The regulatory environment for data

Global Publication February 2021

EU

The EU Commission has for some time now been pursuing a Digital Single Market (DSM) strategy. This is a multi-faceted regulatory agenda announced in May 2015 to promote online security and commerce. The measures include new and proposed legislation and other measures relating to cybersecurity, geo-blocking, online platforms, the collaborative economy, and standard setting, with a strong consumer protection focus.

 

The three Digital Single Market pillars

Its three pillars are:

  • Better access for consumers and businesses to digital goods and services across Europe.
  • Creating the right conditions and a level playing field for digital networks and innovative services to flourish.
  • Maximizing the growth potential of the digital economy.

 

More specific measures and initiatives have been proposed and implemented in support of the three pillars, including the following (discussed below):

  • Ensuring free-flow of data within the EU.
  • Increasing availability of data for re-use.
  • Ensuring a fair and competitive digital economy.

In February 2020, the EU Commission followed this up by publishing a European Data Strategy aimed at establishing a successful and sustainable digital economy. To support the development of this initiative, the Commission has proposed the following legislative measures in order to facilitate and encourage data access, sharing and re-use:

  • Legislative framework for the governance of common European data spaces: Designed to facilitate access and use of data, both at sector- or domain-specific level from a cross-sector, cross-border basis, and specifying which data can be used, how and by whom for scientific research purposes in a manner compliant with the General Data Protection Regulation (GDPR). It will prioritize interoperability and standardization to enabling dataset sharing.
  • New Data Act: Revising the IPR framework (such as addressing issues related to usage rights for co-generated data to encourage data sharing), and ensuring that laws on database rights and trade secrets are fit for the digital economy.
  • Update to the Horizontal Co-operation Guidelines: Providing clarity on the application of competition / antitrust law with regard to data sharing and pooling.

The European Commission also intends to:

  • Promote the development of common European data spaces in strategic economic sectors and domains of public interest.
  • Under the Open Data Directive, make a wider range of public sector information available, including high-value data sets.

 

Do other jurisdictions have similar initiatives?

Canada

  • Canada does not have a nation-wide regulatory regime governing industrial non-personal data.
  • Such data is regulated by an array of provincial and territorial legislation, which reflect some themes of EU regulations.

China

  • China’s data legal regime has been developed rapidly. Before the issuance of the PRC Cybersecurity Law in November 2017, high level regulatory requirements concerning data privacy and data protection were set out in various laws, regulations and rules.
  • As the data regime in China is evolving, a number of regulations and rules have been issued or are being drafted to provide a higher level of clarity and more guidance on data-related matters.
  • Industry specifications issued by the relevant regulators play an important role in filling in the gaps and provide important guidance as to the implementation and enforcement of the statutory requirements.
  • In addition, national security and public interest are a top priority for China’s digital economy. Free-flow of data is protected and facilitated only if such activity will not put China’s national security or the public interest at risk.
  • The draft Data Security Law was released for public comment on July 3, 2020. This law aims to regulate and protect industrial and non-personal data activities and is expected to be formalized eventually.

Singapore

  • Singapore launched the Smart Nation initiative in November 2014 to “harness the power of networks, data and infocomm technologies to improve living, create economic opportunity and build a closer community.”
  • The Smart Nation initiative comprises three pillars: Digital Government, Digital Economy, and Digital Society. To support development, open data is made available on government portals such as data.gov.sg (which is a free and open data portal where anyone can access datasets on topics ranging from education, environment and health to transport). By releasing data, the Singaporean government aims to unlock economic value, enable quality research and deepen public participation and engagement.
  • The Public Sector (Governance) Act 2018 provides a framework for when data sharing is permitted across government agencies. Public servants' data access rights are based on security clearance and authorisation. The Act also criminalizes the sharing of personal data without authorization and the use of data for self-benefit, or for the re-identification of anonymized data without authorization.

 

Content

Is data really that important to a business?

A quick survey of the top companies by market capitalisation readily reveals that data is key.

Read

The myriad ways in which data may be used

The value that can be gained from data by businesses will inevitably lead to an increase in the use of data to improve daily operations and to develop new products, services and processes.

Read

Nature of data, ownership, and control

In many jurisdictions pure information, or data, is not considered to be property. This is because a claim to property in intangible information presents obvious definitional difficulties.

Read

Ways of protecting data

There is a patchwork of different rights, intellectual property rights and contract rights that may apply to data. Understanding the way in which these rights come into play enables a business  to understand how its data assets can be protected.

Read

Disruptive technology data: case studies

Disruptive technologies, such as AI, IoT, AVs, distributed ledger technology (DLT), cryptocurrencies and smart contracts, generate many different forms of data.  What are the particular characteristics of such data, and to what extent can intellectual property rights or other rights protect them?

Read

The regulatory environment for data

In this section, we review the EU’s position with regards to industrial and non-personal data and look at whether other jurisdictions have similar initiatives.

Read

Free flow of data

Data location laws (in relation to industrial and non-personal data) can be restrictive (as in banking secrecy laws, which may require some types of data to remain onshore or to be “localised”) or liberalising (as in laws that ban the prohibition of export of data from a locality).

Read

Data for re-use

In furtherance of the objective of leveraging existing datasets paid for by public funds, a number of jurisdictions have sought to make public sector information (PSI) available to industry.

Read

Antitrust / competition law data issues

The exclusive possession or control of data can have antitrust / competition law considerations, giving rise to access disputes.

Read

Contractual considerations in sharing data

The uncertain nature of intellectual property rights in data means that “contract is king” in data transactions.

Read

Managing Data

Data is an incredibly valuable resource for businesses, enabling organisations to effectively operate and to make business improvements. In order to exploit this value most effectively, businesses must invest in good data management.

Read

Liability

Errors, incompleteness or biases within data may flow through, and be amplified by, data analytics process outputs upon which a business's strategic and investment decisions may depend, potentially causing business losses. In this section we deal with liability arising out of use of data / datasets that are in some respect sub-optimal.

Read