TECHNO-REGULATION AS THE AUTONOMOUS VEHICLES’ MANDATORY REGULATORY FRAMEWORK ENFORCED BY THE EU LEGISLATORS

TECHNO-REGULATION AS THE AUTONOMOUS VEHICLES’ MANDATORY REGULATORY FRAMEWORK ENFORCED BY THE EU LEGISLATORS

Oludare Aborowa
Law and Technology
Dr. Maurice Schellekens

Contents
Glossary 4
CHAPTER ONE 5
1. Introduction 5
1.1 Background and Problem Statement 5
1.2 Research Questions 6
1.3 Literature Review 7
1.3.1 Gaps in the Literature 10
1.4 Methods 11
1.5 Thesis Structure 12
Chapter One 12
Chapter Two 12
Chapter Three 12
Chapter Four 12
Chapter Five 13
CHAPTER TWO 13
2.0 Overview of Techno-regulation 13
2.1 Introduction 13
2.2 What is Techno-regulation? 14
2.3 Techno-regulation as a Tool for EU Legislators to Manage Autonomous Vehicle Technology 15
2.4 Understanding Autonomous Vehicles 16
2.4.1 Levels of Driving Automation 16
2.5 Testing Autonomous Vehicles in Europe 19
2.5.1 The Place of Techno-regulation 21
2.6 Conclusion 22
CHAPTER THREE 23
3.0 Introduction 23
3.1 How and AV collects What Data 24
3.1.2. How Data is collected 24
3.1.3. What Data is collected? 26
3.2 Framework Guiding the Processing of Personal Data from AVs 28
3.2.1 EU Charter on Fundamental Human Rights 28
3.2.3 36
3.2.4 European Data Protection Board (EDPB) Guidelines 1/2020 38
3.2 General Data Protection Regulation (GDPR) and Techno-regulation 40
3.3 Enforcing Privacy Compliance by Design 43
3.2.1 Data Privacy and Unauthorized Access 43
3.4 Conclusion 45
CHAPTER FOUR 46
4.0 Introduction 46
4.1 Privacy by Design 46
4.1.2. ISO/IEC Privacy Framework 48
4.2 Legalities of AV Techno-regulation 50
CHAPTER 5 52
5.0 Introduction 52
5.1 Limitations of the Research 52
5.2 Summary of Previous Chapters 52
5.3 Suggestions for Further Research and Recommendations 54
References 56

Glossary
List of Abbreviated Words

1. AV(s): Autonomous Vehicles (s)
2. EU: European Union.
3. NHTSA: National Highway Traffic Safety Administration.
4. ECEA: European Automobile Manufacturers’ Association.
5. ML: Machine Learning.
6. AI: Artificial Intelligence.
7. LKA: Lane Keeping Assist.
8. UNECE: United Nations Economic Commission for Europe.
9. EDPB: European Data Protection Board.
10. GPS: Global Positioning System.
11. IoT: Internet of Things
12. ICT: Information Communication Technology
13. ELKS: Emergency-Lane Keeping Systems
14. RADAR: Radio Detection and Ranging
15. LIDAR: Light Collecting and Running
16. EU: European Union
17. EC: European Commission

CHAPTER ONE
1. Introduction
1.1 Background and Problem Statement
Having autonomous vehicles (Avs), on European roads, seems more of a safety need than market demand. For years, the European Union (EU) legislators and policymakers have proposed improving car technology to enhance their usability and safety. For example, the European Commission (EC) had set a goal to cut the number of road accidents by 2010. The EU developed a pan-European in-vehicle emergency call action plan (eCall) in 2005. This eCall action plan required all new vehicles to be fitted with this technology by 2009. ECall technology would create an automatic call to the nearby emergency service centre for quick response and treatment in case of an accident. Sadly, the technology did not succeed as it was anticipated. Today, road accidents claim human lives and needless destruction of properties. In 2019, more than 22,800 people in the EU succumbed to road accident injuries, 44.2% being passengers or car drivers, while 22.8% were pedestrians. So, are autonomous vehicles free from mishaps and accidents?
Since 1886 when Carl Benz invented and patented his Benz Patent-Motorwagen car model, car technology has never receded. Innovative technology has been improving vehicles to meet various market standards and needs. With advancements in Artificial Intelligence (AI) and Machine Learning (ML), it has become possible to train robots to execute commands and make decisions with minimal human supervision. As a result, the EU has witnessed tremendous growth in the self-driving car industry. The EC believes that automating the functionality of automobiles can significantly improve their safety. In 2021, the EC launched 11 safety-enhancing systems that all new car models in the EU must have before entering the market. The 11 systems included accident data recorders, lane-keeping assists, and an autonomous braking system.
How can the EU enhance the safety of fully AVs? The trends by the EC, including the introduction of 11 automated safety systems that new cars should have, only confirm the readiness of the EU to use techno-regulation as a tool to regulate modern car models. Obliging AV manufacturers to techno-regulate vehicle users and drivers to ensure all vehicles’ autonomous technology determines all driving decisions feasible for the EC. However, legal frameworks would need to be met to ensure that obliging the use of techno-regulation does not violate the rights and liberties enshrined in the European laws. Human rights advocates believe algorithmic decision-making technology and AI significantly threaten social and economic rights.
As a result, using techno-regulation as the regulatory framework to govern the use of AVs in the EU has many positive and negative implications. Can the EU legislators overcome the hurdles and oblige the techno-regulation of AVs without infringing on the fundamental human rights to privacy? This thesis seeks to evaluate the impact and legal questions that would arise if the EU legislators enforce the regulation of AVs in the EU through mandatory techno-regulation.
1.2 Research Questions
The main research question is:
What are the consequences of EU Legislators adopting a techno-regulatory approach for the manufacture and use of AVs in the EU?
Other sub-questions that will be addressed include:
• What is techno-regulation, and how does it regulate technology?
• What are the impacts of techno-regulating AVs on Data Security and Privacy?
• What are the legal implications of enforcing Privacy by Design on AVs in the EU?

1.3 Literature Review
Scholars and authors have provided input regarding AVs, safety concerns, and regulations. For example, a 2020 book by Filiz Caner and edited by Murat Darçın suggests that the world will have more than 25% of autonomous vehicles by 2035. Furthermore, the author suggests that using autonomous vehicles reduces incidents, citing the US Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) statistics showing that human error causes 94% of severe road accidents.
Additional literature discusses how techno-regulation could be used to regulate the use of AVs to improve their safety. The issue of techno-regulation is first addressed by Ronald Leenes, the author of Framing Techno-regulation: An Exploration of State and Non-state Regulation of Technology. Leenes explains techno-regulation as a strategy to ensure the people who would otherwise not comply with legislation are compelled to observe various norms imposed on them. He elaborates on the context of techno-regulations in Information and Communications Technology (ICT) by giving examples of content filtering, whereby specific web pages or information can have restricted access, which acts as a firewall. Techno-regulation is also vividly elaborated by Zaccoginino et al. in their 2019 article by stating that it protects people’s interests from law breaches when using the internet and ICT.
Legal scholars have also deliberated on the legal implications of using techno-regulation to censor people exposed to the technology, including AVs. In his book, Law, Technology, and Society: Reimagining the Regulatory Environment, Roger Brownsword states that technological management will bear the burden of future technology use instead of laws and regulations . To show how technology management will inevitably make some law concepts redundant, such as “Hart’s law model,” Brownsword gives 2061 as the culmination for this transition. Technology management, or techno-regulation, will guide the designing of technology that deliberately excludes the possibility of specific actions that would be otherwise unlawful.
On their part, Gehra, Leiendecker, and Lienke term techno-regulation as compliance by design. In the 2017 BCG White Paper, these authors reiterate the importance of technology providers, explicitly stating that those operating in banking sectors must restrict their technology to ensure safe transactions. Although Leenes agree on the need to have some degree of technology regulations through techno-regulation, they also differ in that Leenes thinks techno-regulation raises legal issues, considering it amounts to subjecting people to rules that are not clear. In contrast, Gehra, Leiendecker, and Lienke affirm that compliance by design is a great way to help companies avoid liabilities that would result from the unethical or unlawful use of their technology.
AV technology’s legal and governing strategies are well represented in today’s literature. Several legislations have provided much-needed input to shape the laws concerning this new technological issue. The first is the 2019 European Parliament Resolution, where the EU acknowledges the need to embrace AV technology. This resolution determined that most road accidents result from drivers’ errors on European roads. Thus, these errors could be minimized by integrating advanced driver assistance systems to control how vehicles change lanes or apply emergency braking. Notably, using such technology would mean drivers do not have the discretion to make all the decisions while on the road. Would that be against the law? In his 2011 article about techno-regulation published in the Netherlands Journal of Legal Philosophy, Oliver Lembcke declares that supporting the enforcement of regulations that protect the “people’s lives is noble, even if it is at the expense of the” constitution’s legitimacy. He insists that we must get serious with environmental regulations by accepting strict control regimes that deny any slightest chance of deviant behaviors or stick to our liberal understanding of the constitution and law at the expense of a better future for everyone. Brownsword has the same idea as he suggests that technology management will replace some laws.
The ideas by Lembcke and the European Parliament Resolution are supported by a 2018 communication by the European Commission, which affirmed that it was time for Europe to unlock the opportunities presented by automated mobility. All these pieces of literature agree that a future of fully AVs is inevitable on European roads. However, there are impeding legal implications, including the concerns highlighted by Taeihagh and Hazel Si Min Lim. They state that there is worry about the ability of European governments to respond promptly to societal implications of the new technologies.
In contrast to Lembcke’s suggestions, the European Automobile Manufacturers’ Association (ACEA) suggests a balanced technological ecosystem. ACEA indicates that the European policy on AI should create room for technological developments and advancements while safeguarding their use. Similarly, a 2011 article by van den Berg supports ACEA sentiments by stating that each new technology should be evaluated to understand whether its use falls outside the existing legal framework. Berg suggests that new technologies can be regulated by either techno-regulation or adjusting the current legal framework.
1.3.1 Gaps in the Literature
A 2020 report presented to the Council of Europe identifies a responsibility gap whereby the current criminal law does not accommodate non-human actors on the roads. So, will the existing criminal law about driving become redundant? Another gap in the contemporary literature is how new technology, such as AV technology, would protect guaranteed human rights and liberties. Notably, implementing techno-regulation as a regulatory framework for AVs would significantly help improve road safety. However, many legal questions must be addressed to ensure the EC does not solve one problem by creating another. Hence, this thesis seeks to identify and address these legal gaps and questions.
1.4 Methods
The crux of this study explains and assesses the relationship between law and technology, specifically legal norms relating to AV technology. It discusses a multi-layered methodology that adopts the regulatory environment as the primary field of its jurisprudential review. It holds the idea that, in this environment, there will be both normative and non-normative aspects, thereby enabling an understanding of how legal rules for AV technology relate to technological management.
A doctrinal research method will be used to facilitate a detailed and exhaustive analysis of the current laws and regulations. This method is suitable for critical qualitative analysis of legal materials supporting the research topic and the hypothesis. A concise analysis of the current legal provisions, such as The EU General Data Protection Regulation (GDPR,) will be used to determine the implications of techno-regulating AVs by design. A comparative analysis of the existing legal provisions will determine the legal tenets that EU legislators can use to enforce techno-regulation on AVs without infringing on people’s fundamental rights and liberties. Furthermore, the doctrinal research method will help determine the balance between regulating AVs technology and ensuring people’s security, liberties, and rights are protected.
The technique will rely on statutes, legal cases, and other primary and secondary sources with detailed information about AV regulations in European countries. The research will refer to legal databases, such as the EUR-Lex website, Taylor & Francis Online, Semantic Scholar, ResearchGate, and HeinOnline. More so, this research will highly rely on the work of Roger Brownsword titled Law, Technology, and Society: Reimagining the Regulatory Environment as a significant source of information about techno-regulation. Besides, this method will help identify the critical legal issues revolving around the safety, security, and privacy rights of AVs.
Furthermore, this study will analyse case studies relating to AVs to highlight non-normative dimensions. The study will consult various market and industry reports on AVs, including strategy documents, vision statements, roadmaps, and findings from stakeholders. This will shed more light on the current state of autonomous vehicles and European law and set the ground for recommendations to improve the identified gaps. Notably, the analysis of the case studies will create an understanding of the discretionary choices made by the regulators concerning security and privacy in using AVs.
The research will look at the effect of the rule of law established by legislation within the context of techno-regulation. Finally, it will deliberate on the advent of techno-regulation as part of the legal intervention and how this method can be incorporated into European AV regulations while considering the need to create a co-existence among all road users, including demographically different pedestrians.
1.5 Thesis Structure
Chapter One
The introduction covers the background, problem statement, the methodology of the research, and a literature review. This section will explain why the topic is important, what questions will be answered, and how the study will be conducted.
Chapter Two
This chapter covers techno-regulation and explains how it is used to regulate the use of technologies.
Chapter Three
This chapter discusses the implications of techno-regulating AVs on the fundamental human right to privacy. It also discusses privacy implications related to techno-regulation of AVs and current EU regulations.
Chapter Four
This chapter synthesizes the literature that addresses the research question; What are the legal implications of enforcing Privacy by Design on AVs in the EU? and provides an answer to the research question. The chapter evaluates how EU legislators can develop and implement techno-regulation for AV technology to ensure privacy, considering the enormous amount of data gathered, shared, processed, and generated by AVs for its safe and effective operation.
Chapter Five
This chapter provides a conclusion that includes limitations of the research and recommendations to improve the enforcement of techno-regulation in technology management.

