Published on 19 February 2020, the European Commission's communication on a European strategy for data sets out a bold vision for the EU to become a leading role model for a society empowered by data to make better decisions. Outlining the Commission's thinking for the future EU regulatory framework regarding access and use of both personal and non-personal data, the strategy is important reading for almost every business which participates in the data economy.
A vision
Recognising that data is transforming the economy and society, the Commission's aim is for the EU to take full advantage of data driven innovation while placing the interests of individuals first, in accordance with European values, fundamental rights and rules. This involves a careful balance. On the one hand the Commission identifies that competitors such as China and the US are already innovating quickly and projecting their concepts of data access and use across the globe. On the other, the Commission is clear that the EU should follow a "European way", balancing the flow and wide use of data, with privacy, security, safety and ethical standards. The Commission recognises that the stakes are high and believes that the EU’s technological future depends on whether it manages to harness its strengths and seize the opportunities offered by the ever-increasing production and use of data.
The Commission's long term vision is for a single European data space. This single market for data, open to data from across the world, would provide an environment where personal as well as non-personal data, including sensitive business data, are secure and businesses have easy access to an almost infinite amount of high-quality industrial data, boosting growth and creating value.
The Commission sees common European rules and enforcement mechanisms which allow data to flow, while respecting personal data protection and consumer protection legislation as a key step to achieving this vision. It also believes that rules for access to and use of data should be fair, practical and clear and combined with trustworthy data governance mechanisms. Alongside rules and enforcement, a European data space will also require the EU to invest in next-generation technologies, infrastructures and skills such as data literacy. In turn, infrastructure and skills are intended to support the creation of European data pools allowing the emergence of data-driven ecosystems.
Challenges
Before the EU can achieve the vision of a single European data space, the Commission identifies a range of issues which are holding the EU back from realising the potential of its data economy.
The first, and perhaps most fundamental, is availability of data. A data economy requires use and re-use of data. In order to facilitate innovative re-use the Commission wants to address the frameworks for government-to-business, business-to-business and business-to-government data sharing along with data sharing between public authorities. The Commission recognises that each scenario gives rise to its own challenges and policy considerations. In the context of business-to-business data sharing the Commission identifies a lack of economic incentives (including the fear of losing a competitive edge), lack of trust between economic operators that the data will be used in line with contractual agreements, imbalances in negotiating power, the fear of misappropriation of the data by third parties, and a lack of legal clarity on who can do what with the data (for example for co-created data, in particular IoT data).
Another challenge identified by the Commission is imbalances in market power. The Commission highlights that, large online platforms can benefit from a "data advantage" when developing new products and services and expanding into new markets, allowing them to outcompete SMEs. It also suggests that data imbalances can arise in relation to IoT data from industrial and consumer devices.
Other challenges identified by the Commission include data interoperability and quality, data governance, data infrastructures and technologies, empowering individuals to exercise their rights, skills and data literacy and cybersecurity.
The strategy
To realise its vision the Commission proposes policy measures based around four pillars:
The proposals under each pillar cover a lot of ground. The below summary picks up on a number of points from the strategy which will be of particular interest to businesses involved in data commercialisation.
General Governance framework
Of the Commissions four pillars, the first will involve the greatest degree of direct regulatory intervention. Under this pillar the Commission proposes a number of specific legislative initiatives, the first of which is an enabling legislative framework for the governance of common European data spaces to be proposed in Q4 2020. This framework will address the structures and institutions required to take decisions regarding European data spaces, both at Member State and EU level. Examples could include mechanisms to prioritise standardisation activities and to work towards harmonised descriptions of datasets, data objects and identifiers to foster data interoperability. These structures and institutions could operate either at a sector-specific or cross-sector level.
Following shortly after the framework, in Q1 2021 the Commission intends to propose an Implementing Act under the recently enacted Open Data Directive intended to make high-value public sector data sets available across the EU for free, in machine-readable format and through standardised Application Programming Interfaces (APIs).
However the most significant legislative step outlined in the strategy is a potential new Data Act, which could be proposed in 2021. Aimed at providing incentives for horizontal data sharing across sectors by addressing issues which affect relations between actors in the data-economy, the strategy sets out a range of policy issues which could be included in a Data Act. These include fostering business-to-government data sharing for the public interest and supporting business-to-business data sharing. In relation to the latter category (B2B) the Commission provides little by the way of detail, but refers to issues relating to usage rights for co-generated data and specifically mentions IoT data in industrial settings. It also mentions addressing other hurdles to data sharing and clarifying rules around legal liability as it relates to data use. In addition to facilitating voluntary data sharing, the Commission also suggests that the Data Act may address imposing compulsory access to data in certain circumstances such a sector-specific market failures which cannot be solved by competition law. Perhaps anticipating strong objection to enforced data access obligations the Commission offers reassurance that the scope of a data access right would take into account legitimate interests of the data holder and respect the existing legal framework.
The Commission also suggest that a final and potentially significant element of a new Data Act could be a review of the IPR framework to further enhance data access and use, which could include possible revisions to the Database Directive and clarification of the application of the Trade Secrets Directive as an enabling framework.
A broad objective of a new Data Act appears to be facilitating the establishment of data pools for data analysis and machine learning. With this end in mind, in addition to new potential legislation, the Commission also intends to provide more guidance to stakeholders on the compliance of data sharing and pooling arrangements with EU competition law by means of an update of the Horizontal Co-operation Guidelines. The accumulation of data by large tech companies will not however be addressed as part of the Data Act. Instead the Commission will focus on this issue under broader fact-finding activity around the high degree of market power of certain platforms and also in the context of the Commission’s work on the Digital Services Act package.
Empowering individuals
The Commission intends to support the ability of individuals to enforce their rights regarding the use of data they generate. One specific proposal is to explore enhancing the portability right for individuals under Article 20 of the GDPR giving them more control over who can access and use machine-generated data (possibly as part of the Data Act in 2021).
Sector specific data spaces
In addition to a general framework for a cross-sector European data space, the Commission also intends to promote the development of European data spaces in strategic economic sectors and domains of public interest. The intention is to make available large pools of data in these sectors and domains along with the technical tools and infrastructures necessary to use and exchange data and appropriate governance mechanisms. This will be achieved through sector specific policy initiatives and legislation. The seven sector based data spaces identified by the strategy will cover industrial (manufacturing) data, Green Deal data, mobility data, health data, financial data, energy data and agriculture data. The strategy also proposes a data space for public administration and a skills data space to reduce the skills mismatches between education and training and the labour market needs.
The annex to the strategy provides further detail of the Commission's areas of focus in each sector and how it plans to work within the existing legislative framework in those sectors. In the mobility data context, for example, a review of the EU type approval legislation for motor vehicles will include a review of how data is made accessible by the car manufacturer, data protection compliance and the role and rights of the car owner. To facilitate an energy data space, the Commission intends to adopt implementing acts setting out the interoperability requirements and non-discriminatory and transparent procedures for access to data, building on existing national practices on the basis of the Electricity Directive.