Driverless cars – the legal challenges
A DRIVERLESS car is typically defined as a fully autonomous vehicle (AV) that can drive itself from door-to-door without a human operator and is equipped with internet access. Whilst it may be a few more years before AVs can be fully deployed, the concept is no longer a matter of “if” but “when”, as evidenced by Tesla and pilot projects in the US and Singapore.
It is not surprising why many countries, including the UK and China are working on regulating such vehicles, especially as the use of AVs would result in benefits including improved road safety, reduced emission and congestion, increased productivity and access to mobility.
In this article, we explore three main legal issues that may arise with the introduction of driverless cars.
Allocation of Liability In vast majority of car accidents, liability is usually attributed to the driver rather than the design features of the car, given that the driver is generally considered to have control of the car. However, when an AV crashes, the liability would arguably be an issue of product liability such that responsibility is shifted to the manufacturers.
In Malaysia, the product liability laws generally consist of the law of contracts, law of torts, Consumer Protection Act 1999 (CPA). Product liability involves contract law due to the warranties created through the sale and marketing of the product. Implied warranty by law is provided under the Sales of Goods Act 1957, which states that goods sold shall be of merchantable quality and fit for the purpose for which they are sold. The problem with applying this to AVs is the difficulty in determining its limitations, especially when the cars would be advertised as, and drivers expect them to be, fully autonomous.
The same issue applies to negligence claims under tort law, where one of the elements to be satisfied is the foreseeability of the harm suffered by the victim. The CPA imposes strict liability which is based on the defectiveness of the product, rather than the manufacturer’s conduct. However, if the state of scientific and technical knowledge at the time that the product is put into circulation does not enable the discoverability of the defect, a manufacturer may avoid liability under the CPA. Surely, it is unfair to allow manufacturers to hide behind this “shield”?
As usage of AVs increases, there would theoretically be fewer car accidents and insurance claims. Insurance companies will need to consider adjusting their premiums. Additionally, given the shift of liability of car accidents to manufacturers, a question arises as to whether a “driver” who has no control of the car would need insurance at all. It is arguable that manufacturers should be legally required to insure the car.
Further, with the advancement of artificial intelligence (AI), AVs could possibly cause damage independently of their manufacturer, meaning that liability could shift from the manufacturer to the persons/organisations that were responsible for the design of the AI element of the car. The regulation of such issues is still subject to ethical discussions.
Data Privacy Issues AVs collect data on their real-time surroundings and use the data to improve their driving capability, whether to improve their navigation systems or to predict and react to movements of traffic and people. The addition of connected cars to networks of people and devices creates new opportunities for data to be collected for analytic purposes by various parties.
This brings about compliance issues with data protection laws. The Personal Data and Protection Act 2010 imposes transparency and purpose limitation to the processing of personal data. One challenge would be to ensure customers are aware of how their data will be used and for the data user (i.e. the manufacturer) to inform and obtain consent from the customer of the various purposes for which data could possibly be used. The
Cybersecurity The use of software in AVs, which is connected to the internet, is potentially susceptible to cybersecurity attacks as it becomes an entry point for hackers, who could misappropriate data of the driver and even control the vehicle remotely. Issues will also arise as to whether the manufacturers or software providers should be responsible for the patching of software vulnerabilities.
Currently, cyber attacks are largely dealt with under legislation such as the Communications and Multimedia Act 1998 and Computer Crimes Act 1997, which would seem to be inadequate in the face of increasingly sophisticated technologies involved. The recent decision by the Malaysian government to introduce a new cybersecurity law in Malaysia is to be welcomed given the increasing variety of cybercrimes globally but it appears that the scope of the new cybersecurity law will not address matters such as crime directed at AVs or AI.
Conclusion With our Malaysian-centric ways of driving, it would be interesting to see how driverless cars can be integrated into our society. There are still many uncertainties as to how driverless cars are to be regulated, but one thing’s for certain – the collaboration of multidisciplinary expertise ranging from engineers, software developers to philosophers, governmental organisations, legal specialists and behavioural insight researchers, will be key to a successful driverless future.
Contributed by Nikki Ho Lee Wan-Ling of Christopher & Lee Ong (www.christopherleeong.com).