Legal aspects of navigation
The cases for privacy and liability: An introduction for non-lawyers
Navigation making use of advanced technologies, notably involving radiowaves providing precise information on positioning, navigation options and on the surrounding geographic environment, has become an ever more present phenomenon in today’s societies. Needless to say, this raises also a number of profound legal issues, some more general in nature, some more specific to the navigation sector or even a specific subsector thereof, alternatively taking on a specific flavour once arising in that context.
Amongst those, arguably the issues of privacy and protection of data against undue interference, respectively liability for erroneous positioning, navigation or environmental information and any damage or loss suffered as a consequence of trusting such information, arise as the two most prominent and complex ones. The present paper therefore represents an effort to survey, analyse and evaluate these two issues, with a focus on international and, as relevant, European law as an example of how regional or even national law may further – and often indeed do – interpret the international rules and/or the general principles behind them. Beyond such interpretation and implementation, after all, most national legal systems have their own particular regime in place on both sets of issues.
Navigation from a legal perspective
‘Navigation’ in reality is of course a multifaceted phenomenon, difficult to capture in a simple scheme. Nevertheless, for the purposes of legal analysis it would be very helpful at the outset to outline its main distinctive elements, dissecting the concept as it were into a few major key categories of components. By way of a default approach for the purpose of allocating the appropriate legal obligations, responsibilities and liabilities navigation systems at this junction should then probably be seen to consist of three such major components. How the problem of privacy protection would then fit into this scheme, is yet another matter.
The first main component comprises the radio-location network, that is the physical infrastructure and the hardware comprising it which provide the baseline services by way of radio-communications – satellites emitting signals-in-space, radio towers emitting radio signals, or even fixed navigation devices at airports using various carriers of electronic messages. Sometimes the operation of the physical infrastructure is separated from that of providing such baseline services over it, and sometimes the baseline services are augmented by the same provider with, for instance, software or information updates, but both together represent the ‘supply side’ of the navigation sector.
Operators involved on this ‘supply side’, whether government agencies active to provide services of public interest or commercial operators in it for the money, are usually covering regions, countries or even continents with their operations, in efforts to spread the public services as broadly as possible respectively generate as much revenues as possible. Their key tools for achieving such aims comprise on the one hand the physical infrastructure – which, except for satellites1, requires appropriate regulation at a national level2 – and on the other hand the use of radio waves, preferably without undue interference – which means communications law, both at the national but, as for international usage of radio frequencies, very profoundly also at the international level, is applicable and applied3.
The second main component concerns the on-board devices, whether highly advanced ones such as on board aircraft or ships or far more simpler ones, all the way up to those carried by mountaineers, hikers, amateur sailors and suchlike. Sometimes these devices come with the vehicle, sometimes they can be bought as stand-alone units to be summarily installed in such vehicles – or are just carried in hand or backpack; but in all cases it is the hardware on the ‘demand side’ of the navigation equation we are concerned with here.
Consequently, one main important legal regime applicable concerns that of product liability law; the applicable set of laws and regulations to ensuring that no ‘unsafe’ products are marketed and sold to unsuspecting consumers. Such product liability law is by and large of a national nature, although within the European Union substantial efforts have been made to harmonize the national product liability laws of the EU member states4. In addition, various – always national – legal regimes may apply regarding compliance with a priori technical standards which certain products would have to comply with, or general product warranties and guarantees.5
The third component, also operative on the ‘demand side’ yet usually taken care of by a different branch of the sector, concerns the (provision of the) software calculating positions and providing further navigation information, even if sometimes it may well form physically part of the on-board device, alternatively be provided by the infrastructure network (service) provider.
To the extent this third component is subject to legal and regulatory constraints and controls, they again would largely form part of national systems – this time focusing on service warranties and guarantees – as well as being in all remaining aspects usually dealt with by contractual agreements, where ‘the law’ usually only provides certain broad parameters within which waivers and disclaimers are considered allowable.
Two major areas illustrating the relevance of such an analysis and of the effort to dissect the complex navigation environment into a few key categories of services and providers, are indeed those of privacy and liability. Take, for instance, the fundamental risks that information on a user’s whereabouts are unduly distributed or that the user is provided with information which is erroneous or even absent at a critical juncture.