CHAPTER TWO
2.0 Overview of Techno-regulation
2.1 Introduction
As established in Chapter 1, this thesis seeks to evaluate the implications of techno-regulation as the mandatory framework regulating the use of AVs in Europe. To achieve that objective, it is beneficial fir understand the meaning of techno-regulation and how the EU legislators could use it to regulate the application of autonomous vehicle technology. Furthermore, since techno-regulation is not only used to control the application of AV technology, the chapter will also address how techno-regulation can impact the deployment, use, and management of other technologies, specifically those supported by AI.
2.2 What is Techno-regulation?
Roger Brownsword discussed techno-regulation in his 2015 book In the Year 2061: From Law to Technological Management and the 2019 book Law, Technology, and Society: Reimagining the Regulatory Environment. Brownsword uses two analogies to elaborate on the use of techno-regulation. First, he describes a scenario where the technology regulators (in this case, the legislators) deploy technological fixes that enforce compliance by discouraging non-compliance. One example is using a Global Positioning System (GPS) to immobilize supermarket shopping trollies whereby people using the trollies cannot wheel them outside the bound zones. Brownsword states that techno-regulation could be utilized where automation of tasks eliminates human errors, offenders, victims, and some types of criminal activities . The second analogy Brownsword discusses to elaborate on the techno-regulation is the use of technological fixes to hasten human safety and health. Here, Brownsword references the management of AV technology to eliminate cases of neglecting road traffic laws and enhance the safety of both AV users and other drivers on the roads. From the above examples, techno-regulation is understood to be a method of nudging people into compliance by eliminating the possibility to make wrong decisions. In the process, compliance with the law is guaranteed, and at the same time, risks resulting from non-compliance are significantly reduced.
On his part, Rocco Zaccagnino explains techno-regulation as a way of safeguarding legal interests by hampering any breaches of the law. Zaccagnino refers to the use of the internet and the safety concerns associated with the whole sector of ICT. This author makes inferences from a study investigating how machine learning could regulate access to specific internet programs and pages for parents and underage children. In this case, underage children are blocked from accessing a page on the internet designed for adults.
So, if techno-regulation has been applied in areas where technology is heavily relied upon, how can it be used in AV technology? In their article about governing AVs, Araz Taeihagh and Hazel Si Min Lim insist that autonomous vehicle technology has many benefits but also has some downsides and unintended consequences. The EU governments have avoided imposing stringent regulatory measures on the AV industry to facilitate its growth and encourage investors and innovators to put their money into more research to improve this technology. According to a 2017 strategy paper titled On the Road to Automated Mobility: An EU Strategy for Mobility of The Future, adopted by the EU on May 17, 2017, the EU endeavours to be a leader in developing fully automated vehicles globally. However, the objective cannot be realized unless the EU legislators allow the development and testing of these vehicles. This thesis evaluates the position of techno-regulation and the legal implications if the EU legislators actualize the idea of using techno-regulation as the autonomous vehicle technology’s management strategy.
2.3 Techno-regulation as a tool for EU Legislators to manage Autonomous Vehicle Technology
In his Law, Technology and Society book mentioned in this thesis, Brownsword foreshadows a future where technological management will replace some primary rules and specifies 2061 as the turning point year. The EU legislators can pick up on this idea and create a framework for regulating AVs on EU roads. Instead of managing the use of these vehicles by imposing laws and regulations, why not use technology to enforce compliance? The danger of such a move would be making some primary rules redundant. The practicability and effectiveness of replacing laws with technologically-regulated compliance cannot be determined for now because the rate of manufacture and use of AVs is still low. Is it noble to conclude that the possibility of AVs on the EU roads by 2061 is hyperbolic?
Suggesting techno-regulation as the best framework for EU legislators to manage AVs is based on the realization that this vehicle technology is rising, and the industry may blossom soon. Thus, more computer-driven vehicles will be on the EU roads interacting with millions of other road users with semi-automated vehicles. As EU legislators seek to make balanced laws that guarantee road users’ safety without impeding anyone’s rights, the question arises about whether techno-regulation is the right choice. The EU legislators must understand the aspect of AVs they want to regulate through techno-regulation. Understandably, these techno-regulations have to be implemented at the manufacturing level. It means that there must be guiding principles that all developers of AVs technology must follow to be compliant and ensure their vehicles can be used on the EU roads de jure. For example, the manufacturers might want to understand how to techno-regulate different types of vehicles based on their make, intended use, or autonomous levels.
2.4 Understanding Autonomous Vehicles
Understanding AVs and the industry involved in developing this technology is vital for the EU legislators to make viable, sensible, and applicable laws. Also, this understanding can help everyone else to have a strong argument that the use of techno-regulation is justifiable.
2.4.1 Levels of Driving Automation
The Society of Automotive Engineers, SAE International, provides a vivid description of vehicles, highlighting different levels of automation that can be used to categorize and describe these vehicles.
Levels of Driving Automation Description of Each Level of Driving Automation
Level 0 At level 0, a car is not automated. The driver takes all control and makes all decisions. However, vehicles in this category may still have automated warning systems, including front collision warnings. The vehicles may also have automated emergency systems, such as anti-lock and electronic stability control systems . Thus, the vehicles at this level may provide systems that offer solutions helping in navigation without the drivers’ intervention. However, they are still considered non-automated since these automated response systems are short-lived and only activated on special occasions. The drivers have to make all the decisions while on the road .
Level 1 The driver receives some assistance from the automated systems at this level, but drivers are responsible for other driving decisions. The driver is still in charge of detecting changes in the environment, such as objects on the road, and is accountable for making the required response. For example, vehicles in the EU region have been fitted with automated Park Assist that helps drivers park their cars. Also, Lane Keeping Assist (LKA), which assists drivers from veering off their lanes, is categorized as level 1 . According to a European Parliament’s resolution on the use of AVs in Europe (2020/C 411/01), the presence of automated driver assistance systems such as LKA has proved their usefulness in making the roads safer.
Level 2

