16 Mai 2019 Daniel Pauly DigiLinks

“Shadow Mode” as the next step towards driverless cars - how to navigate the data protection and product liability pitfalls

Another hundred years until driverless cars become reality?

Studies and reports have found that autonomous vehicles would have to be driven hundreds of millions of miles and sometimes hundreds of billions of miles to demonstrate their reliability in terms of fatalities and injuries compared to human drivers. This process could take tens or even hundreds of years if we continue to use the traditional methods for evaluating and testing car functions.

“Shadow Mode” as one innovative method to accelerate the evaluation process

Other innovative methods need to be developed if we are to make progress towards driverless cars. One approach is using “Shadow Mode”, a system working passively in the background that uses recorded data and input from sensors and cameras in the car to make its own hypothetical driving decisions. These hypothetical driving decisions are then compared to the decisions the (human) driver of the car makes. Both the recorded data and the comparison are used, amongst others, to discover unthought of edge and corner cases, and to evaluate and demonstrate the safety of autonomous functionalities. It goes without saying that to do so, the data must be as precise as possible.




Partners Pierre Tourres, Daniel Pauly (author of this article) and Stuart Bedford discuss how regulation will need to develop to account for the emerging technological developments within the automotive sector.


GDPR as a game changer

The way the software is developed and improved, and its safety is evaluated by using “Shadow Mode”, is quite simple: it’s all about data. In most cases even personal data, such as the Vehicle Identification Number or any data associated with it are considered personal data. When it comes to personal data, the General Data Protection Regulation (“GDPR”) is a game changer, with companies processing personal data having to meet its core principles of privacy by design, transparency and legality; any use of personal data generated in “Shadow Mode” is admissible only if in line with the quite challenging requirements of the GDPR, and administrative fines resulting from an illegal use of data may have a severe impact on each business case.

Strategic decisions determine the legal framework

Strategic decisions during the concrete set up of a “Shadow Mode” have a tremendous effect on the legal analysis of the system and subsequently the question of whether “Shadow Mode” is admissible or not; who collects the data, where will the data be collected, what will the data be used for? The manufacturer for example might benefit from its obligation to monitor its products once they are placed in the market for possible harmful characteristics, when it comes to the question of whether it has a legitimate interest in collecting and processing the “Shadow Mode”-data, whereas the importer or a separate data entity might not.

Data protection law and product liability law go hand in hand

As data protection law and product liability law go hand in hand when it comes to designing “Shadow Modes”, there are many pitfalls and challenges that need to be taken into account in order to minimise the legal risks and make “Shadow Mode” systems manageable. For example, any data which might be safety-relevant needs to be processed by the manufacturer once such data is available to it. Therefore, it is vital to prepare the groundwork of the “Shadow Mode” system design as early as possible in the product development process and to integrate it into the product monitoring process.

Applicable data protection law as a moving target

The “good old days”, when the only relevant moment manufacturers needed to consider the lawfulness of a car was (more or less) when they were placing it in the market, are over. This is because of data protection law which now plays a huge role in the digitalisation of cars. Data protection law can change over time and must be adhered to at any point during the lifetime of a car, when any data is processed. Therefore, “Shadow Modes” should be designed in a way that can adapt to changing legal requirements, for example, by implementing geo-fencing. Geo-fencing is pertinent when cars cross borders, as both the cars and the accompanying data will suddenly become subject to the data protection laws of the jurisdiction in which the driver has entered and where the data is then collected.

If we don’t want to wait another hundred years for driverless cars…

The good news is that there are ways to mitigate the legal risks, although at this stage, there are neither regulatory nor technical specifications or standards regarding “Shadow Modes”. What should be done in the interim while there are no set standards is an in-depth legal analysis at an early stage to harvest the fruits of “Shadow Modes” and avoid a situation in which data may not be used because of legal constraints.