In many ways, the traditional perception of a ship has already been altered. Automation and remote operations have forced the industry to reconsider issues of rights and responsibilities, on board and on land.
“Automation changes responsibility,” says Christian Bjørtuft Ellingsen, partner in the legal firm of Simonsen Vogt Wiig, specialists in maritime law. “A vital aspect of safety at sea has historically been to ensure that the ship has a qualified master and crew, and many liability issues are linked to their actions. But with the ever-increasing automation of operations, questions will inevitably arise, such as when is the master responsible, and when is the software? And is it still a ship if there is no acting master?”
In other words, when the hierarchy of responsibility is altered, the nature of a business is altered as well. “We are operating more frequently in the space where shipping meets technology,” Ellingsen says of his firm’s work. “We see that a new risk regime challenges the structure of traditional, standard format shipping contracts.” That space looks to become exponentially more complex in the 4th Industrial Revolution, as digitalisation moves in to steadily more areas of operation.
Opportunities and threats
“Combined operational and information technologies offer great potential for both new and established players to develop products and services with their own commercial value,” says Ellingsen.
“But when you create value, ownership rights and security need to be considered. Intellectual property needs to be patented or copyrighted, and we advise companies to devise an IPR strategy. Security and commercialisation have to go handin-hand, and that requires preparation.”
Cyber security is another area where the new digital reality raises issues of responsibility. “IMO, BIMCO and others have developed guidelines for keeping data safe,” Ellingsen says, but notes that the guidelines remain fairly rudimentary, leaving responsibility for protection against cyber attacks largely in the arena of owners and operators for now.
Meanwhile the larger focus continues to be on the more physical threats such as piracy, theft or terrorism. “Shipping is a conservative business, and they don’t generally take steps before they have to. Major initiatives in international regulation have a tendency to come only in the wake of major accidents or incidents. It may be that it will take a big cyber event to trigger reactions, and force the industry give the necessary attention to securing its data and systems.”
Keeping it personal
When it comes to protection of personal data, Ellingsen’s colleague at Simonsen Vogt Wiig, senior lawyer Thomas Olsen, can present a somewhat more structured picture, if no less complex: “The legal system is more up to speed here,” he assures. “Norwegian law has since 2001 set out binding responsibilities for companies based on EU directives. However, following a major legal reform the new General Data Protection Regulation, GDPR, will be applicable from May 2018, with stricter sanctions for non-compliance.”
Strict indeed: penalties can reach as high as 4 per cent of global turnover, enough to demand executive-level attention. And companies, including suppliers, will have to document that appropriate measures and internal procedures are in place. “All companies will need to comply eventually,” Olsen predicts, “but they need to find the level that is right for them.” Regardless of level, compliance will become increasingly harder to evade in international cooperation: “Big partners will demand compliance from smaller suppliers, and their choice of supplier will be influenced by the level of security.”
The international nature of shipping presents specific challenges. The need for transfer of personal information across borders is one: “Binding Corporate Rules, or BCR, allow for secure transfer of personal data within corporations with an international footprint,” Olsen says.
Personal data protection will also have to be considered when it comes to privacy. “Different owners have different needs for surveillance of crew, and sometimes they might want to do more than is allowed. Both crew and owners need to be prepared to state their cases.”
But while accessibility of data presents a risk for violation of personal privacy, it also makes it possible to set standards for protection. “When everything is open, information protection gets more attention. Rights and rules become more standardised, and personal rights can be better protected. Individuals now have the right to protest abuses where they may not have had an arena before.”
Screening of onboard crew is one of these areas, where private information is exchanged between companies, and across borders. “This information can be used for virtually anything, and those responsible for handling it must also be held responsible for its protection.”
In order to ensure the security of data, Ellingsen says, contracts will become more complex, and this in turn will complicate the risk picture. The digital world offers new opportunities, he concludes, but also introduces new risk.
As the 4th Industrial Revolution continues its rapid advance, the shipping industry will have to define that risk, put a price tag on it, and decide where the ultimate responsibility lies.
At the dawn of Shipping 4.0, the industry is only just beginning to find answers to many of the big questions brought on by big data.