Intelligent Transport - Data

United Kingdom

Intelligent Transport is no longer an aspiration but a reality. Business has been quick to identify commercial goals such as faster shipping, more efficient transport operations and safer jobs, while consumers increasingly expect door-to-door round-the-clock transport planning functionality as well as up-to-date and personalised travel information.

The list of projects is ever increasing - Samsung is deploying a smart vessel performance monitoring solution, Yara are developing a fully autonomous container ship and Rolls Royce are heavily investing in autonomous vessel R&D. Earlier this year Airbus completed the first successful flight of their autonomous electric air taxi, and more than 12 million fully autonomous vehicles are expected to be sold each year by 2035. Siemens offers systems which continuously monitor all train movements and Chinese dockless bike providers Mobike and Ofo are continuing to expand their UK operations. A smart train with virtual tracks launched in China in October 2017 and Hyperloop One has agreed with Dubai to evaluate building a new 500mph train to Abu Dhabi, which would travel 150km in just 12 minutes.

The rapid pace of change has profound implications, many of which we are only starting to understand. Organisations will need to plan for the future and yet remain sufficiently agile that they can respond efficiently and effectively to the challenges ahead.

From its work in this area, the CMS transport team has identified a number of key legal themes on which organisations engaged with transport need to focus. This is the first in a series of articles which will look at some of these themes in more detail.


Data sits at the heart of the transport revolution, enabling organisations to better understand their assets and their customers. Currently, however, data tends to be gathered in silos (rail companies, bus companies, local authorities, national authorities, etc.) and for a successful move to integrated transport those silos will need to be broken down. This will not only require significant trust and co-operation but will also give rise to considerable data protection issues.

High on the agenda is the need for organisations to consider how they process the data of employees and customers when the General Data Protection Regulation (GDPR) comes into effect in May 2018. The new rules are considerably more stringent than the current Data Protection Act regime and the fines for being in breach are significantly increased. The GDPR includes a focus on managing and understanding information held on data subjects, ensuring data subjects are fairly informed about how their data is processed, and giving them greater rights to choose how their data is used by organisations. Empowering individuals to decide freely on the fate of their data requires organisations to ensure they have built their systems with data protection compliance in mind from the outset.

The value of passenger data to transport organisations will increase exponentially, but if consumers refuse to engage in data sharing this asset will be lost. It is clear that alongside the growth of automation and data sharing there has been a growth in cyber breaches and failures in cyber security. The issues that arise when data is not used as expected can be clearly seen in the recent Facebook/Cambridge Analytica investigations, with the regulatory authorities raiding Cambridge Analytica’s offices to seize information.

Given the security, regulatory and reputational issues associated with a cybersecurity or data breach, not to mention the potential for fines, penalties and claims, all transport organisations need to understand and plan for security issues at a system level.

Key to an organisation’s preparation for and management of a data breach is empowered and decisive leadership. Data breaches should not be regarded as an IT issue - a serious breach will require attention at full Board level, as major strategic decisions may be needed despite only limited information. A rapid response is vital in managing a breach effectively, and an organisation which has up-to-date processes and procedures in place will not only be better prepared to deal with a breach but will be able to do so calmly and with consideration. This is particularly important given the new requirement under the GDPR to notify serious breaches of personal data to the Information Commissioner and affected data subjects.

Preparation is only one part of the picture, however - it is also important to have appropriate professional support and advice accessible at short notice, since a typical data breach will require urgent and specialist legal advice on relevant law and regulations, possibly across multiple jurisdictions, as well as IT forensic and PR support.


In a world of swift change accompanied by increased regulatory and public scrutiny, support from strategic advisors is absolutely vital if businesses are to grow and retain consumer / customer confidence. The CMS Transport team has the advantage of working with many different organisations involved in transport and so has built up the broad experience needed to help clients, both to assist them to move fast to seize growth opportunities and to help them protect themselves against risk.

Please speak to one of us, or to your usual CMS contact, for more details.

See also our recently updated Guide to Electric Vehicles.