The Convergence of Automobiles and Technology - The Legal Implications of Cars becoming Gadgets

The news of Xiaomi unveiling its first electric car and Apple ceasing efforts to create an electric Vehicle comes at a time when we’re in the midst of a transition from pure mechanical fuel burning engines to cell to body cars. Electric vehicles have been in headlines with Tesla being the spotlight torch-bearer of the pack for a while now.?

The information age never ceases to amaze or expand our horizons when it comes to radical thinking and innovation. But while the picture that’s painted is quite charming, maybe we’re moving faster than we can cope with.?

In a recent effort to acclimatize with their experience of EVs and "connected cars", the US has launched a probe into Chinese built cars to assess whether or not they pose any serious security risk for the country or not.

The U.S. Commerce Department probe is needed because vehicles "collect large amounts of sensitive data on their drivers and passengers (and) regularly use their cameras and sensors to record detailed information on U.S. infrastructure," the White House said.

-"US to probe if Chinese cars pose national data security risks", Reuters, 2024.

While a lot of us may feel this is just another ideological tussle between the world’s two largest nations, it's actually something that concerns all of us.

A Walk Down Memory Lane: Regulations on Electronics

As smartphones transitioned from mere communication devices to integral components of our daily lives, the evolution of data privacy laws mirrored this technological progression. In the early 2000s, smartphones began to gain widespread popularity, prompting the initial concerns over digital privacy.?

However, it wasn't until 2018 that a significant milestone was achieved with the implementation of the General Data Protection Regulation (GDPR) in the European Union. This comprehensive privacy law set a new global standard for data protection, emphasizing consent, transparency, and the right to privacy in the digital age. Similarly, in the United States, the California Consumer Privacy Act (CCPA), which took effect in 2020, marked a significant step towards enhancing privacy rights and consumer protection in response to the increasing capabilities of smartphones to collect and process vast amounts of personal information.

As for India, we were yet to table a serious law till last year that actually regulated new age devices and addresses the drawbacks of the Information Technology Act 2000 and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, which have been criticized several times for being a rather incomprehensive regulation for today’s needs. However, the PDP is modelled on its UK counterpart - the GDPR, 2018. Which begs the question, is it relevant?

Time and Information Vortex

The pace of technological development is compounding every year. The entry of AI into the mix has led to a significant bump in the rate of innovation. Coupled with accessibility, the high rate of innovation is definitely a boon. However, the only missing piece is the assessment of risk and exposure that each individual can have.?

There have been pressing concerns regarding the rise of data theft, traceability, and lack of privacy since the Cambridge Analytica days. TikTok is another example of how data privacy and security is becoming an increasing concern. While in the US TikTok stands trial, in India we have banned it. But can you ever absolutely ban the traceability of a person’s digital footprint in a world where brands depend on online mediums and the growth of 100% remote businesses and jobs is seen as a positive impact?

With cars it all began with electronic modules and assistive systems. Today, cars can not only connect to your social media, but can also connect to your home system, Alexa, and any number of gadgets that you may own.?

What are the Concerns?

• Types of Data Collected: Smart cars can collect a wide range of data, including real-time location tracking, driver behavior (such as speed, braking patterns, and driving style), usage patterns (like destinations, travel times, and frequency of use), and even preferences in media and cabin environment settings. This data collection is far more extensive than anything possible in traditional vehicles.
• Data Usage: The data collected by smart vehicles can be used to improve vehicle performance, provide personalized services (such as route suggestions and entertainment options), and enhance safety features. However, there's potential for misuse of this data, including targeted advertising, selling data to third parties without explicit consent, or even surveillance.
• Consent and Control: A key concern revolves around how consent is obtained for data collection and processing. Users may not be fully aware of the extent of data being collected or how it is used. Furthermore, they may have limited control over their own data, with few options to opt out of data collection without losing functionality.
• Data Security: With the increasing amount of data being collected, there are heightened risks of data breaches and cyber attacks. The potential for sensitive personal information to be accessed by unauthorized parties is a significant concern, necessitating robust cybersecurity measures.
• Regulatory Frameworks: Existing data protection laws, such as GDPR in Europe and CCPA in California, provide some level of protection for consumers by requiring consent for data collection and offering rights to access and control personal data. However, the specific nuances of data collected by smart vehicles may require further regulatory clarity to ensure comprehensive protection for users.
• Cross-Border Data Transfer: As vehicles collect data and transmit it to manufacturers or third-party service providers, issues of cross-border data transfer come into play. Different jurisdictions have varying levels of data protection, raising concerns about the adequacy of protection when data is transferred internationally.
• Ethical Considerations: Beyond legal compliance, there are ethical considerations regarding the collection and use of data. This includes respecting user privacy, being transparent about data practices, and ensuring that data is used in ways that benefit users without exploiting their information.

Hence, as automobiles slowly shift towards becoming gadgets, the legal world is thrown into a rather dynamic landscape of dealing with not just singular laws. But instead, frameworks have to be more flexible, adaptive, and most definitely cross-functional, until better policies can emerge. However, banking on better policies is not an option since the pace of development far exceeds the pace of lawmaking in the current world.