Currently a growing trend can be observed in the automotive industry – the emergence of automated driving. Several large, established automotive firms, as well as relatively new players, are all busy preparing for the launch of fully autonomous vehicles conforming to the SAE 5 standard, i.e. capable of automated steering, acceleration, deceleration, monitoring the driving environment, and addressing all critical situations without having to rely on human assistance.1
The road traffic sector is very strongly regulated, with a high risk of damage to health and property, and with many interest groups involved (car manufacturers, insurance companies, vehicle owners and operators, etc.). This fact alone is an adverse factor when adopting legislative amendments. In addition, road transport regulation has a significant international dimension, which, although often positive, such as the international unification of transport regulations and recognition of driving documents issued abroad, may complicate flexible adoption of changes in response to the latest, very dynamic technological advancements in this sector.
It is worth mentioning that the International Convention on Road Traffic signed in Vienna in 1968 (the “Vienna Convention”), to which 75 countries including the Czech Republic are parties2, stipulates that every moving vehicle or combination of vehicles must have a driver who shall at all times be able to control their vehicle so as to be able to exercise due and proper care, and to be at all times in a position to perform all manoeuvres required of them.3 The Vienna Convention is reflected in Section 3 (3) of Act No. 361/2000 Coll., on road traffic, which stipulates that only the “persons” specified by the Act may drive motor vehicles. At this point it is impossible to make even an approximate estimate of the time that will be required to bring legal regulations into accordance with the automated driving trend. However, changes will certainly be required if the European automotive industry is to remain competitive. It is interesting to note that the United States of America are not bound by the Vienna Convention, but they are a party to the older 1949 Geneva Convention on Road Traffic4. The latter also requires that every vehicle should have a driver; on the other hand, it does not expressly specify that a human driver should be able to perform all manoeuvres5. Some legal experts are already thoroughly analysing the possibility of putting autonomous vehicles almost immediately into service on US roads6, which could greatly contribute to a faster deployment of vehicles with autonomous systems in the United States.
Even in Europe, it is only a matter of time before self-driving cars are deployed on roads. The development of artificial intelligence, growing computing performance7, falling sensor prices8 and anticipated decrease in accident numbers (according to experts, human error is currently behind up to 90% of all accidents9) are only some arguments in favour of introducing autonomous vehicles to normal road traffic.
Closely related to automated driving is the need to obtain and evaluate a large amount of data, collected by various systems built into the vehicle, including cameras, sensors and radars. As vehicles are used to collect and process data, the aspects of ownership, further use and, in particular, protection of data obtained should be addressed. These are often personal, i.e. pertaining to the person operating the vehicle and other road users.
Personal data processing is currently governed by Act No. 101/2000 Coll., on personal data processing (the “Personal Data Processing Act”); nevertheless, effective from 25 May 2018, the Act will be replaced by directly applicable Regulation (EU) No. 2016/679 of the European Parliament and of the Council, better known as GDPR (the “Regulation”).
Various types of data can be processed when operating modern “smart” vehicles (and not just autonomous ones) with various built-in safety, monitoring and navigation systems. A large proportion of such data provides information on the vehicle itself or objects in its vicinity, i.e. technical rather than personal data (e.g., data from parking sensors detecting the distance of an obstacle). If, however, a vehicle recorded data making a natural person directly or indirectly identifiable, this would constitute personal data (e.g., video recordings, personalised driver profiles, etc.).
There is currently no regulation in the road traffic sector that would address personal data processing and impose the statutory duty to process personal data on vehicle owners and operators. However, it is reasonable to expect that in the upcoming years the Czech Republic will draw inspiration from countries like Germany and require “black boxes” to be installed in self-driving cars to assist in accident reconstruction10. Similar systems already exist, e.g., in airliners.
Thus, personal data processing in the context of car operation is now subject to the Personal Data Protection Act, and will subsequently also be subject to the Regulation after the latter comes into effect. The Office for Personal Data Protection (the “Office”) has even issued several opinions that are primarily related to personal data processing using video recording systems. Nevertheless, the conclusions contained in the positions can also be applied more broadly to other data collecting systems that may handle personal data.
The above include:
Opinion No. 1/2006 – Operating Video Recording Systems in the Light of Data Protection Law (“Opinion No. 1”)11;
Opinion No. 1/2013 – Processing Personal Data via Recordings from Cameras on Unmanned Aircraft (“Opinion No. 2”)12; and
Opinion No. 1/2015 – Operating a Camera in a Motor Vehicle with a Shot Outside the Vehicle (“Opinion No. 3”)13.
Opinion No. 1
Opinion No. 1 deals with the general parameters of video recording systems and determines that the operation of a video recording system is not regarded as personal data processing provided that (i) the data from the video recording are not stored, or (ii) persons are not identifiable from the recording made. It is likely that this conclusion will continue to be valid even after the Regulation comes into effect. If a vehicle uses data only to perform a single calculation without subsequently storing the data, or has a feature which automatically blurs the faces of any persons recorded in the camera’s field of view before processing the data, this will not constitute personal data processing.
