed text of the General Data Protection Regulation http://ec.europa.eu/justice/dataprotection/document/review2012/com_2012_11_en.pdf. See for the most recent amendments (last accessed on 12 March 2015): http://lobbyplag.eu/governments/gdpr. 72 See for instance preambles 1-11 to the DPD. 73 See also the Position Paper by Ecommerce Europe, “Privacy and Data Protection, Safety and Transparency for Trust and Consumer Centrality, 2014] (Position Paper 2014), p. 3. 74 Art. 3(1) DPD. 75 Art. 2(a) DPD. 76 Art. 2(b) DPD. 77 Art. 2(d) and (e) DPD. 78 Art. 6(1)(a) DPD. 15 be collected for “specified, explicit and legitimate purposes”, processing should always be in line with these purposes.79 Fair and lawful processing of data may be the case if for instance a data subject gave his unambiguous consent, if it is necessary for the performance of a contract the data subject entered into, or if processing is necessary to comply with legal obligations of processor.80 Special categories of data, concerning inter alia the race, ethnicity, political opinions, religion, health and sex life of a data subject, may not be processed unless the data subject has for instance given his explicit consent, the processor is carrying out obligations of employment law, or processing relates to data which had been made manifestly public by the data subject.81 As a remedy for damages of the data subject that relate to unlawful processing of personal data, the DPD provides that the controller is liable for compensation of these damages, unless he can prove not to have been responsible for the damage causing event.82 Furthermore, Member States are to set up a supervisory authority to inter alia enforce compliance with the DPD-rules, who are also equipped with “effective powers” to investigate and interfere with activities that are carried out contrary to the rules.83 4.3.1.2 Co-regulated: appropriate measures for protection and exporting personal data With regard to processing personal data through networks such as the Internet, the Data Protection Directive provides that there are certain measures to be taken to protect the integrity of data, and at the same time it imposes limits to the export of data to countries which have a lower level of protection than the EU Member States. The DPD states that controller should implement “appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.”84 Security state of the art and implementation costs must be taken into account for the implementation of measures. Furthermore, these “shall ensure a level of security appropriate to the risks represented by the processing and the nature of the data to be protected”. The DPD does not define or indicate when measures are “appropriate”, and is merely left to the Member States. In the Netherlands for example, the national law on the protection of personal data (Wet bescherming persoonsgegevens, which implements the DPD), has delegated this partly to co-regulation by the supervisory authority (College Bescherming Persoonsgegevens), who drafted policy guidelines for assessing the appropriateness of technical and organizational measures for the protection of data.85 With regard to the export of personal data, the DPD provides that in principle the transfer of data to third countries, may only take place if that third country ensures an adequate level of protection. Should data be exported to non-EEA countries, the European Commission must be consulted to verify whether or not the importing country offers adequate protection.86 For example the United States of America, who do not have a regime similar to the DPD, do not guarantee an adequate level of protection in view of the DPD, according to the EC. However, in collaboration with the US 79 Art. 6(1)(b) DPD. Art. 7 DPD. 81 Art. 8 DPD. 82 Art. 23 DPD. 83 Art. 28 DPD. 84 Art. 17(1) DPD. 85 See for instance Richtsnoeren Bescherming Persoonsgegevens 2013, via https://cbpweb.nl/nl/richtsnoeren-beveiligingvan-persoonsgegevens-2013. 86 Art. 25 DPD. 80 16 Department of Commerce, the EC has developed a “safe harbour” framework of principles and frequently asked questions.87 US companies and institutions complying to the safe harbour rules, are considered to guarantee an adequate level of protection in sense of the DPD, and are therefore allowed to ‘import’ personal data from the EU. 4.2.1.2 Qualification of AIC tracing technology Are the data collected and processed using black box or telematics technology in Autonomous Intelligent Vehicles personal data? This may be the case if these data identify or can, even indirectly, identify a natural person. Location data of AIC do not directly identify a natural person. However, it can be (easily) constructed on the basis of combined data that for instance location data of the AIC on working days between 8.00 and 8.30, plotting the route from A (a house address) to B (a certain office address), can identify the owner of a vehicle who happens to live at A and work at B. In that case, these location data logged in a black box, or communicated and stored somewhere in the cloud through for instance V2I communication, are considered personal data. Should not only location data be processed, but for example the vehicle be equipped with camera’s monitoring the behavior of people inside, and maybe even in the surroundings of the car, data are recorded representing natural persons, who can be directly identified from the images. For also the race of the filmed persons can be deducted, these form special category data. Processing data, such as location data, for instance through recording and storing (in a black box), and/or through real time communicating with other vehicles (V2V) or an infrastructure (V2I) is only allowed insofar this is done on a legal basis, as long as processing takes place for a specified lawful goal. It is at least questionable if the general processing of “all data available” generated through AIC tracing technology would be proportional to a goal of for instance accident prevention or analysis. A legal basis may for example stem from specific applicable legislation, which is to date not in place regarding autonomous vehicle information in the EU.88 Without a basis in legislation, controllers, such as manufacturers, insurers, employers or road supervisory authorities, should for example obtain the permission of the individuals (drivers, but maybe also passengers, and people outside the vehicle) in order to comply with the requisite “fair and lawful” basis for processing. Processing special category data is more strictly regulated: this may not take place in principle, unless a legal exception allows this specific processing, which may be the case inter alia if data subjects gave their explicit consent. Personal data must be stored (either in black boxes or on Internet-servers) under such conditions that appropriate measures have been taken to protect these from amongst other things loss (deletion) and alteration, or from being hacked into. It is not clear on beforehand which measures are deemed appropriate, as a harmonized approach on this subject is to date not available. National regulations can be relevant in assessing the appropriateness of technical and organizational measures. Furthermore, AIC-data may only be processed in connection with a specified goal. Before 87 See 2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce, via http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32000D0520:EN:HTML. 88 In Germany, car manufacturers (Verband der Automobilindustrie) are developing “Data Protection Principles for Connected Vehicles”, which may eventually form input to a specific legal basis for the processing of vehicle data. See https://www.vda.de/en/topics/innovation-and-technology/network/Data-Protection-Principles-forConnected-Vehicles.html for a recent version of the Principles. 