The vehicles at level 2 are partially automated . The drivers have the responsibility of monitoring and responding to the driving situations. Also, drivers are responsible for switching off or activating the automation systems. It means drivers can drive without being physically engaged, including taking their hands off the steering wheel. Notably, the drivers should be on the lookout even when they have committed the autonomous driving systems, such as traffic jam assist, and should immediately take control if necessary. Examples of vehicles at this level of autonomy include Tesla’s Autopilot, GM’s Super Cruise, and Nissan’s ProPilot.
Level 3 Vehicles at this level can perform dynamic automatic driving tasks like monitoring the environment . Therefore, drivers can disengage from physically monitoring vehicles while the level 3 automation is activated. Nevertheless, the drivers must take control of the vehicle immediately when necessary. This means that although the vehicles can operate in autonomous mode, the drivers are at liberty of decisions and take full control of the vehicle. Automation at this level includes the Highway Chauffeur System, which enables drivers to fully disengage from physically monitoring and controlling the vehicle while driving on a highway. Vehicles in this category include Mercedes Benz S-Class and EQS.
Level 4 The vehicles at this level can conduct dynamic driving tasks similar to level 3. But unlike level 3 automation systems, the drivers are not required to provide a fall-back. These systems can deactivate the self-driving mode if conditions are not appropriate. Also, vehicles at this level of automation can fully deactivate from the self-driving way when the driver regains full control of the vehicle. The system allows the drivers to conduct various tasks even when the automatic mode is activated.
Level 5 At this level, vehicles do not need drivers. The vehicles can start and complete journeys autonomously.
2.5 Testing Autonomous Vehicles in Europe
In 2017, the EU launched L3PILOT, a project to test the applicability of level 3 and level 4 vehicles. This project paved the way for the large-scale testing of AVs, mainly at level 3. However, recent developments have seen testing of fully AVs (level 5) even though L3PILOT has not yet been completed. Also, the EU members are signatories of the Vienna Convention of 1968, highlighting the traffic rules that all member countries must follow. Although amendments have been made to some articles in this convention to accommodate automated systems, there are no provisions under this rule to accommodate self-driving vehicles. For example, article 8 (i) of the convention states, “Every moving vehicle or combination of vehicles shall have a driver.” In 2014, amendments to this convention affirmed that “systems that influence how vehicles are driven are perceived to follow article 8 of the convention.” Additionally, the amendments to the Vienna convention rules by the United Nations Economic Commission for Europe (UNECE) Global Forum that seeks to recognize the presence of driverless vehicles on the European roads will help actualize the dream of having fully AVs when they come into effect. However, the current laws state that drivers must be present, and they should be able to override the automated tasks and take full control of the vehicle. With such international legislation in effect, it is not easy for the EU to launch level 5 automated vehicles on the roads.
The European Commission released the following table to show how AVs benefit European roads through the European Commission Directorate-General for Internal Market, Industry, Entrepreneurship, and SME.
Manual Drivers
Activation
Deactivation

Takeover request

Minimum risk maneuvers Self-Driving Vehicles
1. Shall not cause accidents
2. Shall respect traffic rules
3. Shall allow interactions with other road users 1. Shall not cause accidents
2. Shall respect traffic rules
3. Shall allow interactions with other road users
4. Shall inform the drivers and passengers
5. Shall be able to detect its limits for automation and minimum risk manoeuvres

The EU legislators can also take note of the international and local legislations that govern the use of vehicles on the roads when developing the guidelines to regulate how techno-regulation will be applied. For example, Regulation (EU) 2019/2144 provides guidelines for implementing Emergency-Lane Keeping Systems (ELKS). This regulation will be enforced beginning July 2022 per the Commission Implementing Regulation (EU) 2021/646 of April 19, 2021 document.
2.5.1 The Place of Techno-regulation
As discussed above, European nations have embraced the idea of having fully AVs on the roads soon. What is clear is that most levels of vehicle automation leave room for the driver to take control. As the EU legislatures continue this discussion, they should consider making amendments to existing regulations, including the Vienna Convention Treaty of 1968, to accommodate techno-regulation. In this case, the driving system is fully computerized, giving the driver little or no room to make decisions while on the road. It is essential to consider techno-regulation as a vital tool that does not take away individual liberties but rather as a strategy to improve safety on the EU roads.
Brownsword suggested that technological management eliminates human errors and reduces the chances of accident victims due to human errors. Countries worldwide have been struggling with the menace of road accidents. Eurostat accident fatalities statistics for 2019 revealed that about twenty two thousand people died in road accidents in Europe, representing 51.2 people per million residents of the EU region. Apart from deaths, many people suffer life-changing injuries, including paralysis. It should be considered if something can be done to prevent these unfortunate scenarios because the cost of not doing it exceeds any negative consequences.
2.6 Conclusion
This chapter has addressed the issue of techno-regulation and how this topic relates to AVs in the European market. Techno-regulation would make AVs safer, considering that all identified errors committed by the physical involvement of human drivers are bypassed. Reports from previous trials on how technology can make the EU road safer, including testing and implementing Emergency-Lane Keeping Systems (ELKS), have shown excellent results. However, using techno-regulation to solve safety issues on EU roads creates new legal challenges addressed in the next chapter.

CHAPTER THREE
3.0 Introduction
Chapter 3 seeks to answer the following question: What is the impact of Techno-regulating AVs on Data Security and Privacy?
There are privacy concerns regarding AVs and their interconnectedness nature, as discussed by Hamid and Al-Tudjman in their book “Towards Connected and Autonomous Vehicle Highways, Technical, Security and Social Challenges.” AV relies largely on radio detection and ranging (RADAR). Light collecting and running devices (LIDAR) to “see” their environment and effectively navigate , including personal and non-personal data from drivers, passengers, road users, pedestrians, and other relevant individuals. For AV to perform as intended, it must interact or engage with other AVs, the Internet of Things (IoT), traffic signs, cloud services, and other connected devices.
Hamid and Al-Turjman claim that the amount of data generated, collected, analysed, and stored to cloud computing and applications is overwhelming, and there are many possibilities for unauthorized access due to the complexity of today’s technologies. According to Keith Naughton, a Bloomberg writer, AV will be generating about 40 terabytes of data every hour from radar, cameras, and other vehicle sensors to navigate roadways, and vehicle manufacturers rely on updated technology that guarantees a continuous stream of user services to maintain hands-free driving and touchscreen apps. Thus, the amount and type of data collected by AVs may make it difficult to control through techno-regulation.
This thesis evaluates the possibility of EU legislators enforcing techno-regulation as the regulatory framework for AV technology. Therefore, the question that arises is: can techno-regulation help address privacy concerns considering the enormous amount of data gathered, shared, processed, and generated by autonomous vehicles?
3.1 How and AV collects What Data
There are many privacy concerns regarding AVs due to the information collected by these vehicles. Understanding how data is collected and what types of data can help determine whether the EU can enforce laws and regulations that will support the growth of AV technology yet ensure privacy without compromising safety.
3.1.2. How Data is collected
It is crucial to identify how AV collects (personal) data to assess the relationship between data protection law concepts and AV. Passengers provide AV with a vast amount of (personal) data, such as travel patterns, destinations, stops, routes, body size (derived from seat settings), number of riders (based on the number of seat belts buckled on each trip), environmental data, musical taste, and so on.
Crash data recorders and journey data recorders are two types of data recorders used by AVs to contact an ambulance or take passengers home, respectively. Due to the very nature of these features, AVs will have access to passengers’ home addresses, blood groups, and other personal information. Journey data recorders capture and store (personal) data while driving the vehicle, whereas crash data recorders collect and store (personal) data before and after a crash.
Sensors, which allow AVs to recognize objects, people, road users, traffic signs, and so on, are also a significant part of AVs. The following are the essential sensors used by AVs:
• LIDAR: This sensor, which uses laser lights to scan over 100 meters in all directions around the AV, can collect data that will be utilized to create a three-dimensional map of the AV.
• RADAR: Radar measures moving objects’ speed, distance, and angle using radio waves. Though less accurate in determining angles than LIDAR, radar can operate in all conditions and can even use reflections to see objects in things rear-view mirror.
• Camera: This is the most widely used sensor because it generates massive amounts of data (millions of pixels) and can recognize colours, making it ideal for scene interpretation.
• Ultrasound: Using sound waves, this sensor determines the distance between AV and nearby objects.
The sensors listed above also describe some of the methods AV uses to collect (personal) data from passengers and pedestrians alike, bringing the personal data collected within the purview of data protection law .
At this point, it is pertinent to mention the mobile vehicular cloud (MVC). MVC is a subset of traditional cloud computing systems which provides cloud services via mobile devices. The MVC is required because it allows AVs to reduce their reliance on remote servers for data processing and storage by utilizing services offered by potential nodes and roadside hardware equipment.
MVC stores data collected by AVs in cloud services hosted on the AV rather than in a remote cloud location. This helps save costs in uploading and downloading data over the web. Finally, by collecting data in their MVC, an AV becomes some sort of mobile data carrier and shares data with other AV’s MVC and vice-versa. Due to the spotty reception of cell networks, satellite connections are the primary source of data collection. An instance of this is Starlink, a satellite internet constellation with about 2000 orbiting satellites, which provides satellite internet connections (AVs included).
3.1.3. What Data is collected?
AVs collect owner and passenger information, location tracking, and sensor data. David Navetta et al. claim that privacy issues must be identified and addressed due to the amount and types of data collected by AVs and AV interactions with MVC and mobile devices. The data collected by AVs and privacy concerns are further discussed below
3.1.3.1 Owner and Passenger Information
AVs must maintain information about owners and passengers to authenticate vehicle usage authorization and customize their comfort, entertainment, and safety settings. Based on these required authorizations and customized settings, drivers and passengers can be identified, and their activities can be tracked. This tracking can be considered an invasion of privacy.
3.1.3.2 Location Tracking
Location tracking using GPS has been a standard feature in AVs since their development. However, Navetta et al. describe how today’s AVs have new features that save navigation and location data in memory and use the AV’s current location and intended route to suggest additional information, which could breach privacy. Today’s GPS has been advanced to improve its ability to include real-time data about traffic conditions and select the best routes based on travel time. It also collects private data like the passengers, workplace, and residential addresses. This confidential data stored by the AV and possibly shared with mobile devices could be used to provide personal information and can be considered an invasion of privacy.
In addition, the data collected raises concerns that can affect society and policies. AV location information provides comprehensive, precise data about activities that include details about people’s profession, family, political affiliation, religion, and sexual activities. If unauthorized parties access this information, it could lead to dire circumstances. Moreover, marketers could use information about where people shop, live, and visit to target them with unwanted advertising. Furthermore, third parties can connect the AV to purposely route the vehicle to a specific location or advertise on the AV screen. Thus, there is a possibility that third parties can access a person’s private area and activity data, which is an invasion of privacy that needs to be addressed.
3.1.3.3 Sensor Data
Human-driven and autonomous vehicles use sensors to collect data about the vehicle and its surroundings to facilitate its operation. However, this poses a privacy concern because data collected includes people and locations captured by the sensors and cameras without knowledge or permission. Furthermore, control systems and voice-recognition technology used by mobile phones and AVs are of particular concern because the devices can identify specific people by their voices and collect and transmit private information about them and their communication. This data can be shared with advertisers and others without knowledge and consent.
3.2 Framework Guiding the Processing of Personal Data from AVs
The EU framework that guides personal data processing from AVs includes the EU Charter on Fundamental Human Rights and the General Data Protection Regulation (GDPR). In addition, the Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector and the European Data Protection Board (EDPB) Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility-related applications also apply to AVs. These documents will be discussed below.

