As 2019 came to a close, we looked ahead into 2020 and noted that data would continue to be a huge issue for the digital economy. We have not been disappointed. On February 19, 2020, the European Commission (the “Commission”) released its 35-page document entitled “A European strategy for data,” becoming just the latest of many developments in that area.
The document lays out a vision as to how – through legislation, technical standards and public-private initiatives – the EU can become a future leader in data and create a more permissive data economy.
The Commission’s goal is to create a single European data space – “a genuine single market for data, open to data from across the world – where personal as well as non-personal data, including sensitive business data, are secure and businesses also have easy access to an almost infinite amount of high-quality industrial data, boosting growth and creating value, while minimising the human carbon and environmental footprint.” The Commission envisions common European rules to ensure:
- data can flow within the EU and across sectors;
- European rules and values, in particular personal data protection, consumer protection legislation and competition law, are fully respected;
- rules for access to and use of data are fair, practical and clear, and there are clear and trustworthy data governance mechanisms in place;
- there is an open, but assertive approach to international data flows, based on European values.
The strategy document lays out a number of concerns, problems and obstacles to achieving its vision. One theme that runs throughout is the need to create common interoperable data platforms offering small and medium enterprises (SMEs) access to a host of cloud services and advanced data processing capabilities. As the Commission sees the current state of the data environment as dominated by the big tech companies, it noted that such a high degree of market power can “enable large players to set the rules on the platform and unilaterally impose conditions for access and use of data.” But what incentives would exist for companies to share certain data to an EU platform? The Commission states that organizations contributing data “would get a return in the form of increased access to data of other contributors, analytical results from the data pool, services such as predictive maintenance services, or licence fees.”
Generally speaking, the Commission’s data strategy includes a number of elements:
- A cross-sectoral governance framework for data access and use. The Commission’s proposal for legislation would include a framework for a common European data space that would “support decisions on what data can be used in which situations, facilitate cross-border data use, and prioritise interoperability requirements and standards within and across sectors.” This would also include facilitating decisions on “which data can be used, how and by whom for scientific research purposes in a manner compliant with the GDPR.”
- The opening of key public sector data sets. The Commission would work on making more high-quality public sector data available for reuse, in particular in view of its potential for SMEs.
- Legislative action on issues that affect relations between actors in the data-agile economy. The Commission would seek legislative solutions to provide incentives for horizontal data sharing across sectors, in particular “addressing issues related to usage rights for co-generated data (such as IoT data in industrial settings), typically laid down in private contracts.” Notably, the Commission stated it would also seek to identify and address “any undue existing hurdles hindering data sharing and to clarify rules for the responsible use of data (such as legal liability).”
- Legislation regarding limited circumstances where access to data should be made compulsory.
Ultimately, it appears that a number of forces will be concurrently seeking to reshape the future of the global digital economy. In the EU, the efforts described above, as well as the EU’s proposed Digital Services Act, which will impact content on digital platforms, and continuing GDPR enforcement will be influential in this area. In the U.S., regulators are considering antitrust enforcement efforts in the technology sector, legislators are calling for major changes to the immunities under Section 230 of the Communications Decency Act, and privacy and data security legislation and enforcement are impacting data-oriented businesses. Other global initiatives are ongoing as well, such as a sweeping personal data privacy bill recently introduced in India and the prior passage of Brazil’s general data protection law which is set to go into effect later this year. In the meantime, investment in “big data” is growing at double digit rates. With all these ingredients placed into the pressure cooker of the global economy, what will be the result? Stay tuned!