17 collecting, processing and storing these data, data subjects must be informed for which goal(s) personal data will be used. Export of personal data, when this data are for example sent over the Internet, or stored in (cloud) servers outside the country in which the processing originated, should in principle not take place outside the European Economic Area, unless the country to which data are transferred offers an adequate level of protection. This implicates that data may only be transferred to the United States if the company importing the data complies to the Safe Harbour rules. 4.2.2 Forthcoming EU General Data Protection Regulation Some observations can be made considering the forthcoming General Data Protection Regulation (GDPR), although it’s text is not yet definitive.89 The GDPR will be applicable to every company who wants to operate on the European market. It will state that ‘privacy by design’ and ‘privacy by default’ are general principles. Privacy must be taken into account from the beginning of the development of new services, and that the default settings of these services must be ‘privacy friendly’. A risk assessment with regard to privacy issues must be made in advance. Furthermore, data subjects are to be equipped with more rights, for instance with regard to access to data, and they will get a (non-absolute) right to erasure of their data from systems. The rules will incorporate some level of flexibility, and are to be applied more strictly towards for instance multinationals than to smaller enterprises. Supervisory authorities will gain more effective powers to enforce the rules: fines up to 5% of the annual worldwide turnover of a non-compliant company, or whenever greater, a fine of € 100.000.000,- can be imposed. 4.3 Interim observations Rules regarding the information privacy of EU citizens are strictly protected within the European Union and will become more stringent in the near future. The privacy regime creates a framework in which at the same time intercommunal trade is facilitated, while consumers’ privacy rights are guaranteed, also when data of EU citizens are exported to non-EU countries. Strong safeguard of information privacy, and transparency with regard to the rules are observed to form a driver for consumers’ trust, and their adaptation of new services. At the same time, the current – and forthcoming regime(s) may form a challenge for development of autonomous intelligent cars to be equipped with for instance tracing mechanisms. It is for instance not (yet) clear which measures are considered appropriate for the protection of personal data, to be taken by controllers and processors, for assessing these measures is left to the individual regimes of Member States. On a national level, also co-regulation and policy instruments are used in this respect, which does not necessarily contribute to transparency and legal certainty. In combination with a) uncertainty regarding the final text of the GDPR and b) for instance the high fines that can be imposed after the GDPR will come into effect, could be observed to form a challenge for AIC developers. 89 See also: http://europa.eu/rapid/press-release_MEMO-14-186_nl.htm (accessed 17 March 2015) 18 5. Summary and conclusions The development and deployment of Autonomous Intelligent Cars in the European Union can contribute to the EU ambitions of innovation and growth. It is foreseen that this developments towards a fully autonomous vehicle will take place in several steps. Eventually, AIC can be defined as vehicles capable of perceiving data and information, which are able to learn and make decisions based upon their experience, used for transportation of goods or people to a certain destination without the need of human intervention. Autonomous intelligence implies legal challenges. With regard to liability law, it is observed that autonomous decisions of a vehicle can be an extra factor in assessing the cause of damages following from accidents in which AIC are involved. Autonomy will make it harder to pinpoint the factors and their respective shares in the origination of damage inflicting situations. Establishing causation often is crucial for determining liability for damages, unless a (strict/no fault) liability regime allocates liability irrespective of damage causing behaviour. The Product Liability Directive states as a general rule that producers are liable for defects in their products causing damage. This is not a ‘pure’ strict liability regime, which is illustrated by the fact that there are several defences a producer may invoke, and that liability of the producer may be reduced or disallowed when the injured person contributed to the causation of damages. The nonharmonized regulatory frameworks of the Member States on liability for accidents in which motor vehicles are involved vary from strict no fault liability systems (France) to negligence based systems (England). Most EU jurisdictions have incorporated causation principles for determining liability to a certain extent. AIC may form a complicating factor in this respect, for it may become harder to predict liability risks for producers, and inter alia drivers, third parties and their insurers. Legal uncertainty with regard to liability risks can form a hurdle in the development of AIC technology, and at the same time to the adoption and acceptance of autonomous vehicles by EU citizens. A practical solution proposed by insurance companies and developers of AIC, is to employ certain forms of tracing technology in autonomous vehicles. That technology will be used 1) to assist in avoiding damage causing accidents, and 2) in assessing the exact causation of accidents. However, such technology may have severe consequences for the information privacy of those people inside and around AIC. Without properly addressing these questions, consumers’ trust in this technology may not be encouraged. Furthermore, this could lead to liability of producers. A legal solution to the indicated causation challenge could be that applicable liability frameworks are optimized on a European level, in the sense that these will be enabled to address allocation of liability questions in which autonomous intelligent technology is involved. The question remains how the regulatory framework should be optimized, which a) provides incentives rather than hurdles for innovation, which b) will stimulate the acceptance of AIC, thus being beneficial to the economic goals of the EU, which at the same time c) takes into account the core values of inter alia fair apportionment of risks, consumer protection and (other) fundamental rights of EU citizens. That question is too complex to be answered in this paper. It would need more extensive research to identify for instance on which level(s) regulation and enforcement should be installed. An optimal mix should be sought in? top-down regulation (EU- in combination national regulation) and alternative forms of inter alia soft-regulation in the form of self- and/or coregulation, industry norms and standards and (ethical) codes of conduct, in which all relevant stakeholders are able to participate. 19