What Do You Know about My Vehicle? Protection of Personal Data and Cyber Security in the Context of Autonomous Vehicles
Vol.11,No.22(2020)
The authors focus on selected issues of data flow in the context of autonomous vehicles. The first parts of the paper gradually introduce the basic concepts of the issue and outline the legislation. Subsequently, the interferences with the legal regulation of cyber security and personal data protection are highlighted. Special emphasis is placed on the issue of personal scope and related liability in the field of personal data protection among the various actors in the processing of personal data in an autonomous vehicle.
autonomous vehicles; autonomous systems; automated systems; cyber security; data protection
s. 3–50
Jozef Andraško
Univerzita Komenského v Bratislave
Matúš Mesarčík
Univerzita Komenského v Bratislave
[1] MATTESON, S. Autonomous versus automated: What each means and why it matters. [on- line]. Dostupné z: https://www.techrepublic.com/article/autonomous-versus-automated-what- each-means-and-why-it-matters/ [citované 28.9.2020].
[2] TAEIHAGH, A. a SI MIN LIM, H. Governing autonomous vehicles: emerging responses for safety, liability, privacy, cybersecurity, and industry risks. Transport Reviews, roč. 39. č. 1, 2019, s. 103-128. https://doi.org/10.1080/01441647.2018.1494640
[3] POLČÁK, R. Odpovědnost umělé inteligence a informační útvary bez právní osobnosti. In Bulle- tin Advokace 11/2018, s. 24. [on-line]. Dostupné z: http://www.bulletin-advokacie.cz/ assets/zdroje/casopis/2018/BA_11_2018_web.pdf. [citované 28.9.2020].
[4] COLLINGWOOD, L. Privacy implications and liability issues of autonomous vehicles. In Infor- mation & Communications Technology Law, roč. 26. č. 1, 2017, s. 32-45. https://doi.org/10.1080/13600834.2017.1269871
[5] KOUROUTAKIS, A. E. Autonomous Vehicles; Regulatory Challenges and the Response From UK and Germany. 46 Mitchell Hamline Law Review forthcoming. 2019. https://doi.org/10.2139/ssrn.3441264
[6] YEEFEN LIM, H. Autonomous Vehicles and the Law Technology, Algorithms and Ethics. Ed- ward Elgar Publishing, 2018, 147 s.
[7] SKEETE, JP. Level 5 autonomy: The new face of disruption in road transport. In Technologi- cal Forecasting and Social Change, Elsevier, roč. 134(C), 2018, s. 22-34. https://doi.org/10.1016/j.techfore.2018.05.003
[8] VOSTOUPAL, J.: Certifikace kyberbezpečnostních technologií. In Revue pro právo a technologie. 2019, č. 20, s. 147-268. [on-line]. Dostupné z: https://journals.muni.cz/revue/article/view/12570 [citované 28.9.2020]. https://doi.org/10.5817/RPT2019-2-5
[9] CZARNECKI, K. English Translation of the German Road Traffic Act Amendment Regulating the Use of “Motor Vehicles with Highly or Fully Automated Driving Function” from July 17, 2017 [on-line]. Dostupné z: https://www.researchgate.net/profile/Krzysztof_Czarnecki3/publi- cation/320813344_English_Translation_of_the_German_Road_Traffic_Act_Amendment_Regulatin g_the_Use_of_Motor_Vehicles_with_Highly_or_Fully_Automated_Driving_Function_from_July_17_2 017/links/59fbbe680f7e9b9968bb5a0f/English-Translation-of-the-German-Road-Traffic-Act-A mendment-Regulating-the-Use-of-Motor-Vehicles-with-Highly-or-Fully-Automated-Driving-Fun ction-from-July-17-2017.pdf
[10] International Transport Forum and Corporate Partnership Board: Autonomous Driving: Regulatory Issues. 2015. [on-line]. Dostupné z: https://www.itf-oecd.org/sites/default/files/ docs/15cpb_autonomousdriving.pdf. [citované 28.9.2020].POLČÁK, R. Informace a data v právu. Revue pro právo a technologie 7, 2016, s. 67–91.
