The Sensor: Legal Insights into Autonomous Vehicles
BLG Logo
December 2018 AUTONOMOUS AND CONNECTED VEHICLES – “IDEAL” FOR A CLASS ACTION?
Downward Arrow
As autonomous vehicles evolve, the interconnected nature of these products may expose a wide group of consumer issues such as vehicle safety concerns or privacy breaches.  Given that issues may be common to a product rather than individual to a specific consumer, autonomous and connected vehicles may have the potential to be ripe for class action exposure.
Why Autonomous Vehicles? The technical capabilities of autonomous vehicles continue to advance and impress. Features such as automated self-parking are now blasé, making way for technology that enables vehicles without steering wheels or pedals to be manufactured in 2019.1 During operation, autonomous and connected vehicles generate and can record a significant amount of information including driving input, speed, and direction. Vehicles currently on the road may offer connected services for communications and driver aids (e.g. camera rear-view mirror, emergency braking, and reverse auto braking, etc.). While impressive, these technologies (and the data creation that comes with them) risk system exploitation, data breach and product-wide issues. Researchers have already demonstrated the ability to penetrate connected systems2 and the risks of privacy breaches are all too well known. As increasing amounts of information are recorded and stored by autonomous vehicles or uploaded to connected servers, data from autonomous and connected vehicles will become more valuable to third-party hackers. Software or programming issues that could render an autonomous feature inadequate or unsafe would likely apply to all vehicles across a product range rather than individual vehicles. This article considers two likely avenues for future autonomous vehicle class action litigation - privacy and product liability.  Privacy Class Actions In the event that private data is accessed or disclosed as a result of a cybersecurity vulnerability, a class action provides one option for affected consumers. Privacy class actions are nothing new to Canada and have resulted in significant monetary settlements. While individual payments to class members are often nominal (from around $2,5003 to $5,0004 each), large class sizes have the potential to result in a high total damages award in addition to other expenses such as counsel fees and settlement administration. As an example of such exposure, in a recent case relating to a breach of personal and financial information, a defendant paid out approximately $1.25 million.5 While there have yet to be any class actions commenced in Canada for issues relating to connected and autonomous vehicles, recent litigation in the United States has considered claims relating to cybersecurity vulnerabilities in connected vehicles with varying results. In Cahen, et al. v. Toyota Motor Corp., et al.6, plaintiffs alleged that certain Toyota vehicles had insufficient security measures and sought damages on the basis that the vehicles could be vulnerable to hacking despite the fact that no hacking had actually occurred. The district court dismissed the case, finding that the plaintiffs had not sufficiently alleged an injury which was specifically linked to the risk of hacking itself. This decision was upheld on appeal.7 In contrast, plaintiffs in a putative class action brought against Fiat Chrysler, Flynn et al. v. FCA US LLC et al.8, were partially successful in being permitted to proceed with claims relating to the risk of hacking. The action was commenced after software was updated to protect against potential hacking vulnerabilities. Although the Court dismissed claims for possible future hacking events, it permitted the plaintiffs to proceed with claims that their vehicles depreciated in value due to risk of hacking. Fiat Chrysler has requested leave to seek an interlocutory appeal, stating that “all connected products are potentially ‘vulnerable’ to hacking” and that an action alleging that a product could be vulnerable was not sufficient for certification.9 In Canada, manufacturers will want to continue to design their autonomous systems with sufficient protection to guard against the potential for privacy breaches in order to avoid a class action.  Given the experience in the U.S., class actions brought to address potential future problems that have yet to materialize will likely be met with challenge. Product Liability Class Actions It is often suggested that product liability cases are “well-suited” or “ideal candidates” for class action treatment, as proof of a defect or product issue can be extrapolated to all of those who have purchased the same product.10 In Canada, a number of automotive claims have been deemed appropriate to be certified as a class action.11 A class action may not, however, be appropriate in cases where a common question is not easily posed. This may occur in circumstances where manufacturing techniques change over time, there are multiple parties involved in delivering the finished product to a consumer or there is a change in the appropriate standard of care.12 Given the pace of technological improvement and the complexity of the technical matters likely to be in issue, the importance of submitting evidence from an adequate expert to give some evidentiary basis for the claim cannot be ignored.13 “Commonality” will likely be a fertile battle ground for litigation relating to autonomous vehicles. In a product liability action, arguments usually focus upon the similarities (or differences) between the products which are alleged to have been defective. As an illustrative example, three similar putative class actions considered product liability claims in relation to medical devices, but each arrived at separate results on certification.14 Two actions which alleged issues with a wide range of similar, but varied, products were deemed inappropriate for certification – the defendant’s conduct differed among the products and no common defect across all products was identified.15 An action that focused on one “single undifferentiated product group” was deemed appropriate for certification as the parties did not draw distinctions between the devices. Looking Forward While autonomous or connected vehicles have yet to be the subject of a class action in Canada, the plaintiff’s bar will be certain to raise issues which will test the boundaries of class proceedings. Manufacturers and other parties responsible for the collection, use and storage of data gleaned from these productions should remain aware of the legal risks associated with maintaining data.  Canada has already gained experience with class actions arising from privacy breaches, but there is an open question as to what type of loss will be sufficient to give rise to a certifiable class action.  Manufacturers and distributors of autonomous and connected vehicles remain exposed to the possibility of a product liability class action, but it is not yet clear whether the issues regarding these vehicles will be simple or narrow enough to be answered in common across a class. Largely, this will depend on the specific defect being alleged and the degree to which that defect is manifested across the series of products tied to a prospective class definition. It remains to be seen how these products will be dealt with on a motion for certification.   For further information on the process and steps of a class action, please visit the class actions section of BLG’s Product Liability Handbook.   