For legal purposes of determining responsibility for any violation of privacy in such a scenario it is of fundamental importance to understand that (contrary to public perceptions) GNSS satellites, in and of themselves, have no knowledge whatsoever of a particular user’s position – and can therefore never be held responsible for such a violation. If the above generic threefold subdivision of the navigation sector is to be summarily applied, most likely the privacy violation would come to be attributed to the operator of the third component.
Likewise, if liability for damage caused by a user’s trust on navigation information which subsequently turns out to have been unjustified is to be allocated, it should be realized that GNSS satellites, so far, do not provide the key positioning and navigation information – that is done by the on-board device using triangulation algorithms, or off-board infrastructure using the triangulated information communicated by the onboard device and feeding back the actual positioning and navigation information.
To analyse and try to appreciate in somewhat greater substance how such scenarios are to be approached from a legal perspective, it is thus appropriate to now address these two concepts of ‘privacy’ and ‘liability’ a bit more in detail.
Privacy: the definition and the law
Due to the many legal documents (laws, treaties and others) having addressed the issue of ‘privacy’ in one way or another, many definitions of the concept exist, some extended, other much more concise. For the present purpose however it should suffice to define the ‘right to privacy’ as a ‘right of individuals or groups of individuals to seclude themselves and limit information about themselves becoming publicly available’.6
In real life, this right to privacy falls apart in two main categories. The first category refers to the problem of ‘Big Brother’: governments should abstain from any undue interference with an individual’s privacy, unless there are clearly overriding interests of a public nature, as based on non-discriminatory, transparent and coherent criteria. The second category refers to the problem of ‘paparazzi’, under which governments should also protect individuals against unjustified intrusion into their private life by other private persons and/or, following from there, the public at large. Finally, it should be noted that increasingly the right of privacy is also considered to apply to companies and other legal entities, not just to natural legal persons, read human individuals.7
Legally speaking, the right to privacy has been treated as part of the human rights catalogue. Thus, the famous 1948 Universal Declaration on Human Rights of the United Nations provided: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”8 A further UN-initiated international treaty of 1966 similarly stated: “1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation. 2. Everyone has the right to the protection of the law against such interference or attacks.”9
These international treaty rules have been widely implemented in national law. For example, in the United Kingdom the 1998 Human Rights Act stated:
1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.10
As a matter of fact, this clause exactly repeats the text of Article 8 of the 1950 European Convention on Human Rights, which thus resulted in a European-wide harmonization of at least the definition of ‘(the right to) privacy’, even as individual sovereign states remained at liberty to apply for instance criminal law sanctions and procedures in accordance with their respective domestic traditions and laws.
Interestingly, much later in the context of EU law it became necessary for the issue of privacy to be dealt with from quite a different angle, in the context of steadily increasing digitalization and ‘electronization’ of data, including personal data, and the use of internet, e-mail and suchlike for exchange of and access to data. The approach in the European Union was to achieve a fair and appropriate balance between the human right of privacy, the protection of which now required some safeguards in the specific context of the enormous traffic in electronic data, and the economic interests in generally allowing, even stimulating such traffic of and general access to data as a major driver of new commercial services and activities.
This approach resulted in a key EU Directive in 1995, the ‘Data Protection Directive’, which was amended and updated in 2002 to take into account new developments in the ICT realm, which now spells out the details of privacy protection in the area of electronic data – which, as for the navigation sector, includes electronic data referring to an individual’s precise position or route followed.
Based on a key definition of ‘personal data’ as “any information relating to an identified or identifiable natural person”,11 there are three generic categories of exceptions to the fundamental requirement that whatever takes place on electronic networks in terms of data transfers and access should not amount to infringement of an individual’s right to a personal life and privacy. By and large, the same or similar exceptions will be found in national law regimes in other states outside of the European Union fundamentally upholding the rule of law and protecting human rights – albeit often in different versions and variations.
First, the so-called ‘data subject’ may provide his consent to the use of specific electronic data.12 An obvious example in the navigation context would be where an individual wishes to enjoy specific services which are related to his specific location or route. A main condition is that the consent should be unambiguous and explicitly, knowingly and willingly provided. Furthermore, the extent of the consent also principally determines the extent to which an operator enjoying legitimate access to such privacy-related data can actually use those data – in other words, the latter may not after acquiring access to data for one purpose or service then use such data also for other purposes or services.
