Privacy and Security: Autonomous Vehicles in the Insurance Landscape

Autonomous vehicles, also known as self-driving vehicles, are a reality and Canada has much to do to prepare for their arrival. All levels of government must start exploring the impact AVs will have on our roads, on the insurance industry and on citizens’ privacy.

Absence of legislation in Canada

The United States, Britain, Singapore and New Zealand are among the leading countries that have embraced AVs and created legislation to oversee their development and deployment. This new legislation provides few barriers toward the implementation of AVs on public roads and encourages innovation in the automotive industry.

Canada, on the other hand, is not as liberal with autonomous vehicles in comparison to its southern neighbour. While our federal government set a budget of $7.3 million over two years to develop AV regulations, the U.S. invested $200 million toward research, development and infrastructure to support the vehicles. Twenty-one states in the U.S. have enacted AV legislation in some capacity. In Canada, only Ontario has engaged in dialogue about autonomous vehicles.

In January 2016, Ontario enacted Regulation 306/15, Pilot Project – Automated Vehicles. This regulation enables the province to issue permits to pilot AVs on public roads under strict conditions. For example, AVs on public roads must have steering wheels and pedals, and a driver must always be present. Rigid regulations like these likely detract AV manufacturers from testing in Ontario. Instead, they flock to other countries that offer a more liberal, hands-free approach.

Apart from the low budget and limited resources, it is difficult creating and keeping up with legislation when AV technology continues to develop at a rapid pace. While Ontario has taken a step in the right direction by opening its doors to automated vehicles, there is only so much it can do without the financial and regulatory support of Ottawa.

Insurance and liability issues In creating regulations around automated vehicles, among other issues, legislatures must consider public safety as well as liability.

Collisions involving automated vehicles will inevitably give rise to claims concerning the malfunction of hardware and/or software. Various companies, such as Audi, have already accepted liability of their AVs if they are involved in collisions while in autonomous mode. We will also see claims against third party applications, which help operate the vehicles. Municipalities may also be held accountable for infrastructure adapted for AV use, without consideration for various safety issues.

There will be disruption within the auto insurance industry the likes of which we have not seen before. The industry will need to transform as regulations are created in response to automated vehicles. Insurers rely on historical data to calculate risk, but due to the novelty of AVs, they lack data on the vehicles.

The inability to calculate risk causes a significant problem for insurance companies. To overcome this, they will look to automotive companies to share data with them. We will likely see a more collaborative relationship between insurers, who need data, and AV manufacturers, who need the support of insurance companies to protect them.

Privacy questions

The data collected on AVs and shared with third party organizations, such as insurance companies, governments and other manufacturers, give rise to significant privacy concerns that legislatures must consider when drafting regulations.

For the most part, automated vehicles are viewed in a positive light. Among other things, they promise to reduce collisions, traffic and emissions. However, there is a price to pay: a breach of privacy.

In order for vehicles to be automated and interact with their surroundings, they must capture their real-time environment. AVs rely on laser scanners, which are constantly scanning and retrieving data. They also learn personal information about passengers, including their daily routine. All of this data is then stored, likely in a cloud, and shared with other vehicles so they can interact on the road. This is also known as vehicle-to-vehicle communication. The data may also be sold or transferred to third parties.

Unlike other technologies where privacy settings can be turned on or off, or drivers can request that their data not be shared, it is unclear whether passengers in AVs can do the same. If they do, are they ultimately limiting the automation of the vehicle and therefore exposing themselves to liability risk?

The Personal Information Protection and Electronic Documents Act is federal legislation enacted to protect personal information when it is gathered or used by private organizations. AV manufacturers must be cognizant of this law and ensure they comply with it. Privacy implications must also be considered when crossing borders and sharing information in a jurisdiction that legislates protection of privacy in a different way.

Protection of privacy goes hand in hand with cybersecurity. Just as a car can be stolen, so can data. If an AV data hub or a connected third party gets hacked, not only will the malicious party obtain sensitive personal information, but it may also take control of the AV, potentially causing harm by remotely operating the vehicle or disabling the brakes while it is in operation.

It is vital for manufacturers to recognize their vulnerabilities and implement security safeguards when handling sensitive information. They should obtain bare minimum personal information, store this information securely, and dispose of information they no longer require in a safe and secure manner.

Obtaining and maintaining cyber insurance may be inevitable for all AV manufacturers.

This article was originally published on the Lawyer’s Daily.