ECIPE just launched a new research program on the economic impacts of the EU’s Data Act proposal. We hereby invite interested stakeholders to support our research by providing information on industry use cases, industry data, and funding for the facilitation of research, workshops and roundtables.
In February 2022, the European Commission tabled another far-reaching digital policy proposal, the Data Act. It comes on the heels of two highly controversial policy initiatives, the Digital Markets Act (DMA) and the Digital Services Act (DSA). With the Data Act proposal, the Commission wants to double down on political efforts to diminish market powers that originate from owning data. But now it also aims to tackle ‘less digital’ companies, including Europe’s strong manufacturing sectors. Like DMA and DSA, both of which are based on several untested rules for companies, the Data Act could cause adverse and thus unintended consequences for investments, value-added and the innovative capacity of Member States’ economies. Existing impact assessments failed to account for these impacts.
With the Data Act, the Commission wants, inter alia, to oblige companies to share all sorts of data at fair contractual terms. The proposed rules raised significant concerns about the protection of intellectual property, confidentiality of trade secrets, contractual freedom, and incentives for data-driven innovation. The Data Act could result in a one-size-fits-all regime that would not stop at the gates of Europe’s vital machinery and automotive industries. It would also pave the way for new data regulations tailored towards specific sectors of the economy, such as automotive, transport and healthcare industries.
The Data Act proposal was informed by various impact assessments, such as the study on enhancing the use of data in Europe, the report on fairness control in sharing data, and the review of the Database Directive. All assessments have in common that they downplay the important role of data ownership (intellectual property), effective protection of trade secrets and contractual freedom for trustworthy commercial collaboration and the dissemination of innovation.
Assessing Data Act provisions
The proposed Act includes several rules for access to and use of data in B2B and B2G contexts, such as a user control and a right to share user-generated data, a B2B fairness test, licensing on the basis of FRAND market rates and new rights for the public sector to access privately held data for public interest purposes. For example:
- Article 4 provides that a data holder shall only use any non-personal data generated by the use of a product or related service on the basis of a contractual agreement with the user and prohibits the use of data “to derive insights about the economic situation, assets and production methods of or the use by the user that could undermine the commercial position of the user in the markets in which the user is active”.
- Article 5 provides the right for a user to have the data generated through the use of a product or related service provided to a third party “without undue delay, free of charge to the user, of the same quality as is available to the data holder and, where applicable, continuously and in real-time”.
- Article 8 requires that data provided to a data recipient must be under fair, reasonable and non- discriminatory (FRAND) terms and in a transparent manner, with the obligation on the data holder to demonstrate that there has been no discrimination.
- Article 9 limits the compensation that a data holder can claim for making data available to that which is reasonable and, in the case of data provided to SMEs, the costs directly related to making the data available. In either case the data holder is required to explain the basis for the calculation.
- Article 14 obliges data holders to “make data available to a public sector body or to a Union institution, agency or body demonstrating an exceptional need to use the data requested.”
- Article 35 states that, in order not to hinder the access rights set out earlier in the Act, the sui generis database right provided for in Article 7 of Directive 96/9/EC “does not apply to databases containing data obtained from or generated by the use of a product or a related service”.
For businesses these (and related) rules create two major problems:
- Type and scope of data for which sharing obligations apply: data holders face uncertainty over the types, aggregations and volumes of data that may have to be shared, the nature of third parties, e.g., potential competitors and governmental agencies, and when the data has to be shared with third parties.
- Compensation for data that is shared voluntarily or has to be shared with third parties: data holders face uncertainty over the amount of compensation, e.g., one-off or recurrent license fees, for data that is shared with third parties, both for voluntary and mandatory transactions.
Uncertainty over the actual scope of data sharing obligations and the amount of future compensation for complex datasets will impact on companies’ decisions to invest in new technologies and business models that intensively rely on, i.e., generate or use, data. Many provisions in the Data Act effectively erode the protection of trade secrets and intellectual property rights, including databases (direct and intended effect), but also software, algorithms and ICT technologies (indirectly). Due to substantial long-term investments and associated financial risks, legal uncertainty over data exclusivity, co-ownership of data and the transactional value of data substantially reduces investment predictability and could therefore have a deterrent effect on investments in new technologies and data-driven innovation in the EU.
With the Data Act research program, ECIPE aims to inform policymakers at EU and Member State level about impacts that have so far been ignored by advocates of the Data Act proposal. Would you like to know more about how your organisation can support our research and outreach activities, contact ECIPE Director Dr Matthias Bauer at firstname.lastname@example.org.