3.2.1 EU Charter on Fundamental Human Rights
The Charter of Fundamental Human Rights of the European Union is based on democratic principles and rules of laws and was developed to preserve the universal values of freedom, equality, solidarity, and human dignity. The Charter aims to promote technology and sustainable development while protecting these fundamental rights.

The EU Charter of Fundamental Rights lists articles addressing data protection and privacy under TITLE II FREEDOMS. Article 7 of the EU Charter of Fundamental Rights addresses the issue of privacy, stating that every person is entitled to the right to respect for private and family life, home, and communication. Article 7.2 adds that the government should not interfere with the rights given under Article 7.1:

“Except such as is by the law and is necessary for a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or the protection of the rights and freedoms of others.”
The specific consideration that can apply to AVs is the right to respect peoples’ private communications. AVs use technology to control data communication. This data includes communication between the driver’s vehicle and other vehicles and the surrounding infrastructure and environment. In addition, today’s AVs connect people’s smartphones with the vehicle’s communication system. Thus, personal information communicated on a smartphone is shared with the vehicle and it appears that there is no right to respect for a person’s private communications in an AV.

Although Article 7 supports privacy rights, it can be argued that advancing AV technology in the EU region supports the economic benefit of the country. In this regard, the EU legislators have grounds to techno-regulate the development and deployment of AVs to be privacy compliant by design if they can structure this regulation to appear to be protecting fundamental human rights and, in this case, privacy, as described in Article 7.

Article 8 of the EU Charter of Fundamental Rights addresses the protection of human data and applies to AVs. Article 8.1 states, “Everyone has the right to the protection of personal data concerning him or her.” Also, Article 8.2 continues this topic by adding that the data must be fairly processed as specified based on the user’s consent or the law. In addition, it states that all people have the right to access any data collected about them and have it rectified. Finally, Article 8.3 concludes with the statement: “Compliance with these rules shall be subject to control by an independent authority.”
The European Commission (2012) defines independent authorities as public authorities based in EU member states that supervise the application of data protection laws using powers of investigation and correction. Their tasks include providing expert advice on issues related to data protection, as well as handling complaints about violations of the Charter and other relevant laws. This statement leaves compliance open to interpretation by each independent authority. An issue is whether an independent authority can be knowledgeable not only about EU laws but also about how motor vehicle companies can incorporate them into the design and development of their AVs.
3.2.2 General Data Protection Regulation (GDPR)
Based on the principles described in the Charter of Fundamental Human Rights of the European Union, the EU developed legislation to protect the rights of its citizens. The EU realized that technology could infringe on human rights, so it passed the European Data Protection Directive in 1995 to establish minimum security and data protection standards. As technology and data collection continued to grow, and people began suing companies for data infringement, the data protection authority in Europe stated that the EU needed to document “a comprehensive approach on personal data protection.” This led to the European Parliament’s passing of the GDPR in 2016 and the requirement for organizations to comply in 2018. In addition, the EU GDPR is believed to be the world’s most challenging security and privacy act because it obliges all organizations that collect or process data related to anyone in the EU to follow its regulations or be subject to strict fines for violations of security and privacy standards.