[11] Autonomous Vehicles. State of Nevada Register of Administrative Regulations. § 82A. [on-line]. Dostupné z: https://www.leg.state.nv.us/NRS/NRS-482A.html#NRS482ASec036. [citované 28.9.2020].
[12] Nariadene Európskeho parlamentu a Rady (EÚ) 2018/858 z 30. mája 2018 o schvaľovaní motorových vozidiel a ich prípojných vozidiel, ako aj systémov, komponentov a samostatných technických jednotiek určených pre takéto vozidlá a o dohľade nad trhom s nimi, ktorým sa menia nariadenia (ES) č. 715/2007 a (ES) č. 595/2009 a zrušuje smernica 2007/46/ES
[13] Usmernenia týkajúce sa výnimky na schválenie automatizovaných vozidiel EÚ.
[14] Smernica Európskeho parlamentu a Rady 2010/40/EÚ o rámci na zavedenie inte- ligentných dopravných systémov v oblasti cestnej dopravy a na rozhrania s inými druhmi do- pravy.
[15] Delegované nariadenie komisie ktorým sa dopĺňa smernica o inteligentných dopravných systémoch, pokiaľ ide o zavádzanie a prevádzkové využívanie kooperatívnych inteligentných dopravných systémov
[16] Smernica Európskeho parlamentu a Rady (EÚ) 2016/1148 zo 6. júla 2016 o opatreniach na zabezpečenie vysokej spoločnej úrovne bezpečnosti sietí a informačných systémov v Únii
[17] Nariadenie Európskeho parlamentu a Rady o Agentúre EÚ pre kybernetickú bezpečnosť (ENISA), o zrušení nariadenia (EÚ) č. 526/2013 a o certifikácii kybernetickej bezpečnosti informačných a komunikačných technológií
[18] SAE J3016:Sep 2016: Taxonomy and Definitions for Terms Related to Driving Auto- mation Systems for On-Road Motor Vehicles
[19] Nariadenie Európskeho parlamentu a Rady (EÚ) 2016/679 z 27. apríla 2016 o ochrane fyzických osoSb pri spracúvaní osobných údajov a o voľnom pohybe takýchto údajov, ktorým sa zrušuje smernica 95/46/ES (všeobecné nariadenie o ochrane údajov). In EUR-lex [právní informační system]. Úřad pro publikace Evropské unie. Dostupné z https://eur-lex.europa.eu/ legal-content/SK/TXT/?qid=1584526623550&uri=CELEX%3A32016R0679
[20] TRAKMAN, Leon – WALTERS, Robert – ZELLER, Bruno: Tort and Data Protection Law: Are There Any Lessons to Be Learnt? In European Data Protection Law Review 4/2019. https://doi.org/10.2139/ssrn.3630004
[21] CORDEIRO, A.B. Menezes: Civil Liability for Processing of Personal Data in the GDPR In European Data Protection Law Review 4/2019.
[22] VAN ALSENOY, Brendan – DUMORTIER, Jos: The accountability principle in data pro- tection regulation: origin, development and future directions. In GUAGNIN,
[23] D. – HEMPEL, L. - ILTEN, C. (eds): Managing Privacy Through Accountability. 2012, Palgrave Macmillian, s. 49 – 82.
[24] VAN ALSENOY, Brendan: Liability under EU Data Protection Law. In 7 (2016) JIPITEC
271.
[25] LAROUCHE, Pierre – PEITZ, Martin – PURTOVA, Nadya: Consumer Privacy in network in- dustries – A CERRE Policy Report, 2016, Centre on Regulation in Europe. [Online] 2016. [cit. 29. 9. 2020]. Dostupné z: https://cerre.eu/wp-content/uploads/2016/01/160125_CERRE _Privacy_Final.pdf.
