The Commission has recently published its Data Economy Package, which includes a Consultation on Building the European Data Economy. The Consultation is accompanied by a Communication and a Staff Working Paper.
The proposals in the Data Economy Package address issues relating to non-personal data (the protection of personal data is addressed in the General Data Protection Regulation (GDPR), which comes into force in May 2018).
The proposals set out in the Data Economy Package arise from the Commission’s belief that non-personal data (particularly when it is generated in significant volumes) has huge potential as a resource for economic growth within the EU.
The measures set out in the Data Economy Package aim to:
enable the free flow of non-personal data between EU member states; and
promote and enable access to data sets which are being created but not necessarily utilised to their full potential.
The free movement of data
In relation to the free flow of data, the obstacle which the Commission sees as being in greatest need of tackling is what it calls ‘unjustified’ requirements that data is stored within a particular EU Member State. The Commission cites, by way of example, the requirement imposed by certain financial services regulators that customers’ financial data is stored locally. Such requirements, the Commission says, cause unnecessary expense for the parties storing the data, and rarely contribute to the intended objective of data security.
Wider access to data
Some of the most eye-catching aspects of the Commission’s proposals relate to its desire to promote and enable access to the huge datasets which are now being created.
The type of datasets which the Commission contemplates providing access to is the “ever-increasing amounts of data…generated by machines or processes based on emerging technologies, such as the Internet of Things, the factories of the future and autonomous connected systems.” For example, it is easy to imagine that companies who are exploring the viability of driverless cars are now sitting on huge amounts of data about how traffic moves around our roads.
At the moment, the Commission believes that companies creating large datasets typically hold on to it for their own purposes, which, in the Commission’s words, “potentially restrict[s] reuse [of the data] in downstream markets”.
The Commission sets out a number of possible solutions to address this problem and to encourage (or even force) companies to grant others access to their data.
Some of the most striking possibilities set out by the Commission are:
Creating a new ‘Data Producer’s Right’: Databases containing machine-generated data are typically not protected by either copyright (because they are not deemed to be the result of intellectual effort and/or have any degree of originality), or the sui generis right provided by the Database Directive (because the database will often lack the requisite level of investment in obtaining, verifying or presenting a database’s contents). The Commission does not provide much detail as to the precise scope of the new ‘Data Producer’s Right’, or the circumstances in which it would arise. It is hoped that further details will emerge during the course of 2017; the Commission has announced that it intends to conduct an evaluation of the Database Directive this year, which would provide an opportune moment for the EU to both amend the existing framework and set out the scope of any new data rights.
Compulsory licensing: The Commission also suggests two mechanisms by which the owners of databases could be required to grant others access to them:
When it is in the public interest: The Commission suggests that public authorities could be granted access to third parties’ data sets where it would be in the “general interest” and would considerably improve the functioning of the public sector. One can envisage, for example, local authorities being granted the right to access real-time traffic data which is collected from private vehicles, in order to improve traffic management or perhaps even monitor and try to control air pollution.
On FRAND terms: The Commission also raises the possibility of establishing a framework in which companies are obliged to license the data they hold which is generated by their machines or devices on “fair, reasonable and non-discriminatory” (FRAND) terms. To date, the EU has only mandated the compulsory licensing of IP rights on FRAND terms in exceptional circumstances, such as where the owner of a patent has a dominant position and there are no alternatives to using the patented technology. Expanding compulsory licensing to large datasets is therefore a significant potential development.
Model contract terms: The Commission has suggested that, with the input of stakeholders, model contract terms are drafted to create balanced terms for small business. It is likely that these would reduce transaction costs and safeguard contractual freedom, and may also provide weaker parties with a fairer opportunity to exploit data.
What impact will these measures have in the UK, post-Brexit?
The Commission’s proposals are at a very early stage. Following a public consultation (which ends on 26 April 2017), some of the proposals may evolve into proposed legislative reforms which would then be considered by the European Parliament and Council before they can be adopted.
According to the timetable for Brexit currently indicated by the UK government, the UK will have left the EU by the time any such legislation comes into force. It is still uncertain what relationship the UK will have with the EU, or what shape any transitional period will take.
Even so, the Commission’s data economy proposals are relevant to UK companies for the following reasons.
UK companies who wish to benefit from any newly created ‘Data Producer’s Right’ will need to ensure that the right subsists in the data which they create and store. The requirements for subsistence are only likely to become clear once the Commission publishes draft legislation. But it might be the case that companies will need to move their data creation or storage operations from the UK to an EU Member State in order to benefit from the newly created right.
Any move to non-local storage of data could mean that cheaper data centres are built in European member states where operating costs are lower. Companies holding large data sets off-site must consider their auditing options and their relationships with their own customers. The Commission has also noted that the data centre market is heavily dominated by US providers, suggesting that they view increased competition in this area as something to strive for.
On the other hand, if companies who create large databases view the Commission’s proposals as a threat (particularly in relation to compulsory licensing of that data), then they may wish to take steps to ensure that their data is not caught by any EU legislation. In those circumstances, the UK may become an attractive ‘safe-haven’ in which to store such data once the UK leaves the EU, provided that this places the data sufficiently outside of the reach of the Commission’s proposed compulsory licensing. Again, the exact steps which will need to be taken will depend on (i) what relationship the UK has post-Brexit; and (ii) the EU legislation which comes into force.
The impact of any changes will also impact certain sectors more than others. Companies may need to consider whether their position is sufficiently well protected and may consider taking technological steps now to cope with future developments. For example, those sectors with vast volumes of confidential or personal data, such as the health care sector, will need to be wary of the costs and risks of separating out data which they are willing to share from data which must not be disclosed. This must be balanced with the possibility of recouping sizeable research and development costs from the data produced in order to obtain a fair return on their investment.
From a technical perspective, firms across a variety of sectors will benefit from investing in application programming interface (API) technologies in order to provide access to data in a convenient, low-cost way, with a view to monetising their own under-utilised non-personal data. However, data producers will need to carefully consider whether they may lose their competitive advantage in providing such access, whilst balancing this concern against the increasing interest the European Commission is showing in data in the context of competition law (see various articles on our sister blog here). Indeed, the Commission is well on its way to promoting the benefits of data sharing though programmes such as COPERNICUS (satellite data), and the INSPIRE Directive which puts in place a framework for the sharing of geo-spatial and environmental data.
Meanwhile, some companies have started to build a marketplace for voluntary data trading, and others regard data sharing as part of their corporate social responsibility programme when it can assist humanitarian and natural disasters. There is also a growing realisation that providing open access to data can assist companies to build collaborative and easy to manage relationships with their customers rather than relying on complex licensing arrangements which may discourage customers from experimenting with data.
Now is the time to take action
It is clear that the Commission sees ‘big data’ as a big opportunity for the EU’s economy, estimating that it will amount to over 3% of the EU’s GDP by 2020, and an important part of its Digital Single Market strategy. Whether the opportunities and risks presented by the Commission’s proposals affect UK companies will depend, like many things, on the negotiations between the UK government and the EU over the following months and years. Nevertheless, companies who may be affected by the proposed changes should engage with Commission and Government consultations in order to shape development of data sharing rules for the near future.