The words which probably best describe trends in the field of logistics and transportation are “information connectivity” and “automatization.” The aim of both is the same – to increase efficiency and to achieve effective control of time, costs, quality of services, etc. In Croatia, as elsewhere, these concepts have resulted in some new legal challenges.
As customers, we all want packages to be delivered to us as soon as possible, and we often want to have control of the whole process, including the delivery status and the exact time and place of delivery. To improve the quality of the service, providers use various mobile applications and delivery tracking solutions. Furthermore, businesses use tracking devices such as GPS devices in their vehicle fleets to improve the planning and operation of deliveries. All of this requires processing significant amount of data – including personal data. Unsurprisingly, it is often challenging to ensure a proper balance between the need for data control and the privacy and security restrictions.
What we see in Croatia is not only the increased use of various information and communication technology (ICT) solutions (especially vehicle tracking devices), but also significant efforts by businesses to comply with applicable legal rules. Executing data processing and other agreements with services providers is not enough; it is important to make necessary legal assessments and ensure that basic principles (such as data minimization and purpose limitation) are respected. In most cases, the General Data Protection Regulation requires a data protection impact assessment (DPIA) as demonstrated by the GDPR-mandated list published by the Croatian data protection authorities of processing operations which require such an assessment. As the use of information and communication technologies often requires the processing of employee data (as when the location data of delivery drivers is provided, or their driving behavior), local employment rules must also be taken into consideration. In Croatia, these rules are quite strict and make efforts to balance the need for data control and privacy restrictions even more challenging. Compliance with employment rules in Croatia includes strict application of data and purpose minimization, as well as the proper preparation of relevant employment documents and formal authorization of persons involved in the personal data processing.
However, the complexity of the new trends does not stop there. The use of artificial intelligence, for example, is an increasing factor in this field. The 2019 World Intellectual Property Organization report shows that the transportation industry is one of the leaders in exploring the commercial exploitation of AI. This seems logical, as the use of AI helps market players increase the scope of automated working processes, which is of significant value in transportation because of the sector’s heavy reliance on human workforce in business operations. This seems to be recognized by the producers and service providers offering new solutions in Croatia – e.g. the use of robots in warehouses, which increase labor productivity – as well. Certain Croatian start-ups offering such new solutions for businesses have been boosted with large investments in 2019. Such solutions seem to be used more and more by providers of logistic services, among others. The legal struggle starts when the “old” rules need to be applied to such new solutions (e.g. the question of liability for damage caused by AI-powered machines, and IP protection) and when businesses need to comply with the increasing number of regulations – with new and strict rules on data privacy and security representing just a few. From the business point of view, it is thus important to adapt existing contractual clauses to such new situations, as well as to keep track of new regulations and ensure that compliance measures are duly implemented in processes from the very beginning. This is necessary to ensure that the benefits achieved by new solutions are not diminished by the high fines and damage claims which could be triggered if the legal rules are not respected.