[26] Smernica 2000/31/ES Európskeho parlamentu a Rady z 8. júna 2000 o určitých právnych aspektoch služieb informačnej spoločnosti na vnútornom trhu, najmä o elektro- nickom obchode (smernica o elektronickom obchode). In EUR-lex [právní informační system]. Úřad pro publikace Evropské unie. Dostupné zhttps://eur-lex.europa.eu/legal-content/ AUTO/?uri=CELEX:32000L0031&qid=1585224374231&rid=1.
[27] CUNHA, A. Maria Viola – MARIN, Luisa – SARTOR, Giovanni: Peer-to-peer privacy vio- lations and ISP liability: data protection in the user-generated web. In International Data Privacy Law, Volume 2, Issue 2, 2012. https://doi.org/10.1093/idpl/ips001
[28] Rozsudok Súdneho dvora zo dňa 13. mája 2014 Google Spain SL a Google Inc. proti Agencia Española de Protección de Datos (AEPD) a Mariovi Costejovi Gonzálezovi. Vec č. C- 131/12.
[29] MAHIEU, René – HOBOKEN VAN, Joris - ASGHARI, Hadi: Responsibility for Data Pro- tection in a Networked World. On the question of the Controller. „Effective and Complete Pro- tection“ and its Application to Data Access Rights in Europe. In JIPITEC 39, 10 (2019). https://doi.org/10.2139/ssrn.3256743
[30] Rozsudok Súdneho dvora Európskej únie zo dňa 29. júla 2019 Fashion ID GmbH & Co.KG proti Verbraucherzentrale NRW eV. Vec č. C-40/17.
[31] European Data Protection Board Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications. [Online]. 2020. [cit. 29. 9. 2020] Dostupné z: https://edpb.europa.eu/our-work-tools/public-consultations-art- 704/2020/guidelines-12020-processing-personal-data-context_en.
[32] Rozsudok Súdneho dvora Európkej únie zo dňa 5. júna 2018 Unabhängiges Landeszent- rum für Datenschutz Schleswig-Holstein proti Wirtschaftsakademie Schleswig-Holstein GmbH. Vec č. C-210/16.
[33] European Data Protection Board Guidelines 07/2020 on the concepts of controller and processor in the GDPR. [Online]. 2020. [cit. 29. 9. 2020]. Dostupné z: https://edpb.eu- ropa.eu/our-work-tools/public-consultations-art-704/2020/guidelines-072020-concepts-cont- roller-and-processor_en.
[34] Article 29 Data Protection Working Party: Opinion 05/2014 on Anonymisation Tech- niques. [online]. 2014. [cit. 29. 9. 2020]. Dostupné z: https://ec.europa.eu/justice/article- 29/documentation/opinion-recommendation/files/2014/wp216_en.pdf.
[35] European Data Protection Board: Guidelines 4/2019 on Article 25 Data Protection by Design and by Default. [online]. 2020. [cit. 29. 9. 2020]. Dostupné z: https:// edpb.europa.eu/our-work-tools/public-consultations-art-704/2019/guidelines-42019-article- 25-data-protection-design_en.
[36] ŽOLNERČÍKOVÁ, Veronika. Prokazování příčinné souvislosti u škod způsobených propo- jenými autonomními vozidly. Revue pro právo a technologie. [Online]. 2020, č. 21, s. 129-152. [cit. 2020-09-29]. Dostupné z: https://journals.muni.cz/revue/article/view/13048. https://doi.org/10.5817/RPT2020-1-6
[37] CZARNECKI, Krzysztof. English Translation of the German Road Traffic Act Amendment Regulating the Use of “Motor Vehicles with Highly or Fully Automated Driving Function” from July 17, 2017. [Online]. [cit. 2020-09-29]. Dostupné z: https://www.researchgate.net/publi- cation/320813344.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Copyright © 2020 Jozef Andraško, Matúš Mesarčík