Second, privacy-sensitive data can be legitimately accessed and used without consent of the data subject only if justified by overriding public interests which have to be explicitly spelled out in applicable law and regulation, limited usually moreover to the interests in public order, criminal law enforcement and security.13 Naturally, those justifications only legitimize access and use by appropriate governmental authorities also as determined by law or regulation, not by other governmental authorities or any private person or entity – and again those data may only be used for the specific purposes specified by the applicable law or regulation.
Third, data which may have privacysensitive content may commonly be collected and used for general historical, scientific and statistical aims and analyses – if properly made anonymous, meaning that individual data cannot be traced back to an individually identifiable person or specific group of persons.14
Obviously then, throughout the EU member states anyone providing positioning and navigation services should ensure proper protection of data regarding the position and navigation of individual users, both in a technical sense – by developing secure networks and data streams – and in a legal sense – by ensuring that data subjects are properly informed and if necessary have given their consent, whereas governmental authorities should only be allowed access in conformity with specific law and regulation. Generally, moreover, these exceptions to potential infringement of personal privacy should be interpreted in a narrow sense: protection of personal data is the default, access by others than the data subject the exception. Again, other non-EU domestic legal systems respecting the rule of law and the protection of human rights would by and large follow the same approach.
Liability: the definition and the law
Liability likewise is a very common and often-used concept, hence defined throughout the ages in myriad fashion. For the purpose of the present analysis, however, the following definition should suffice: liability is “the legal accountability of a person or legal entity to compensate for damage caused to another person or legal entity in accordance with specific legal principles and rules”, which principles and rules are furthermore to be based upon specified sources of law.15 In other words, liability is not a selfevident consequence of damage being caused to someone, but depends on a particular source of law – treaty, act, customary law – which is applicable to the case of damage at hand, and amongst others determines who is liable to whom, for what (kinds of damage), and to what extent. It determines whether fault liability (that is, the victim needs to prove some kind of fault has caused the damage before compensation can be claimed) or absolute liability (that is, the causal link between the damage and the defendant is sufficient for compensation to be due) applies, and it also determines the level of compensation – unlimited or subject to limitations?
As a consequence, also, there are many different legal regimes dealing with liability, national as well as international,16 and in some cases even at the level of the European Union. At the highest level, three different regimes should be distinguished.
First, there is the concept of third-party liability, often at the domestic level also labelled or comprised within tort liability, which is liability for damage caused to parties not as such involved in the activity in the context of which the damage occurs. Such liability by definition is regulated by law, whether by statute or by customary or common law, where each national legal system includes such a regime and in addition in a number of areas also international rules exist. In the absence of any legal regime of third-party or tort liability specifically targeted at navigationor positioning-related damage,17 reference could still be had to established general principles of law to claim liability.18
Second, contractual liability, often also referred to as inter-party liability, rules damage caused by one contracting party to another in the context of the activities contracted for. By definition, this is regulated as between those contracting parties by way of the applicable contract. General law only rarely steps in (for example to ensure contractual agreements do not violate other laws or fundamental principles of morality or justice); normally the freedom of contract of the parties rules supreme here.
Third, the earlier-mentioned concept of product liability represents an exception to the above two types of liability, which basically apply to damage caused by an activity, whereas product liability of course focuses on damage caused by a particular product in the course of normal or reasonable usage.19
For the realm of navigation, the above liability-labyrinth essentially means that for each case of damage caused in the context of a navigation service or product, the applicable legal regime(s) has/have to be identified, which then spell(s) out in detail what damage is compensable to what extent by whom under which further conditions.20
The GNSS Legal/ Functional Model
To illustrate the resulting complexity of the liability situation in particular where the involvement of satellites in navigation arises, in the context of several major advisory projects on Galileo the present author has developed a ‘GNSS Legal/Functional Model’ to properly map the various potentially or actually applicable liability regimes in this realm. This model could be applied to GPS, GLONASS, EGNOS or any other relevant satellite navigation context as much as to Galileo; equally, it could be applied with greater precision and in greater detail to specific areas where GNSS is used – aviation, maritime, road, rail, location-based services, time stamping, geodesy, et cetera.