The EU took a bold step when it passed the GDPR. The GDPR aimed to “control the collection, process, and management of personal information in the EU and protect the rights of EU citizens.” The regulations consist of the following six principles:
1. The lawfulness, fairness, and transparency principle states that organizations should be transparent and fair concerning their privacy policies, and the guidelines should not violate necessary laws.
2. The purpose limitations principle states that organizations should clearly state the purpose of their data collection, and the data collected should not exceed that stated purpose.
3. The data minimization principle states that only required data should be processed.
4. The accuracy principle states that only accurate data should be processed and stored.
5. The storage limitations principle states that data no longer required should be deleted.
6. The integrity and confidentiality principle states that data should be processed to ensure appropriate security of personal data, including protection against unlawful processing or accidental destruction, loss, or damage.
Many of the regulations and principles/articles of the GDPR directly apply to AVs. Article 1 states, “The protection of natural persons about the processing of personal data is a fundamental right.” This critical statement was also addressed in the Charter of Fundamental Human Rights of the European Union. Protection and privacy go hand-in-hand. Article 2 explains that the principles and rules outlined in the GDPR are meant to protect people by regulating the processing of personal data. Principles that apply to AVs will be discussed below.
Article 6 of the GDPR acknowledges the difficulties and challenges of protecting personal data due to the rapid development of technology and the globalization of data collection and reporting. However, this regulation recognizes that most people make their personal information available and claims that private and public companies use technology to collect personal data to perform their activities. In the case of AVs, data collection is necessary for the proper functioning and safety of the vehicles. This regulation clarifies the EU expectation regarding personal privacy and data protection: “Technology has transformed both the economy and social life, and should further facilitate the free flow of personal data within the Union and the transfer to third countries and international organizations while ensuring a high level of the protection of personal data.” Thus, the expectation for ensuring that technology protects personal data while also using the data as necessary for necessary functionality must be balanced among companies that collect personal information.
Article 26 goes on to say that the “principles of data protection should apply to any information concerning an identified or identifiable natural person” and further defines protection for personal data “which have undergone pseudonymization, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable natural person.” This applies to any person that can be identified by an AV sensor, including cameras and configurable automobile settings. The regulation advises companies to consider what means are used to identify people, the amount of time and cost it would take to identify them, and the technology developments and processing available. This regulation considers situations where privacy rights may be violated by outside parties attempting to access the data to gain personal information about people and demands that these factors be considered when designing and developing technology.
Chapter two of the GDPR document lists principles relating to personal data processing. One principle that directly applies to AVs is Article 5, which is related to processing personal data. Article 5 (1) states that data should be processed fairly, lawfully, transparently, and limited to essential purposes, while Article 5(1)d directs companies to take every reasonable step to ensure the personal data is accurate, kept updated, and rectified or erased when no longer needed, as well as protecting unlawful and unauthorized processing to maintain confidentiality and integrity. These factors are also to be considered when technology is designed and developed.
Article 6 of the GDPR also applies to AVs and lists the basis for which processing is lawful. Article 6 (1) states that processing is lawful if:
a) “the data subject has given consent to the processing of their data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which the data subject is a party to take steps at the request of the data subject prior before into a contract;
c) processing is necessary for compliance with a legal obligation to which the controller is subject;
d) processing is necessary to protect the vital interests of the data subject or another natural person;
e) processing is necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in the controller;
f) processing is necessary for the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require personal data protection, mainly where the data subject is a child;”
From the above provision, the legal basis for storing information, getting access to it, and processing private data regarding AV is most likely consent. This builds upon Article 5, which requires data transparency and lawful data processing. Thus, technology companies must inform people about data that will be collected and get authorized consent before collecting private and personal data from people who use their products.
Recital 78 of the GDPR spell out how the EU expects organizations, including those who manufacture AVs, to comply with these principles. Recital 78 states that “The protection of the rights and freedoms of natural persons with regard to the processing of personal data require that appropriate technical and organisational measures be taken to ensure that the requirements of this Regulation are met.” This recital advises companies to design, develop, select, and use applications that ensure personal data protection by default and suggests that they could do this by “minimizing the processing of personal data, pseudonymizing personal data as soon as possible, transparency about the functions and processing of personal data, enabling the data subject to monitor the data processing, enabling the controller to create and improve security features.”
Thus, according to GDPR, AV companies must create policies and measures to ensure personal data is designed and protected by default. This attention to detail would not only make sure this vital factor is considered in advance before a product is designed and developed, but these official measures and policies would be available as legal proof of implementation of this law or, on the other hand, failure to the comply with this techno-regulation.
3.2.3 Directive 2002/58/EC of the European Parliament and the Council
Directive 2002/58/EC of the European Parliament and the Council concerning “the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications).” This directive supports Articles 7 and 8 of the EU Charter of Fundamental Rights by addressing new digital technology networks used for public communication. This directive is relevant to AVs because AVs uses electronic devices to collect and communicate personal data.
Paragraph 7 of the preambles to the E-privacy Directive states that “In the case of public communications networks, specific legal, regulatory and technical provisions should be made to protect fundamental rights and freedoms of natural persons and legitimate interests of legal persons, in particular about the increasing capacity for automated storage and processing of data relating to subscribers and users.” These requirements for legal and regulatory provisions directly apply to the necessity of techno-regulation in the EU to protect citizens’ privacy and fundamental rights.
Location data collected by AVs are mentioned explicitly in Paragraph 14. This personal information includes the longitude and latitude of the equipment (in this case, the AV and the mobile phone), the direction of travel, the information collected (which could include addresses and locations), the identification of which network cell collected the data, and the time the information was collected. As mentioned previously, AVs use GPS data to plan and record travel. This data provides a personal information record indicating where drivers and passengers visited. Paragraph 35 says that mobile networks used to provide traffic guidance and information to drivers collect precise location data, and the processing of this data requires the informed consent of the subscribers. In addition to informed consent, subscribers must be provided with a free and easy way to stop location data processing. In AVs and mobile phones, drivers and passengers can enter a location that the AV’s GPS uses to direct the vehicle. The location data processing can be stopped by ending the tracking in the application or closing the application. However, the challenge is getting informed consent to process the data. Anyone in the vehicle can use their mobile device or GPS to collect and record location data. In addition, the route can be shared with others on the network without the consent of others in the AV. In this case, the keyword is subscribers. Legally, this Directive seems to apply only to the person who initiated the device’s subscription, although the personal location information also includes passengers in the AV.
Paragraph 21 mentions that national legislation in some Member States prohibits only intentional unauthorized access to electronic and network communications; however, the paragraph requires measures that prevent all unauthorized access to communications to ensure confidentiality, including data and content related to the contacts. This Directive requires companies to design privacy and confidentiality into their devices by preventing unauthorized access to communications. Since AVs use voice recognition and network data to communicate with the driver and passengers, it would be challenging for AV companies to find a way to meet this requirement.
Article 5 of the E-Privacy Directive states that; “The Member States shall ensure the confidentiality of communications and the related traffic data using a public communications network and publicly available electronic communications services, through national legislation.” Article 5 (3) states that Member States must make sure that electronic communication networks can only store or gain access to information stored in a user’s or subscriber’s terminal equipment if those users or subscribers are “provided with clear and comprehensive information by Directive 95/ 46/EC, inter alia about the purposes of the processing, and is offered the right to refuse such processing by the data controller.” In addition, Article 17 (2) requires the Member States to “communicate to the Commission the text of the provisions of national law which they adopt in the field governed by this Directive and of any subsequent amendments to those provisions.” This documentation allows each Member State to develop its legislation as long as they follow the national law. Thus, it would be necessary for EU techno-regulation of AVs to meet both national and Member State requirements.
3.2.4 European Data Protection Board (EDPB) Guidelines 1/2020
Another critical document concerning AV processing personal data in connected vehicles and mobility-related applications is the EDPB guidelines. The European Data Protection Board developed the Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility-related applications to address privacy concerns of connected vehicles (AVs). The EDPB claims this document complements existing EU privacy frameworks and data protection regulations by providing guidance and sector rules to industry professionals.
First, the EDPB emphasizes that connected vehicles and all devices connected are considered terminal equipment, so Directive 2002/58/EC of the European Parliament and the Council applies to AVs. In addition to the GDPR, the ePrivacy regulation amended by 2009/136/EC establishes a specific requirement for any parties wishing to store or access data stored in a subscriber’s or user’s terminal equipment in the European Economic Area (EEA). The ePrivacy regulation is a general provision that applies to every device that reads or sends information from terminal equipment, regardless of the type of data accessed or stored.
The EDPB discusses the relationship between GDPR Article 13 and the Article 5 (3) ePrivacy directive. The Article 5 (3) ePrivacy directive requires prior consent to store or access stored information in a subscriber’s or user’s terminal equipment. If the stored data in the end user’s device is considered personal.
Article 5 (3) ePrivacy directive takes precedence over GDPR Article 6 regarding the storage or access of the information. Any additional personal data processing operations, including accessing terminal equipment information to personal data, are only legal if the procedures follow GDPR Article 6.
The EDPB also discusses the legal basis of its decisions and claims that when data is collected through a publicly available electronic communication service, Article 5 (3) ePrivacy Directive applies. However, the ePrivacy directive does not require subscriber consent to access stored AV information if the subscriber explicitly requests it. In addition, personal data can legally be processed if the AV’s owner consented by signing a contract indicating that only data necessary to perform the contract is used. The person whose data is being processed must freely and expressly sign the agreement of their informed free will and must have the option of withdrawing the consent at any time and be informed of the withdrawal processing. The processing must include deleting the person’s data from the active database, archiving the data, or anonymizing the data.
3.2 General Data Protection Regulation (GDPR) and Techno-regulation
Thorough scrutiny of the GDPR shows that the regulation addresses techno-regulation in the following areas: automated decision-making and privacy by design. The GDPR addresses techno regulation in some other ways, but for this work, we will only be looking at these and then focus on privacy by design.
Several provisions of the GDPR protect people from data privacy breaches that AVs put at risk. For example, Article 13 of GDPR requires information to be made available when personal data is gathered, including the recipient or categories of recipients of that personal data. Implementing this concerning AVs might require specifying the parties entitled to submit data subject rights requests. It would be unwieldy and almost impossible to enforce if any pedestrian on the road with an AV passed had the right to request their biometric data, especially where such data is bundled with many others and other forms of data. Such requests can be further limited by implementing measures that prevent re-identification from captured images while plying the road. An autonomous vehicle does not need to identify a particular person to make a driving decision. It merely requires recognizing a human form ahead of it, for instance, and gradually slowing down for pedestrians to make their way.
Furthermore, Article 22 addresses the issue of using AI technology to make decisions on behalf of the people. It states that the data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects them.
The very nature of an AV exemplifies automated decision-making. The question is whether it produces a legal or significant effect, and who exactly is the data subject in this respect. While the EU GDPR does not define what significant or legal effect means, we can look to the ICO’s guidance concerning the UK GDPR, which is essentially an adaptation of the EU GDPR. The ICO says that a decision has a legal effect when it affects a person’s legal status or legal rights. Also, a decision has a significant effect if it impacts an individual’s circumstances, behaviour, or choices. Examples include automatic refusal of an online credit application and e-recruiting practices without human intervention.
Several instances might be covered when the concept of legal and significant effect is brought to AVs. For example, a car in self-driving mode poses a risk to the right to life, not just to the driver-owner, passengers (if any), and other road users. The threat posed to the right to life is a legal effect of automated driving. A significant effect, on the other hand, might happen when a passenger misses an interview because the route chosen by the AV makes them arrive a few minutes late. The loss of economic opportunity impacts the individual’s circumstances and can be attributed to the AV.
Another example of a significant effect might happen when crossing. Usually, when crossing a busy road, pedestrians can rely on non-verbal cues from drivers signalling that it is safe to cross the street. But when no one is in the driver’s seat, the shock and disconcertment might cause pedestrians to miscalculate when to cross the road and even put their lives at risk. In the future, when AVs are more common on our roads, traffic culture might have adapted to make this a non-issue. Still, in the interim, when roads are shared by autonomous and non-AVs, it is a risk that cannot be ignored.
However, going by the projected scenarios involving legal and significant effects, the scope of who is a data subject concerning autonomous vehicles becomes very wide. Anyone who interacts with an AV may automatically claim to be affected by it in one way, thus opening the flood gates to multiple claims; some may be legitimate, others frivolous. However, the subsequent provisions of Article 22 provide an outlet for limiting or defining the scope of automated decision-making and the relevant data subjects regarding AVs. Article 22 (2) provides three grounds upon which the automatic decision-making process shall stand, and the data subject cannot seek exclusion from it. They are as follows:
A. If the decision is necessary for entering into a contract between the data subject and a data controller.
B. If the decision is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
C. If the decision is based on the data subject’s explicit consent.
The provisions of Article 22 (2) (b) provide a legal basis for the EU or any member state to define the general framework for techno-regulation such that the rights and freedoms of other road users are safeguarded by design. The GDPR also provides a legal basis for compliance by design, which supports the application of techno- regulation.
3.3 Enforcing Privacy Compliance by Design
GDPR gives leeway for AVs and other AI-based technology developers. Article 25 of GDPR addresses the issue of data protection by design. Using the concepts of this article, the EU legislators can enforce techno-regulation to ensure the self-driving vehicles that rely on artificial intelligence adhere to the EU data protection and privacy laws. This article calls for “Appropriate technical and organizational measures, such as pseudonymization, which are designed to implement data-protection principles.” Additionally, Article 25 (2) suggests implementing “Appropriate technical and organizational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed.” It is then legally acceptable to enforce compliance by design with these provisions. The EU legislators can develop structures to ensure all the developed autonomous vehicles comply with all privacy requirements before being released to the market. Thus, the data collected by AVs will not be easily misused. Programming AVs can implement techno-regulation to ensure privacy rights such as those provided under Articles 16 and 17 of GDPR are automatically applied. If there is an issue with data erasure, the AVs can be programmed to delete personal data collected after completing a journey.
3.2.1 Data Privacy and Unauthorized Access
Enforcing privacy compliance by design on AVs will also ensure the sharing of the gathered data does not breach the privacy laws. There have been instances where unauthorized people have accessed automated personal data. For example, a case in the United States published by The Guardian involved a 19-year-old Florida teenager named Jack Sweeney, tracking Elon Musk’s private jet and tweeting about its locations. Sweeney had developed software that would locate Musk whenever he used his private jet. Despite the billionaires’ raising concerns about his privacy, Sweeney demanded a payment of USD 50,000 to stop tracking him. Although this teenager used software that followed a jet, he could just have easily tracked an AV because both vehicles generate and store location data.
The privacy problem that faced Elon Musk triggers permanent privacy questions concerning the data gathered and shared by autonomous vehicles. Is our private data safe from hackers? A Santa Clara Law Review article about the privacy in AVs explains two types of AVs: self-contained autonomous vehicles and connected autonomous vehicles.” Self-contained AVs rely on data generated from on-board systems as they are not connected to vehicular networks or off-board control systems. Therefore, the data collected by these vehicles will be stored within the vehicle unless and until the information is removed. When the owners of the vehicles retrieve this data, can the safety and privacy of the data subject be guaranteed? The other type of autonomous vehicle described in this article is the interconnected autonomous vehicle. These vehicles rely on off-board sources of information as they are interconnected to various communication networks. Some data transmitted to these vehicles include the “status messages from other vehicles or persons that share the network and GPS location data, traffic, and weather reports.” Also, connected AVs can autonomously transmit data to other interconnected vehicles and communication networks.
Hackers could easily target communication transmission pathways. A situation could arise where the hackers divert the communications network pathway such that the autonomous vehicles share the data with unauthorized people. In return, these vehicles can receive erroneous feedback deliberately generated by these hackers. That would reduce the effectiveness and safety of AVs and possibly affect user privacy.
The possibility of hackers targeting AVs is high, considering that cyberattacks are expected to continue increasing considering that 22.3 billion devices will be linked to the Internet of Things (IoT) by 2024. So, techno-regulation can be a recommended option for EU legislatures to guarantee data privacy. Techno-regulation can help determine what data is collected and how it is shared. It can also help enforce defence mechanisms whereby AVs are fitted with software that protects personal data from unauthorized individuals. This could be in line with ISO 27001, the global best standard for information security. Of course, techno-regulating AVs do not mean the system will be hacker-free because no technology is a hundred percent secure. Nevertheless, it can help provide some protection against privacy infringement.
3.4 Conclusion
This chapter sought to answer how techno-regulating AV technology would impact the fundamental right to privacy. The chapter discussed privacy concerns regarding an AV and their interconnectedness nature based on the types of data collected by AVs and how they are collected. AVs collect owner and passenger information, location tracking, and sensor data. The customized settings and authorizations configured by drivers and passengers can identify who is in the vehicle and their activities. Location tracking can invade privacy because the information is collected concerning the driver’s destinations, routing, and date and time-travelled to provide an accurate account of the driver’s whereabouts and activities. The data could determine where the driver works, lives, and regularly visits. This personal data is stored by the AV and could be shared with other connected devices to invade the driver’s privacy unwittingly.
Chapter three also discussed the EU framework that guides the processing of personal data from AVs, including the EU Charter on Fundamental Human Rights, the GDPR, the Directive 2002/58/EC of the European Parliament, and the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector, and the European Data Protection Board (EDPB) Guidelines 1/2020 on personal processing data in the context of connected vehicles and mobility-related applications which also apply to AVs. Each document provides techno-regulations and legalities concerning how these regulations could affect and address privacy concerns in various scenarios and situations. In addition, the chapter discussed the necessity and logistics for enforcing privacy compliance by design to ensure data gathered and used by AVs do not breach privacy laws.

