EU’s possible Data Act

The European Commission (EC) signalled plans for a new Data Act, to be published in late 2021, in its February 2020 Data Strategy Communication. The EC revealed more details in its 2021 Consultation and Inception Impact Assessment. The responses to the Consultation and Inception Impact Assessment are bound to shape the future of EU’s digital economy. The Data Act will complement other European Union (EU) measures to create a solid framework for digital trust, opening up public sector data, removing digital borders, encouraging trade in data, opening up competition and facilitating better security within the EU single market.

What is the objective of the possible Data Act?

The Data Act seeks to encourage B2B data sharing to facilitate access to and use of data to realise the full potential of EU’s data economy. The Data Act aims to address the following problems currently limiting B2B data sharing:

• Lack of economic incentives for data holders to share
• Lack of trust between businesses that contractual terms will be honoured
• Imbalances in negotiating power
• Fear of misappropriation by third parties
• Lack of legal clarity on who can do what with data (for example, co-generated data).

What specific issues have been identified?

The Data Act would need to be coordinated with other legislative measures, such as the GDPR, while respecting rights in relation to data and investments made into their collection. The Data Act’s objectives can be thought of as falling under the following general themes:

Promotion of fairness

• Identification of contractual unfairness where there is unequal bargaining power compromising competition; and
• Ensuring fair distribution of usage rights along the value chain, as attribution of the rights to access and use such data is left to private contract.

Legal certainty

• Review of the Database Directive
  • clarifying whether database rights can cover machine-generated data and in what circumstances; and
  • ensuring that the rights under the directive do not impede cross-border data flows and data sharing.
• Safeguarding intellectual property (IP) rights, especially in the context of data processing by foreign cloud service providers.

Ensuring portability

• Cloud service users should be able to switch providers without encountering contractual, technical and/or economic barriers. Should voluntary codes of conduct be insufficient to fully support portability, the Commission may mandate a binding right on cloud service portability.
• Lack of interoperability requirements mean users are unable to exchange data in real time, leading to lock-in.
• Smart contracts can help facilitate automated data sharing and pooling, but lack of harmonised standards hampers scaling across sectors and borders.

The Commission is assessing the application of the Trade Secrets Directive in the context of the data economy, including a study focusing on four key sectors (automotive, health, energy and financial services) with a view to providing clarifying guidance at a later date.

What are the policy options?

The Inception Impact Assessment identifies the following non-mutually exclusive policy options:

B2G data sharing: Improved access to private sector data for the public sector

• Data-sharing requirements
• Transparency requirements
• Safeguards
• Intermediation structures facilitating agreement on the conditions of use of such data, including remuneration.
• Mandatory data sharing for a range of defined public interest purposes, bearing in mind safeguards for personal data and other rights to data.

B2B data sharing: Ensuring fairness and competitiveness

• Transparency obligations for manufacturers of connected objects on rights to access and use non-personal data for the benefit of users of such objects
• Fairness test to avoid unilaterally imposed unfair conditions for access to and use of data
• Provision of model contract terms
• Data access and use rights potentially on the basis of fair, reasonable, proportionate, transparent and non-discriminatory terms for non-personal data
• Harmonising horizontal modalities for access to data, which could apply to data access rights established in specific sectoral rules, possibly on fair, reasonable, proportionate, transparent and non-discriminatory terms
• Study the role of database rights with the aim of facilitating data access and use
• Contribute to portability of data generated by individuals
• Legislating safeguards for cloud service portability, specifically:
  • Standard Contractual Clauses
  • Defining contractual, technical and economic requirements
  • Provision of data in structured, widely used and machine-readable format, for free or against an additional, but modest specified maximum fee, or fee structure, depending on the different use cases
• Define essential requirements for smart contracts’ interoperability
• Mitigate risks resulting from government access to non-personal data of EU companies, held by foreign cloud computing service providers.

Data Act Consultation

The Data Act Consultation asks for responses from the full spectrum of stakeholders concerning the issues identified by the Inception Impact Assessment. The results will help the Commission strike the balance between rights and interests of data users, on the one hand, as against those of data holders, on the other, and competitiveness in the EU single market. The following questions are especially noteworthy:

• Questions concerning specific use-cases, with a clear public interest when B2G data sharing should be made compulsory.

Comment: The EU Commission considers that there ought to be more cases of mandatory sharing for the public good. The choice of options are very wide (for example, “Data for a healthier society”), and so any ideas on the way in which the scope should be narrowed ought to be elaborated upon.

• Questions around the nature of difficulties/issues encountered when requesting access to other companies' data in B2B scenarios.

Comment: The European Commission asks data users why they have difficulties accessing other businesses’ data, without asking why data holders have not widely shared their data. Data holders might explain why data is not made available, or principles applied for pricing the licence fees.

• Questions about the factors relevant when determining fair, reasonable, proportionate, transparent and non-discriminatory conditions to increase data sharing.

Comment: The European Commission appears to consider that data holders may be incentivised to share data based on fair, reasonable, proportionate, transparent and non-discriminatory terms, if certain conditions applied. Data holders who have made substantial investments in creating and collecting data are likely to seek full control on how their data is shared. Some of the conditions suggested, such as the use of structures enabling the use of data for computation without actually disclosing the data, could incentivise data holders to share their data (but not necessarily on a fair, reasonable, proportionate, transparent and non-discriminatory basis).

• Several questions exploring the contractual ability of the owners/users of connected objects and manufacturers to use data generated by connected objects.

Comment: Responses to these questions are likely to determine how the rights in co-generated data should be determined, and would be worth responding to as fully as possible.

• Questions which explores the relevance of laws of trade secrets and rights under the Database Directive to access and use third-party data or protect own data, including machine generated data.

Comment: Coverage of machine-generated data is debated and requires nuanced understanding of the Database Directive.

• Questions on whether and how portability between cloud service providers should be facilitated and the level of risk posed to business users of such services if a non-EU government were to request access to data.

Comment

Responding to the Consultation would be worthwhile, not only for anyone dealing with data in their business at present, be it as data holder or data user, but also those who may do so in the future. Because it is a survey, the questions are in the form of multiple choice, with the ability to elaborate further. It would be worth investing the time to elaborate on the answers because the responses are likely to be highly nuanced, depending on the circumstances of data access and use. Ideally, businesses will invest in ensuring that questions are answered by those in the business who deal with and understand the economics of working with data, as well as an understanding the legislative options.