Note of course, that – like any model – this is a mere approximation of reality; the types of liability specified in the legend below should not be seen as exclusive, but rather as the ‘normal’, most commonly applicable state of affairs. Any full-fledged analysis offering comprehensive coverage requires the appropriate legal expertise.
This ‘GNSS Legal/Functional Model’ thus allows a first level of mapping of specific liabilities as per specific legal regimes based on the applicable legal sources, in principle for any relationship between the various (groups of) stakeholders in the navigation environment.
A few illustrations here to make the general point.
First, E in the case of satellite service – notably GNSS signal and service – providers refers to the aforementioned 1972 Liability Convention – but then only to the extent the damage concerned comprises physical damage to third-party victims on the ground caused directly by the satellites – not to any damage resulting from flawed navigation information. Whether any regime of sufficient specificity applies to the latter categories of damage, would indeed be highly disputable; at best general tort liability principles may be applied. Certainly, GPS and GLONASS do not accept such liabilities, so that the chances of actually getting liability acknowledged by a domestic court or tribunal and effectively being effectuated are rather slim.
Second, where GPS and GLONASS operators insist on A being applicable vis-à-vis users, no contract of whatever nature existing regarding such use of GPS or GLONASS signals. This, inter alia, means that in aviation GPS and GLONASS are not acceptable for safety-sensitive signal provision, in the absence of any contractual warranties or liabilities. International regulation as per ICAO simply obliges aviation to use navigation aids only if compliant with high standards of reliability and precision. Any Centre in the aviation context – read air traffic control centres – would thus only allow aircraft operators to use a GNSS signal under some form of contract giving rise to B.
This is precisely one area where Galileo intends to make a difference, aiming for contracts giving rise to B in appropriate circumstances. Against payment, the Galileo operator will thus possibly offer contractual liability properly speaking – for instance for damage caused by electronic signals overheating the receivers. However, this is not what GNSS users are usually most concerned with, so the Galileo operator would also be expected to add service guarantees and warranties as part of B, specifying compensation in case the service fails to meet the promised standards, as well as guarantees that if flawed Galileo-based positioning- and navigation-information would result in onward damage, Galileo would accept liability for damage under for example D or G, which is indirect damage as far as the relationship between the signal provider and the user is concerned.
Third, when again taking aviation as the example, D covers a broad range of international treaties on contractual liability of airlines vis-à-vis their passengers for damage sustained during a flight – ranging from a 1929 Warsaw Convention to a 1999 Montreal Convention – which have by and large harmonized the national laws of the various groups of states parties to the respective treaties. In handling damage caused by aircraft accidents to third parties on the ground, G by contrast comprises, at the international level, only a sparsely ratified 1952 Rome Convention, later amended by a similarly sparsely ratified 1978 Montreal Protocol, which means that in most cases national (tort) law applies here, with all variations possible as between individual countries.
Obviously, for other modes of transportation (interested in) using GNSS signals and services, a largely or even completely different set of legal regimes would elaborate the various letters in this GNSS Legal/Functional Model, except for the rather generic and separate product liability represented by I.
Again, however, for a comprehensive and full-fledged legal analysis more detailed knowledge and understanding both of how satellite navigation works and of any potentially applicable legal regimes in a given scenario are necessary than can be reflected in the current overview.
As can also be glanced from the GNSS Legal/Functional Model – which could, with minor changes, be applied also to areas such as privacy rights, next to those of liability which the version briefly discussed above focussed on – law often is simply a matter of common sense: one has to look for the applicable relationship, and then find the legal sources applicable to that relationship, to seek out whether liability for damage might be claimed, and if so, to what extent, by whom to whom and under what further conditions.
The baseline approach for meeting privacy concerns in the context of navigation operations further to that is that privacy in the first place is a matter of consent, unless specific criminal and/or securityrelated law allows for infringement of such privacy. In all cases, however, such infringements need to be interpreted narrowly, and infringement of privacy is then only allowed proportionally, that is to the extent of the consent respectively the applicable provisions in the law.