Monthly articles provided in The Sensor: Legal Insights into Autonomous Vehicles explore how autonomous vehicles are impacting industry sectors across the board and are written with the objective of helping to ensure our clients are well-positioned to deal with the related legal and regulatory challenges.

Your feedback is appreciated. Please email us at AVs@blg.com with your comments or suggestions.

  1. Alex Davies, GM Will Launch Robocars Without Steering Wheels Next Year (January 2018), WIRED.
  2. Chris Valasek and Charlie Miller, Remote Exploitation of an Unaltered Passenger Vehicle, IOActive ; Andy Greenberg, Hackers Remotely Kill a Jeep on the Highway – With Me In It, WIRED.
  3. Maksimovic v. Sony of Canada Ltd., 2013 CanLII 41305 (Ont Sup Ct J).
  4. Lozanski v. The Home Depot, Inc., 2016 ONSC 5447.
  5. Drew v. Walmart Canada Inc., 2017 ONSC 3308.
  6. Heather Sussman, Doug Meal, and David Cohen, Recent Decisions Highlight Product Cybersecurity Issues re: Cahen, et al v Toyota Motor Corp., et al – US District Court Northern District of California.
  7. Helene Cahen, et al. v. Toyota Motor Corp., et al., No. 16-15496, 9th Cir., 2017 U.S. App. LEXIS 26261.
  8. Flynn, et al. v. FCA US LLC, et al., Case No. 3:15-cv-00855.
  9. Linda Chiem, Fiat Crysler Asks Justices to Review Car-Hacking Cert. Order (October 2018), online: Law 360.
  10. Williams v Canon Canada Inc., 2011 ONSC 6571 at para 125 [Williams]; Schick v Boehringer Ingelheim (Canada) Ltd., 2011 ONSC 1942 at para 74.
  11. Thorpe v Honda Canada Inc., 2011 SKQB 72 [Thorpe]; Reid v Ford Motor Company, 2003 BCSC 1632; Kalra v Mercedes Benz, 2017 ONSC 3795.
  12. Ernewein v General Motors of Canada Ltd., 2005 BCCA 540 at para 33.
  13. Williams, supra; Thorpe, supra.
  14. O’Brien v Bard, 2015 ONSC 2470 [O’Brien]; Vester v Boston Scientific Ltd., 2015 ONSC 7950 [Vester]; Dine v Biomet, 2015 ONSC 7050 [Dine].
  15. O’Brien, supra; Vester, supra.