Font Size: A A A


Driverless car call

UK Government ought to clarify the rules on the sharing of data for autonomous vehicles and for the development of cyber security standards, says an insurer. A report, jointly produced by AXA, insurance lead in the Flourish driverless cars consortium, and UK law firm Burges Salmon, points to emerging issues in the evolution of Connected and Autonomous Vehicles (CAVs) and makes recommendations on investment, data and cyber security to contribute to driverless vehicles development.

The report asks the UK Government to consult on cyber security risks raised by connected transport, and safeguards; and the implications of the General Data Protection Regulation (GDPR) that comes into force EU-wide next year, for connected and autonomous vehicles and access to data for third parties. And the data protection regulator the ICO should clarify what form of consent is required for use of ‘Special Categories’ under the GDPR.

David Williams, Technical Director, AXA said: “Connectivity is fundamental to the evolution of the transport ecosystem but brings with it new and emerging risks, such as cyber security and data protection. The fact is the emerging CAV ecosystem is bigger than any one industry. If we genuinely believe in the societal benefits CAVs can bring then it is incumbent on motor manufacturers, infrastructure providers and transport network operators to standardise and allow access to crucial data. That way, the relevant third parties such as insurers and the emergency services will be able play their part in the event of an accident.

“If we are serious about a world in which children born today will never need to take a driving test then we need to get CAV cyber security and data protection right.”

And Chris Jackson, Head of Transport at Burges Salmon, said: “From the legal perspective, we’ve picked some calibrated recommendations in specific areas because it’s a huge area of importance. It’s difficult to identify the specifics so we’ve broken it down into two parts.

“Firstly security – will this be categorised as operators of essential services and the cyber strategy that flows from that. Secondly, data – there are specifics measures that apply to specific data to draw that balance between usability and the effectiveness of the system opening up the competition but also protecting people’s data. Who is processing it, what is the position of an operator, what is the regulation, what is the basis of consent? For example, do people have the right to turn off location services if they are an effective part of making the system safe? The temptation is for all parties to look at data as one amorphous lump but it’s much wider than that and that’s what we’re working to resolve.”

For a copy of the report, visit:


Related News