Similarly, the baseline approach for addressing potential liabilities is a matter of following the chain of relationships between various stakeholders, and determining the appropriate regime(s) for the appropriate link in the chain. Where issues become too complicated from that perspective, however, one w ould be well-advised to involve a lawyer and/or some insurance.
Where, finally, in many respects the law has not yet dealt at any level of detail with navigation-related or -specific privacy issues or liabilities, not only much work remains still to be done in the legal realm, but it would be highly advisable for any stakeholder in the sector to follow and, as far as feasible and justifiable, influence that process in order to arrive in the end at a (much more) logical, comprehensive, transparent and balanced legal regime allowing navigation to offer its benefits to mankind and individual societies without unduly interfering with the right to privacy and whilst taking appropriate care of liabilities for damage.
1 With regard to satellites, since the 1960s a major body of international law has developed, allowing in principle (and then regulating) the use of outer space for peaceful purposes, most notably by way of the 1967 Outer Space Treaty. Over a dozen states globally speaking have in addition drafted national space laws applicable to such operations, usually in conformity with this body of international obligations – but the overwhelming majority has not (yet) undertaken such domestic implementation efforts.
2 Thus, each state has for instance regulations on the instalment of radio towers for cellular telephony on public or private grounds. These regimes have not been subjected to international treaty obligations, partly since the impacts of building a cell tower are so much of a local nature.
3 This regime at the international level has been developed largely under the auspices of the International Telecommunication Union (ITU), most particularly the Radio Regulations updated every few years under its aegis and the process for allotting and assigning radio-frequencies to specific international communication infrastructures. At the national level, each state has not only established a domestic legal structure to ensure relevant international obligations are complied with, but also extensive regulation in place concerning radio-communication activities that remain of a purely domestic nature.
4 This was first done by way of a 1985 Directive, which has been fundamentally updated in 1999.
5 At the international level, the International Organization for Standardization (ISO) merely acts by way of issuing relevant recommendations on standards for ranges of products (and services) which may impact a particular country’s legal handling of product liability (standards), but leaves the discretion to do so with individual countries.
6 See e.g. for relevant general and fairly succinct yet comprehensive definitions http://en.wikipedia.org/wiki/Privacy; http:// legal-dictionary.thefreedictionary.com/ privacy; and http://www.encyclopedia. com/topic/right_of_privacy.aspx.
7 E.g., in Europe in the 2002 Colas Est case companies were considered entitled to enjoyment of the right to privacy as well.
8 Art. 12, Universal Declaration of Human Rights.
9 Art. 17, International Covenant on Civil and Political Rights.
10 Art. 8, Human Rights Act.
11 Art. 2(a), Data Protection Directive.
12 Cf. e.g. Art. 7(a), Data Protection Directive.
13 See e.g. Arts. 3(2), 8(4), (5), 13(1), Data Protection Directive.
14 See e.g. Art. 6(1)(b), Data Protection Directive.
15 E.g. Art. 2, Co-operation Agreement On a Civil Global Navigation Satellite System (GNSS) between the European Community and its Member States and the State of Israel, Brussels, 13 July 2004.
16 The international regimes usually insist that domestic legal regimes are harmonized to the extent that the international regime in question requires, whilst it remains in most cases the national regime which is directly applicable to instances of damage.
17 Only in the aviation sector notable efforts have been undertaken in the context of the International Civil Aviation Organisation (ICAO) to create such a regime for the use of GNSS, but these efforts have consistently been rebuffed by the actual providers so far of operational GNSS services, the US and Russian military establishments running GPS respectively GLONASS.
18 E.g., in public international law the legal principle ‘sic utere tuo ut alienum non laedas’ holds states liable for harm caused from their national territory (in other words, from within their legal control) to other states.
19 Cf. also however the aforementioned EU Directives of 1985 and 1999, which harmonized such domestic regimes as for the EU member states.
20 Thus, by way of example the 1972 Liability Convention spells out that physical damage directly caused by a ‘space object’, read inter alia a GNSS satellite, to a state or its citizens has to be compensated by the launching state(s) of that space object, without any principled limit as to the amount to be compensated and subject to a requirement of proof of fault only if the damage is sustained by another space object; otherwise, absolute liability applies.
©2015 by F.G. von der Dunk.