CHAPTER FOUR
4.0 Introduction
Chapter four synthesizes the literature that addresses the research question and provides an answer to the research question. The research question is: What are the implications of techno-regulation as the mandatory framework regulating the use of autonomous vehicles in Europe?/ What are the consequences of EU Legislators adopting a techno-regulatory approach for the manufacture and use of AVs in the EU?
This thesis evaluates how EU legislators can develop and enforce techno-regulation for AV technology to ensure privacy, considering the enormous amount of data gathered, shared, processed, and generated by AVs for safe and effective operation. Chapter three discussed how the GDPR and other regulations support techno-regulation by providing a legal basis for compliance by design. This chapter expands on this topic by consulting the implementation of compliance by design in AVs to ensure privacy and the protection of personal data.
4.1 Privacy by Design
Manufacturers of AVs, which collect significant amounts of data, need to determine how to comply with the GDPR to legally and confidently release their vehicles to the public. Various authors provide suggestions on how this can be accomplished. Vallet explains how the GDPR can apply to the techno-regulation of AVs. To address limitations of purpose, data, and storage principles, organizations must limit data processing, collect only necessary data, and delete personal data after it is processed. To address the rights of data subjects, data subjects must be able to ask the data processor what data has been collected on them and what the information is used for. Also, the data subjects must be able to request data correction, object to data processing, lodge complaints, and ask for their data to be transferred or deleted. To address privacy by default and design, organizations must include technical and organizational mechanisms that protect personal data in the design stage of the processes and systems. Once the product is released to the public, the strictest privacy settings must be set as the default and can only be changed by the user. To address data integrity and confidentiality, organizations must process personal data using appropriate organizational and technical procedures that ensure personal data security. This must also protect against unlawful or unauthorized processing, accidental loss, and damage or destruction. Because the GDPR states that organizations are responsible for their actions and must comply with the regulations, they can address accountability using the Data Protection Impact Assessment (DPIA), a tool that identifies, analyses, and minimizes data protection risks.
Akca et al. mention a “Haystack Privacy” concept wherein data can be hidden by storing it on a node instead of on the server. Nodes can be programmed to answer no to queries that ask if the AV is at a specific location. Another study by Hamid and Al-Turjman suggests a possible solution to mitigate AV privacy concerns: incorporating blockchain technology into the Internet of Things (IoT) for intelligent transportation systems. Moreover, the purpose of blockchain technology is to provide secure transactions using digital encryption and distributed consensus algorithms. This can guarantee that data cannot be shared among vehicles, pedestrians, roadside devices, or other smartphone applications in a decentralized AV system .
4.1.2. ISO/IEC Privacy Framework
According to Rannenberg, developers and manufacturers must provide clear justification regarding related privacy principles and requirements based on relevant legislation. To supplement legislation, clarify expectations, and standardize technology, ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) released the ISO/IEC 29100:2011(en) worldwide standardization framework for the protection of personally identifiable information (PII) within information and communication technology (ICT) systems. This privacy framework helps organizations define requirements that safeguard PII by specifying common terminology, defining actors and roles for PII processing, describing the safeguarding requirements, and specifying privacy principles. In addition, the framework assists organizations in designing, implementing, operating, and maintaining systems to ensure PII privacy and protection by defining eleven privacy principles.
4.1.2.1 Privacy Principles
The privacy principles defined by the ISO/IEC 29100 privacy framework are listed and described below:
1. “Consent and choice – PII principals must be informed about the PII collected and be able to control the processing of their PII by opting in and using informed consent, except where applicable laws state the PII can be processed without consent. AV organizations must receive informed consent from the owner, driver, and identified passengers. One issue, in this case, is the impossibility of getting informed consent for environmental data collected by sensors and cameras.
2. Purpose legitimacy and specification – The purpose of the data must comply with applicable laws and legal bases. The goal must be communicated to the PII principals before collecting the data and if or when the purpose changes. The language must be clear and provide specific explanations as to why sensitive PII data is being processed. The processing shall not be allowed if the purpose does not follow all applicable laws.
3. Collection limitation – Collection of PII must follow applicable laws and necessary specified purposes. Data for autonomous driving must be justified for that particular purpose, as well as data on the driver’s and identified passengers’ behaviour.”
4. “Data minimization – ICT systems and data processing procedures must minimize the processing and access of PII. Wherever possible, default options must not identify PII principals, observe their behaviour, or link their PII with others. In addition, the PII data should be deleted or disposed of if the approved processing has expired; it is not legally necessary to keep the PII when it makes sense. This principle limits AV data transfer to traffic control centres because the data cannot leave the AV without the PII principal’s consent. It also limits the storage of data that can be recollected.
5. Information security – This principle requires the protection of PII using appropriate strategic, functional, and operational levels to ensure the PII’s confidentiality, integrity, and availability. The PII must be protected against unauthorized access, use, destruction, disclosure, loss, or modification throughout its lifecycle. This includes selecting an appropriate PII processor to limit PII access only to people who require the access to perform their duties.”
These principles specify that organizations must design privacy into their technology to ensure that data collection is based on explicit informed consent and the data is used for an explicitly defined purpose.
4.2 Legalities of AV Techno-regulation
Tom Gasser discusses laws and liabilities concerning AVs. Since this is a relatively new technology, especially in levels 4 and 5, there is a lack of precedence on legal matters concerning data privacy. Thus far, liability cases have focused on autonomous driving and accidents due to drivers allowing technology to control the vehicle without monitoring the situation. Although there have been no legal matters on AV privacy laws and liabilities thus far, the EU has frameworks and regulations to address future issues.
Is it essential to enforce techno-regulation that ensures privacy in AVs? Timothy Lee claims self-driving cars are a privacy nightmare, but most people don’t care because they believe the benefits outweigh possible issues. Authorities and others can track people in AVs everywhere, just like they can track people using cell phones. The driver and passengers will probably have cell phones in the AV. Both technologies use cellular connections to route calls and provide GPS information so that cell phone companies can track AVs and people using cell service anytime. Both technologies use cameras, and people with cell phones record the environment and other people constantly; cell phones have the same privacy issues as AVs, such as governments and law enforcement demanding tracking records without judicial oversight. How can privacy be protected? Lee claims that regulations requiring warrants to access data and cell records would preserve the confidentiality of AV drivers, passengers, and cell phone users. Techno-regulation of data retention would also enhance privacy by requiring companies to delete users’ locations and track data promptly. Techno-regulation of cell phones would also apply to AVs, so privacy by design should apply to both.
The chapter does not address typical techno-regulation problems, such as:
• Legitimacy: maker of techno-regulation determines how data-protection is realised and once implemented it cannot easily be changed.
• Moral responsibility: data protection techno regulation may make people complacent; if technology allows it then it is assumed to be in accordance with the GDPR. Nobody bothers to check whether that is really so.
• Autonomy: data subject becomes dependent on how data protection is implemented in technology.
• Etc.

CHAPTER 5
5.0 Introduction
This chapter discusses the limitations of the research and recommendations and summarizes previous chapters and primary study findings. Suggestions for further research and recommendations to improve the enforcement of techno-regulation in technology management are also provided.
5.1 Limitations of the Research
The research for this thesis was extensive. As mentioned earlier, a doctrinal research method was used to facilitate a detailed and exhaustive analysis of current laws and regulations to perform a critical qualitative analysis of legal materials supporting the research topic and the hypothesis. The research included statutes, legal cases, and other primary and secondary sources that listed detailed information about AV regulations in the EU. Although a plethora of information was found and discussed in this thesis, much of it was developed in preparation for future AV technology and possible issues. Thus, current techno-regulations and legalities concerning data and privacy were discussed in detail, but no relevant legal cases were found.
5.2 Summary of Previous Chapters
Chapter 1 provided an introduction to the topic, including the background of AVs, a problem statement, the methodology of the research, and a literature review. It explained why the issue is essential, presented the research questions that would be answered, and described how the study would be conducted. The research questions listed in Chapter 1 are:
What are the consequences of EU Legislators Adopting a techno-regulatory approach for the Manufacture and Use of AVs in the EU?
Other sub-questions addressed include:
• What is techno-regulation, and how does it regulate technology?
• What are the Impacts of Techno-regulating AVs on Data Security and Privacy?
• What are the Legal Implications of enforcing Privacy by Design on AVs in the EU?
Chapter two provided an overview of techno-regulation, explained how it is used to regulate the use of technologies, and described how it could be used as a tool for EU legislators to manage AV technology. The chapter thoroughly explained the levels of driving automation and discussed how EU techno-regulation could apply to each level and situation.
Chapter three focused on answering the following research question: What are the Impacts of Techno-regulating AVs on Data Security and Privacy? The chapter described the different types of data collected by AVs, explained how the data was used, and pointed out possible invasions of privacy. Chapter three also discussed the EU framework that guides AV personal data processing, including the EU Charter on Fundamental Human Rights and the General Data Protection Regulation (GDPR), as well as Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector and the European Data Protection Board (EDPB) Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility-related applications also apply to AVs. Specific points about how each document addressed privacy concerns were explained.
Chapter four synthesized the literature that addressed and answered the research question: What are the Legal Implications of enforcing Privacy by Design on AVs in the EU? The chapter reiterated that a considerable amount of data is generated, gathered, processed, and shared in AVs for safe and effective operation. Still, that data also could invade the privacy of drivers, passengers, and people in the environment. The chapter discussed how EU legislators could develop and enforce techno-regulation to require companies to implement privacy by design and described privacy principles defined by the ISO/IEC 29100 privacy framework to be incorporated into technology worldwide. In addition, chapter three discussed the legalities of AV techno-regulation and the need to regulate privacy in AVs.

5.3 Suggestions for Further Research and Recommendations
Although the EU has a solid framework to improve the enforcement of techno-regulation in technology management, the topics of personal data processing and privacy are scattered throughout multiple documents, including the GDPR, a charter, directives, and guidelines. None of the EU documents mentioned the ISO/IEC 29100:2011(en) worldwide standardization framework for the protection of personally identifiable information (PII) within communication and information technology (ICT) systems. It could also be further recommended that the EU issue a single regulatory instrument that accommodates all the disparate principles in the different laws mentioned, just for AVs. Further research on the legal aspects of techno-regulation of AVs is necessary to establish a legal framework for addressing privacy issues, biases in AVs, and the liability issues pertaining to AVs self-driving at different autonomous levels.

