James Boyle
James is a Partner in the Data Group of Mishcon's Innovation Department. He specialises in offering nuanced, strategic counsel in privacy and data protection matters. His clients are typically fast growth SaaS, AI and digital health businesses.
His work extends to breached credentials compliance projects for cybersecurity firms that safeguard key industrial sectors. He has also consulted on data residency and hosting structures for fraud prevention networks that handle in excess of 300 million transactions annually, and designed and implemented global privacy training modules, delivered to over 100,000 staff members in publicly-listed companies.
He leads the outsourced Data Protection Officer and EU Representative service lines.
2 Contributions by James Boyle
PRACTICE NOTES
Connected and autonomous vehicles: privacy, data protection and cybersecurity—GDPR/PECR, PSTIA and NIS duties; controller/processor roles, DPIAs, portability, transfers and disclosures, supply chain considerations, and EU/UNECE developments
This Practice Note explores the following data protection, privacy and security matters arising in connection with the use of autonomous and connected vehicle technology:
The technology
Declaration of Amsterdam
Cooperative Intelligent Transport Systems (C-ITS)
United Kingdom General Data Protection Regulation
Privacy and Electronic Communications Regulations 2003
Cybersecurity
The Product Security and Telecommunications Infrastructure Act 2022
Connected and autonomous vehicles in the EU
International
Practical issues
For further detail and context on additional UK legal considerations linked to this technology, see the Practice Notes: Autonomous vehicles—key legal issues and Autonomous vehicles and insurance, and for a concise overview of dates and key points, see: UK automated vehicles—tracker. To monitor developments within the EU, also consult the Practice Notes: Automated vehicles—key legal issues in the EU and EU automated vehicles—tracker.
The technology
Contemporary vehicles already incorporate a suite of external communications, such as satellite navigation, in-car entertainment and emergency assistance, capable of automatically transmitting precise location data to the emergency services...
TMT
PRACTICE NOTES
EU regime for connected and automated vehicles: GDPR, ePrivacy, cybersecurity (NIS2), Data Act access, AI Act, type approval, eCall, liability and practical compliance
This Practice Note examines data, privacy and cybersecurity matters linked to the deployment of autonomous and connected vehicle technology, including:
The technology
Declaration of Amsterdam
Cooperative Intelligent Transport Systems (C-ITS)
EU General Data Protection Regulation
ePrivacy Directive
Cybersecurity
Data accessibility
Liability
EU AI Act
eCall
Data preservation and data production in the context of criminal proceedings
International
Practical issues
For further coverage of other principal legal questions related to this technology, see Practice Note: Automated vehicles—key legal issues in the EU, and for a timeline and headline information, see Practice Note: EU automated vehicles—tracker. To monitor UK developments, see Practice Notes: Autonomous vehicles—key legal issues, Autonomous and connected vehicles—data protection and privacy issues, and UK automated vehicles—tracker.
The technology
Contemporary vehicles already incorporate various external communications tools, including satellite navigation, on-board entertainment and emergency assistance, which can automatically transmit exact location data to the emergency services...
EU Law
If you expected to see yourself on this page, click here.
