The European Commission Launches a Public Consultation on Connected and Automated Vehicles

The European Commission Launches a Public Consultation on Connected and Automated Vehicles

Client Alert

Authors

On October 24, 2018, the European Commission (“EC”) opened a Public Consultation on a Recommendation that will identify the main challenges linked to the deployment of connected and automated vehicles. Stakeholders, including automobile manufacturers, original equipment manufacturers, automotive (downstream market) suppliers, telecom providers and vendors can submit their views until December 4, 2018.

Background: The EU Strategy for Mobility

The ambition of the European Union (“EU”) is to become a world leader in the deployment of connected and automated mobility. The EC believes that driverless mobility and connectivity will help bring down the number of road fatalities and reduce harmful emissions and congestion. In this context, the EC published a Communication in which it identified the actions it would take to guide the sector and EU countries to reach its objectives. One of these actions is to issue a Recommendation to complement the regulatory framework for connected and automated mobility and to help EU countries achieve a coordinated approach in this respect.

The EC’s Integrated Approach to Connectivity and Automation

The EC expects connectivity to be a major enabler for driverless vehicles in the medium term. For this reason, the EC has always considered the issues of connected and driverless vehicles together. Connectivity refers to communications between vehicles, between vehicles and infrastructure (roads and telecommunications), as well as between vehicles and manufacturers and third-party service providers.

The Consultation: Focus on cybersecurity, data protection and competition

The consultation focuses on three main concerns: Cybersecurity, data protection, and competition.

  • Cybersecurity. The EC is concerned that vehicle connectivity and system integration of thousands of components originating from different sources may bring new threats of cyberattacks, such as hackers taking remote control of a vehicle. The EU’s General Data Protection Regulation (“GDPR”) includes general security requirements that also apply to the processing of personal data collected from vehicles but to date there is no sector-specific approach on the protection of vehicles against cyberattacks.

The EC asks for input on the following topics: What is the need to put into place regulatory measures to secure connected and automated vehicles against cyberattacks? Should automobile manufacturers take responsibility for taking protective measures themselves? What kinds of actions should be prioritized to increase cybersecurity resilience?

What is at stake is to determine who should be responsible for setting cybersecurity rules when developing and introducing connected and automated vehicles in the market; what kinds of cybersecurity measures should be adopted (e.g., safety by design); and the relative roles that authorities and consumers should play in this respect.

  • Data Protection. The EC is concerned that connected and automated vehicles will process increasing amounts of personal data, such as vehicle identification numbers, localization data, speech, fingerprints, image processing for fatigue detection, etc. This may raise several issues under the GDPR, which were identified in a working paper by the International Working Group on Data Protection in Telecommunications. For example, drivers may not be adequately informed about the processing of their personal data; companies may not be relying on a valid legal basis to process personal data; they may process it for an unauthorized secondary use; or they may process excessive amounts of personal data, given the numerous sensors being deployed in connected and automated vehicles.

The EC is asking for input on the extent to which consumers would be willing to give their consent to companies (including companies other than the automobile manufacturers) or public authorities so that they could use in-vehicle data to develop additional digital services or policies (e.g. for insurance purposes, or to increase road safety). In particular, what categories of in-vehicle data would consumers be willing to share with third-party service providers to receive tailored digital services? How would consumers prefer to control the sharing of their information (e.g., through a web-based dashboard or app, a smartphone, or contractual arrangements)?

The EC also wants to determine whether companies see business potential for the re-use of non-personal in-vehicle data (e.g. anonymized data). Finally, the EC asks what kind of data sets companies collect most frequently when developing vehicle digital services and what would help them comply with the GDPR in this regard.

  • Competition. Various economic actors are competing to obtain the large amounts of data that connected and automated vehicles will generate. It is expected that such data will have enormous potential to create new and personalized services and products as well as change existing business models or lead to entirely new ones (e.g., for roadside assistance, vehicle insurance, repair, rental, etc.) The EC notes that automobile manufacturers and digital platforms have privileged access to in-vehicle data and to vehicle resources, such as the possibility to propose services directly to the driver by using the vehicle dashboard. For this reason, the European Parliament has called upon the EC to adopt a legislative proposal that ensures a level playing field on access to in-vehicle data and resources.

In its consultation, the EC is seeking input on how important it is for consumers to be able to choose between different providers of value-added in-vehicle services that are independent from the automobile manufacturer (e.g. providers of information about parking slots, audio-visual media content, electronic gaming, etc.). The EC has announced plans to address this issue through the Recommendation that will follow this consultation.

Standardization: A Key Issue That Is Not Covered by The Consultation

The Consultation does not cover the standards used for connected vehicle communications, although this has been a much-debated issue in the past months. Since the EC strategy requires all vehicles to communicate among each other and with the infrastructure, communications systems will have to be interoperable to a substantial degree. The EC is planning to adopt legislation to ensure such interoperability.

The current debate is whether the connectivity technology should be based on current WiFi technology or planned 5G systems. A number of automobile manufacturers (including German premium brands BMW, Mercedes and Audi), network equipment suppliers (Huawei, Ericsson and Nokia), and Qualcomm, the U.S. chipmaker, have been arguing for a 5G standard into which they have been investing. They argue that setting a WiFi-based standard will block the development of more promising technology and put the EU at an economic disadvantage compared to China and the U.S., which are ahead of the EU in their 5G rollout.

In this debate, Finland, Sweden and Spain have been sensitive to these arguments since they are already ahead in making investments in 5G networks. However, France and Germany are reportedly backing their large volume automobile manufacturers in support of a WiFi standard. Volkswagen plans to start selling WiFi connected vehicles next year, while Renault has invested heavily in this technology. The EC has announced that it will support a WiFi-based standard for vehicle connectivity, but that it is open to amending this when 5G technology becomes available. This would require WiFi and 5G connectivity technologies to be interoperable with each other. The advantage of WiFi is that the technology is ready now and can give large European automobile manufacturers the opportunity to lead in introducing connected cars. On the other hand, 5G technology promises to play a key role in the development of future driverless vehicles.

Next Steps

The EC plans to publish the Recommendation during the first quarter of 2019, together with proposed legislation on connectivity standards. Additional legislative proposals may follow, but not until the second quarter of 2019, after the upcoming European Parliament elections. In the meantime, stakeholders have the opportunity to provide input into the Consultation and advance their interests in the EC Recommendation and subsequent legislative proposals.

Authors

Notice

Unless you are an existing client, before communicating with WilmerHale by e-mail (or otherwise), please read the Disclaimer referenced by this link.(The Disclaimer is also accessible from the opening of this website). As noted therein, until you have received from us a written statement that we represent you in a particular manner (an "engagement letter") you should not send to us any confidential information about any such matter. After we have undertaken representation of you concerning a matter, you will be our client, and we may thereafter exchange confidential information freely.

Thank you for your interest in WilmerHale.