References
Akca, A., Ilker, K., & Murat, A. (2020). Privacy, security and legal aspects of autonomous vehicles [Conference paper]. International Conference on Materials Science, Mechanical and Automotive Engineerings and Technology (IMSMATEC20). https://www.researchgate.net/publication/343376262_Privacy_Security_and_Legal_Aspects_of_Autonomous_Vehicles
Anderson M.A, ‘After 75 years, Isaac Asimov’s Three Laws of Robotics need updating,’ The Conversation, 2017, Accessed from: https://theconversation.com/after-75-years-isaac-asimovs-three-laws-of-robotics-need-updating-74501#:~:text=The%20Three%20Laws,conflict%20with%20the%20First%20Law
Associated Press, Self-driving car driver killed in Williston collision, a first, (2016), WUFT https://www.wuft.org/news/2016/06/30/self-driving-car-driver-killed-in-williston-collision-a-first/
Bartelson, Jens. The concept of sovereignty revisited. Vol. 17, no. 2. Oxford University Press, 2006.
Bartneck et al., An introduction to ethics and robotics and AI, (2021), Springer Briefs https://doi.org/10/1007/978-3-030-51110-4
Bauder, Harald. “Westphalia, migration, and feudal privilege.” Migration Letters 15, no. 3 (2018): 333-346.
Bayamlıoğlu, E. & Leenes, R. (2018). The ‘rule of law’ implications of data-driven decision-making: A techno-regulatory perspective. Law, Innovation and Technology, (10)2, 295-313. doi:10.1080/17579961.2018.1527475
Brown P., Only 2 accidents involving self-driving cars caused by poor systems, Available from: https://electronics360.globalspec.com/article/17324/only-2-accidents-involving-self-driving-cars-caused-by-poor-systems accessed 24 April, 2022
Brownsword R. (2015). In the year 2061: From law to technological management. Law, Innovation and Technology, (7)1, 1-51. doi:10.1080/17579961.2015.1052642
Brownsword, R. (2019). Law, technology and society: reimagining the regulatory environment. Routledge.
Budget (COTER) State of play of connected and automated driving and future challenges and opportunities for Europe’s Cities and Regions, 2018, Available from: https://cor.europa.eu/en/engage/studies/Documents/State-of-play-CAM.PDF
Charter of Fundamental Rights of the European Union, [2012], OJ, C326/02, available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:12012P/TXT&from=EN accessed 20 April 2022
Clarke, Roger. “Asimov’s Laws of Robotics: Implications for Information Technology: Part 2.” In Machine Ethics and Robot Ethics, pp. 43-52. Routledge, 2020.
CLEPA, Vienna Conventions from 1968 are still at the core of automated driving development and road safety efforts, European Association of Automotive Suppliers, https://clepa.eu/mediaroom/vienna-conventions-from-1968-are-still-at-the-core-of-automated-driving-development-and-road-safety-efforts/
Commission Implementing Regulation (EU) 2021/646 of April 19 2021, laying down rules for the application of Regulation (EU) 2019/2144 of the European Parliament and of the Council as regards uniform procedures and technical specifications for the type-approval of motor vehicles with regard to their emergency lane-keeping systems (ELKS), Available from: https://eur-lex.europa.eu/eli/reg_impl/2021/646/oj
Committee on Legal Affairs and Human Rights, Legal aspects of “””autonomous””” vehicles, (Council of Europe, 2020) AS/Jur (2020) 20
Council of Europe, European Social Charter (revised) (ETS No. 163) Available from: https://www.coe.int/en/web/european-social-charter?
Engineerings and Technology (IMSMATEC’ Available from: https://www.researchgate.net/publication/343376262_Privacy_Security_and_Legal_Aspects_of_Autonomous_Vehicles accessed 24 April, 2022
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32002L0058&from=EN
escar (2022). Welcome to escar – The world’s leading automotive cyber security conference! https://www.escar.info/
European Automobile Manufacturer’s Association (ACEA). (2020). ACEA position paper: Artificial intelligence in the automobile industry. https://www.acea.auto/files/ACEA_Position_Paper-Artificial_Intelligence_in_the_automotive_industry.pdf
European Commission Automotive and Mobility Industries Unit (2019, Feb. 18). Interaction between automated vehicles and humans. https://unece.org/fileadmin/DAM/trans/doc/2019/wp1/ECE-TRANS-WP1-WP29-2019-Presentation-2e.pdf
European Commission (2012). Official journal of the European Union: Charter of fundamental rights of the European union 2012/C 326/02. EUR-Lex. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:12012P/TXT

European Convention on Human Rights (as amended by Protocols Nos. 11, 14 and 15), ARTICLE 8 Right to respect for private and family life, Page 10-11
European Commission, The European Pillar of Social Rights in 20 principles, Available from: https://ec.europa.eu/info/strategy/priorities-2019-2024/economy-works-people/jobs-growth-and-investment/european-pillar-social-rights/european-pillar-social-rights-20-principles_en
European Parliament resolution of 16 February 2017 with recommendations to the Commission on Civil Law on Robotics (2015/2103(INL))
European Commission. (2018, May 17). On the road to automated mobility: An EU strategy for mobility of the future. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52018DC0283
European Data Protection Board (EDPB) Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications, Version 1.0 (2020, 28 January). https://edpb.europa.eu/sites/default/files/consultation/edpb_guidelines_202001_connectedvehicles.pdf
European Parliament. (2019a, January 14). Self-driving cars in the EU: From science fiction to reality.. https://www.europarl.europa.eu/news/en/headlines/economy/20190110STO23102/self-driving-cars-in-the-eu-from-science-fiction-to-reality
European Parliament. (2019b, January 15). Autonomous driving in European transport. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52019IP0005&rid=9
European Union, Charter of Fundamental Rights of the European Union, 2012/C 326/02, http://data.europa.eu/eli/treaty/char_2012/oj
Eurostat Statistics Explained. (2022, April). Road accident fatalities – statistics by type of vehicle. https://ec.europa.eu/eurostat/statistics-explained/index.php?title=Road_accident_fatalities_-_statistics_by_type_of_vehicle
European Transport Safety Council (2018, October). Briefing: EU strategy for automated mobility. https://etsc.eu/wp-content/uploads/2018-ETSC-Response-to-EU-Strategy-on-Automated-Mobility.pdf
European Union. (2016, April 27). Regulation (EU) 2016/679 of the European Parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (United Kingdom General Data Protection Regulation) (text with EEA relevance). Legislation.gov.uk. https://www.legislation.gov.uk/eur/2016/679/contents#
European Union, European Committee of the Regions, Commission for Territorial Cohesion Policy and EU (2018). State of play of connected and automated driving and future challenges and opportunities for Europe’s cities and regions. doi:10.2863/856014. https://cor.europa.eu/en/engage/studies/Documents/State-of-play-CAM.PDF

Fenwick, Mark D.; Kaal, Wulf A. Ph.D.; and Vermeulen, Erik P.M. “Regulation Tomorrow: What Happens When Technology Is Faster than the Law?” American University Business Law Review, 2017, Vol. 6, No. 3 (). Available at: http://digitalcommons.wcl.american.edu/aublr/vol6/iss3/1
Filiz, C. (2020). Can autonomous vehicles prevent traffic accidents? in M. Darçın (Ed.), Accident Analysis and Prevention (pp. 19-35). InTechOpen. doi:10.5772/intechopen.93020
Gasser, T. M., (2016). Law and liability. In Maurer, M., Gerdes, J. C., Lenz, B., & Winner, H. (Eds.) Autonomous Driving. Technical, Legal and Social Aspects (pp. 519-521). Springer Open. doi:10.1007/978-3-662-48847-8
Gehra B, Leiendecker J, and Lienke G, Compliance by Design: ‘ ‘Banking’s Unmissable Opportunity, White Paper (The Boston Consulting Group, 2017)
General Data Protection Regulation (GDPR). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679

General Data Protection Regulation (GDPR), -Art. 13 GDPR-Information to be provided where personal data are collected from the data subject, 1 (e)
General Data Protection Regulation (GDPR) – Art 16, Right to rectification
General Data Protection Regulation (GDPR)- Art. 17 -Right to erasure ‘(‘right to be ‘forgotten’) 1(b)
General Data Protection Regulation (GDPR)- Art. 17 -Right to erasure ‘(‘right to be ‘forgotten’) 1(d)
General Data Protection Regulation (GDPR)- Art. 17 -Right to erasure ‘(‘ right to be ‘forgotten’) 3(a)
General Data Protection Regulation (GDPR)- Art. 22 GDPR, Automated individual decision-making, including profiling
General Data Protection Regulation (GDPR) Art. 25 GDPR, Data protection by design and by default
Hamid, U. Z. A., and Fadi Al-Turjman, F. (Eds.). (2021). Towards connected and autonomous vehicle highways. Springer International Publishing.
Hansson, L. (2020). Regulatory governance in emerging technologies: The case of autonomous vehicles in Sweden and Norway. Research in Transportation Economics, 83, https://doi.org/10.1016/j.retrec.2020.100967
Leitch, M. G., & Rushton, C. J. (Eds.). (2019). A new companion to Malory. D. S. Brewer.