Opinion No. 1 further specifies the conditions applicable where the operation of a video recording system corresponds to personal data processing, with the conclusion that the proportionality principle must be employed in that case – it is necessary to specify the purpose of processing, determine processing deadlines, protect the recording, fulfil the duty to provide information to data subjects, provide notification of processing and guarantee other rights of data subjects under the Personal Data Protection Act. These duties need to be reviewed in the light of the changes to be introduced by the Regulation. For example, the Regulation removes the need to provide the Office with notification of personal data processing, but it introduces certain new duties – notification of security violations, right to be forgotten, previous consultation, etc.
Opinion No. 2
Opinion No. 2 deals, in particular, with the proportionality of interference with privacy of persons (data subjects) in connection with the ability of unmanned aircraft (drones) to obtain video recordings also from very private areas (such as gardens), including assessment of the legality of such personal data processing. In the absence of a statutory duty or authorisation to make recordings (e.g., the Czech Republic Police may obtain video recordings and other recordings when necessary), data processing must take place strictly in accordance with the Personal Data Protection Act, and any data collected must be analysed for the presence of personal data, which must be destroyed.
The Office has dealt with an interference with privacy in connection with vehicle operation after the Google StreetView service was launched in the Czech Republic. In the interest of protecting data subjects’ privacy, the Office ordered Google to alter the vehicles in its Google fleet14 by lowering the poles on which the imaging cameras were placed to ensure the vehicles do not disproportionately interfere with the privacy of data subjects, and to blur the faces of data subjects when publishing recordings on the Internet.15
Opinion No. 3
The Office clearly stated in Opinion No. 3 that even obtaining video recordings using cameras placed in a vehicle and storing them for purposes such as, in particular, protection of the driver and passengers, reconstruction of accidents and investigation of other insured events, is considered to be personal data processing and, as such, is subject to regulation by the Personal Data Protection Act. The same conclusion is likely to also apply in the future application of the Regulation, because obtaining video recordings from a vehicle cannot be regarded as an exclusively personal or domestic activity.16
In Opinion No. 3, the Office also presented its opinion concerning the statutory period during which recordings may be stored. The period should not exceed two days. This can be seen as entirely adequate in terms of the need to collect this kind of data. In addition, storing recordings from several cameras and other sensors is quite technically demanding because the data stream from several Full HD cameras places high demands on storage capacity17. The set period for storing a recording may be extended for the purposes of investigating an accident, subject to fulfilment of other duties related to personal data processing.
If recordings from a vehicle’s video recording systems are subsequently used only for investigating extraordinary events and not for any other purposes (such as publishing them on the Internet), such processing need not be notified to the Office. It is again worth mentioning in this respect that the Regulation will no longer require the controller to notify the personal data processing to the Office.
The recording of personal data using a camera in a vehicle is a specific activity in terms of the controller’s duty to provide information to the data subject. Therefore, in accordance with the Personal Data Protection Act, the controller is obliged to inform the data subject about the processing without unnecessary delay after the data are processed, e.g. when the data are used for investigating a traffic accident or some other insured event.
In addition to the above-specified principles, recording using a vehicle’s video recording system is subject to certain other duties under the Personal Data Protection Act and, subsequently, the Regulation, including the principle of proportionality of interference with the rights of data subjects, and the duty to secure the video recordings against unauthorised access.
It can be concluded from the above positions of the Office that the operation of automated driving systems, including recording equipment (black box), is possible even under the currently applicable legislation regulating personal data protection. It can, however, be expected that in the near future the supervisory authorities will decide to specifically regulate the quality and volume parameters of data recorded by a vehicle’s recording device. On the other hand, it is unlikely that the legislature would specify in detail the exact technical parameters of such recordings, e.g. the number of cameras in a vehicle, recording quality or even frame rate18. Regulation of games of chance can be used as a reference; the legislature has long required that the operators of games of chance monitor gaming premises, and governmental authorities even regularly inspect the quality of individual recordings on a regular basis, imposing penalties for any ascertained shortcomings19. However, the technical quality of a recording is assessed only based on verbally defined parameters uninterrupted, non-slowed, with data function, with time function, coloured, bright, clear, distinguishable, etc.
The context of data processing using smart vehicles is incredibly broad. It is necessary to bear in mind that in personal data processing, the vehicle manufacturer must also take into account the various development stages of the software implemented in the vehicle (analysis, design, development, testing, go-live, maintenance, etc.), as well as various forms of the data subject-controller-processor schemes. An autonomous vehicle could share data with the creator of the decision-making algorithms in order to verify the calculations or software functioning, or send the data to the vehicle owner who can engage the vehicle in shared economy, or simply send the car to collect his/her children from the kindergarten. At present, the full range of utilisation of autonomous vehicles is beyond our imagination. It is clear, however, that this will directly depend on data, their processing capabilities and the legislation, which in the near future will undergo considerable changes.
16 Article 2 (2)(c) of Regulation (EU) No 2016/679 of the European Parliament and of the Council
19 Section 72 of Act No. 186/2016 Sb., on games of chance