Howard, B, Driver in fatal Tesla autopilot crash ‘wasn’t paying attention: Feds, (2017), Extreme Tech, https://www.extremetech.com/extreme/251299-dead-tesla-driver-wasnt-watching-dvd-wasnt-paying-attention-either
https://www.psmarketresearch.com/market-analysis/europe-autonomous-car-market
Human Rights Watch, How the ‘ ‘EU’s Flawed Artificial Intelligence Regulation Endangers the Social Safety Net: Questions and Answers, 2021, Available From: https://www.hrw.org/news/2021/11/10/how-eus-flawed-artificial-intelligence-regulation-endangers-social-safety-net
International Transport Forum (2018). Safer roads with automated vehicles? https://www.itf-oecd.org/sites/default/files/docs/safer-roads-automated-vehicles.pdf
Kremer, M., Hamidi, K., Christiaens, S. et al. Evaluation of SAE Level 3 Driving Functions on European Roads. ATZ Worldw 123, 46–51 (2021). https://doi.org/10.1007/s38311-021-0671-0
L3 Pilot Driving Automation, Piloting Automated Driving on European Roads, Available from: https://l3pilot.eu/
Lee, T. (2013). Self-driving cars are a privacy nightmare. And it’s totally worth it. The Washington Post. https://www.washingtonpost.com/news/wonk/wp/2013/05/21/self-driving-cars-are-a-privacy-nightmare-and-its-totally-worth-it/?variant=95d42e19c24b03e7
Leenes, R., Framing techno-regulation: an exploration of state and non-state regulation of technology, Legisprudence, 5:2, 143 – 169, (Routledge 2011)
MAT Foundry Group LTD (2022). 11 car safety systems set to become mandatory. https://www.matfoundrygroup.com/News%20and%20Blog/11_Car_Safety_Systems_Set_To_Become_Mandatory
Maurer, M., Gerdes, J. C., Lenz, B., & Winner, H. (Eds.) (2016). Autonomous driving: Legal and social aspects. Springer Open. doi:10.1007/978-3-662-48847-8
Mubin, Anna Kharisma Fehmita. “Reconstructing Westphalian Sovereignty as an Effort to Enforce Human Rights Case Study: Humanitarian Intervention in the Libyan Conflict.” Nation State: Journal of International Studies 2, no. 1 (2019): 1-10.
Musk, J. (2018, March 27). EU-mandated automated emergency call technology, eCall, is expected to reduce response time to road accidents by up to 50 percent and help save up to 1,500 lives per year. ITS Deployment Evaluation. https://www.itskrs.its.dot.gov/its/benecost.nsf/ID/8c35a5476f4f7cd28525826b0069bfb6#:~:text=Beginning%20March%2031%2C%202018%2C%20all,of%20a%20serious%20road%20accident

Naughton, K. (2021, Sept. 17). Driverless cars’ need for data is sparking a new space race. Bloomberg. https://www.bloomberg.com/news/articles/2021-09-17/carmakers-look-to-satellites-for-future-of-self-driving-vehicles
Norton Rose Fulbright (2017). The privacy implications of autonomous vehicles. https://www.dataprotectionreport.com/2017/07/the-privacy-implications-of-autonomous-vehicles/
Official Journal of the European Union C 303/17 – 14.12.2007, Article 8 – Protection of personal data, Title II Freedoms
Official Journal of the European Union C 303/17 – 14.12.2007, Article 7 – Respect for private and family life, EU Charter of Fundamental Rights
Pattinson, JA., Chen, H. & Basu, S. Legal issues in automated vehicles: critically considering the potential role of consent and interactive digital interfaces. Humanit Soc Sci Commun 7, 153 (2020) pp.2-3 https://doi.org/10.1057/s41599-020-00644-2
Petrović, Đorđe, Radomir Mijailović, and Dalibor Pešić. “Traffic accidents with autonomous vehicles: type of collisions, manoeuvres and errors of conventional ‘vehicles’ drivers.” Transportation research procedia 45 (2020): 161-168, Available from: https://www.sciencedirect.com/science/article/pii/S2352146520301654
Petit, Nicolas, “””Black letter””” Ethics for AI: Added Value and Limitations, European Commission, European Ai Alliance, 2018, Retrieved from: https://futurium.ec.europa.eu/en/european-ai-alliance/blog/black-letter-ethics-ai-added-value-and-limitations accessed 20 April 2022
Placek, M, Autonomous vehicles worldwide – statistics & facts ,(2021) Statista https://www.statista.com/topics/3573/autonomous-vehicle-technology/#topicHeader__wrapper
Prescient & Strategic Intelligence. (2022). Europe autonomous car market overview. https://www.psmarketresearch.com/market-analysis/europe-autonomous-car-market
Proton Technologies AG. (2022). What is GDPR, the EU’s new data protection law? GDPR.EU. https://gdpr.eu/what-is-gdpr/?cn-reloaded=1
Publications Office of the European Union (2022, Feb. 20). Type-approval requirements to ensure the general safety of vehicles and the protection of vulnerable road users: Document 32019R2144. EUR-Lex. https://eur-lex.europa.eu/legal-content/EN/LSU/?uri=CELEX%3A32019R2144
Rambus Press. (2022, April 8). Autonomous vehicles: Everything about self-driving cars explained. https://www.rambus.com/blogs/autonomous-vehicles-explained/
Rannenberg, K., (2016). Opportunities and risks associated with collecting and making usable additional data. In Maurer, M., Gerdes, J. C., Lenz, B., & Winner, H. (Eds.) Autonomous Driving. Technical, Legal and Social Aspects (pp. 497-517). Springer Open. doi:10.1007/978-3-662-48847-8
Reschka, A, Safety concept for autonomous vehicles, Autonomous driving (2016), DOI: 10.1007/978-3-662-48847-8_23
Rodrigues, R. (2020). Legal and human rights issues of AI: Gaps, challenges and vulnerabilities. Journal of Responsible Technology, 4, 1-12. https://doi.org/10.1016/j.jrt.2020.100005
Rosouli A, & Tsotsots J, Autonomous Vehicles That Interact With Pedestrians: A Survey of Theory and Practice Ieee Transactions On Intelligent Transportation Systems (IEEE 2020) Vol. 21, No. 3
SAE International (2021, April 30). Taxonomy and definitions for terms related to driving automation systems for on-road motor vehicles. https://www.sae.org/standards/content/j3016_202104/
Salami, E. (2020). Autonomous transport vehicles versus the principles of data protection law: Is compatibility really an impossibility? International Data Privacy Law, 10(4), 330-345, https://doi.org/10.1093/idpl/ipaa017

Saranti, P.G., Chondrogianni, D. & Karatzas, S. (2018). Autonomous vehicles and blockchain technology are shaping the future of transportation [Conference paper]. https://www.researchgate.net/publication/325581815_Autonomous_Vehicles_and_Blockchain_technology_are_shaping_the_future_of_Transportation
Taeihagh, A. & Si Min Lim H. (2019). Governing autonomous vehicles: Emerging responses for safety, liability, privacy, cybersecurity, and industry risks. Transport Reviews, 39, 103-128. https://doi.org/10.1080/01441647.2018.1494640
United Nations Economic Commission for Europe (UNECU). (2022). World forum for harmonization of vehicle regulations (WP.29). https://unece.org/sites/default/files/2022-03/2119030_E_WEB_Light.pdf

UNECE, UNECE paves the way for automated driving by updating UN international convention, Sustainable Development Goals, 2016, From: https://unece.org/press/unece-paves-way-automated-driving-updating-un-international-convention
United Nations Treaty Collection, Convention on Road Traffic, CHAPTER XI TRANSPORT AND COMMUNICATIONS, B. Road Traffic, Vienna, November 8 1968, STATUS AS AT : 14-03-2022, Available from: https://treaties.un.org/Pages/ViewDetailsIII.aspx?chapter=11&mtdsg_no=XI-B-19&src=TREATY
Vallet, F. (2019). The GDPR and its application in connected vehicles—compliance and good practices. In J. Langheim (Ed.), Electronics Components and Systems for Automotive Applications, Lecture Notes in Mobility. Springer Nature Switzerland AG. https://doi.org/10.1007/978-3-030-14156-1_21

van den Berg, Techno-elicitation: Regulating behaviour through the design of robots. In B. van den Berg, & L. Klaming (Eds.), Technologies on the stand: Legal and ethical questions in neuroscience and robotics (pp. 403-422). (Wolf Legal Publishers (WLP), 2011)
Wodecki B., Human Error Causes 99% of Autonomous Vehicle Accidents: Study, IOT Today, 2021, Available from: https://www.iotworldtoday.com/2021/10/20/blame-the-humans-idtechex-finds-99-percent-of-autonomous-vehicle-accidents-caused-by-human-error/# accessed 24 April, 2022
Wodecki, B, Human error causes 99% of autonomous vehicle accidents: study (2021), IoT World Today https://www.iotworldtoday.com/2021/10/20/blame-the-humans-idtechex-finds-99-percent-of-autonomous-vehicle-accidents-caused-by-human-error/
Winton, N. (2022). Computer driven autos still years away despite massive investment. Forbes. https://www.forbes.com/sites/neilwinton/2022/02/27/computer-driven-autos-still-years-away-despite-massive-investment/?sh=761aaa3918cc

Yurtsever et al., A survey of autonomous driving: common practices and emerging technologies, (2020), IEEE Access, DOI: 10.1109/ACCESS.2020.29831.49
Zaccagnino, R., Capo, C., Guarino, A., Letteri, N., & Malandrino, D. (2021). Techno-regulation and intelligent safeguards: Analysis of touch gestures for online child protection. Multimedia Tools and Applications, 80, 15803–15824. https://doi.org/10.1007/s11042-020-10446-y

Kyle Hyat & Chris Paukert. Self-driving cars: A level-by-level explainer of autonomous vehicles, (2018), CNET Available At < https://www.cnet.com/roadshow/news/self-driving-car-guide-autonomous-explanation/#:~:text > (Accessed 5 July 2022)
Peter, Sigal, ‘Mercedes opens sales of Level 3 self-driving system on S-Class, EQS’ Automotive News Europe, (2022) Available At < https://europe.autonews.com/automakers/mercedes-opens-sales-level-3-self-driving-system-s-class-eqs > (Accessed 5 July 2022)
Ry Crist, Starlink Explained: Everything to Know About Elon Musk’s Satellite Internet Venture, CNET, (2022) Available At < https://www.cnet.com/home/internet/starlink-satellite-internet-explained/> (Accessed 5 July 2022)
General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, Recital 26, *Not Applicable to Anonymous Data, https://gdpr-info.eu/recitals/no-26/
General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, Recital 6 Ensuring a High Level of Data Protection Despite the Increased Exchange of Data*, https://gdpr-info.eu/recitals/no-6/
General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, Recital 1Data Protection as a Fundamental Right* https://gdpr-info.eu/recitals/no-1/
European Commission, (2022) Cybersecurity: how the EU tackles cyber threats, Available At https://www.consilium.europa.eu/en/policies/cybersecurity/ (Accessed 6 July 2022
ISO, ISO/IEC 27001, Information Security Management, https://www.iso.org/isoiec-27001-information-security.html

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order