Data Act: Towards a Balanced EU Data Regulation

The Data Act (DA) is a key pillar of the European Data Strategy that aims to create a single market for data and make the EU a leader in the data economy. The proposal, unveiled in February 2022, sets harmonised rules for fair access to and use of data, intends to “unlock the EU cloud market” by facilitating switching between data-processing services, and aims at unleashing the potential of data for broader societal benefits.

Following the publication of the European Commission’s proposal, CERRE has produced a series of four reports zooming in on different aspects of the DA, penned by different leading academics from the CERRE Tech, Media, and Telecom practice. A brief overview of each chapter follows below.

EUROPEAN PROPOSAL FOR A DATA ACT: A FIRST ASSESSMENT

In his assessment (first published in July 2022) of the tabled draft regulation, Giuseppe Colangelo (University of Basilicata) suggests that the DA should be clearer about the goals and purposes to be achieved by the rules. In particular, the focus of the DA should be on establishing a general framework of basic rules that also considers regulatory costs for service providers of different sizes and sectors. Therefore, mandatory interoperability should be tied to further justifications based on an assessment of specific market conditions and the effectiveness of data portability in the respective market.

The chapter gives suggestions to improve the proposal in terms of:

• connection and hierarchy among obligations and objectives pursued by the legislative initiative;
• scope of the new data access and sharing right for connected devices;
• business-to-Government data sharing provisions;
• data processing service switching and international data access;
• scope of interoperability requirements;
• and coordination between competent national authorities responsible for application.

IMPROVING THE EFFECTIVENESS OF THE B2B AND B2C DATA SHARING OBLIGATIONS

The author of this chapter, Jan Krämer (CERRE Academic Co-Director) zooms in on Chapters II-IV of the regulation covering the basic rules for data sharing for data co-generated through the use of connected products by both commercial users and end users.

The report is supportive of the DA’s general idea to provide data users with a new right to portability. However, it criticises the numerous exceptions to that portability right and the use of data, such as exceptions for certain products and a prohibition to use the data for the development of a competing product. These exceptions make the law overly complex for a horizontal regulation, create legal uncertainty, and raise transaction costs that, combined, reduce the attractiveness for users and third parties to use the data and ultimately undermine the DA’s goal of unlocking data.

The report argues that the balancing of innovation incentives should be done mainly by limiting data-sharing obligations to raw data generated by product use, excluding derived data. In reverse, the complexity of the regulation can be significantly reduced, and its effectiveness increased, by reducing the number of exceptions.

To this end, the report makes six concrete policy recommendations to achieve this:

• Remove the no-competition clause (Articles 4(4) and 6(2)(e)), which otherwise undermines innovation incentives by both data holders and data access seekers.
• Introduce a rebuttable presumption that access to raw data does not impede trade secrets. Remove Article 8(6) which suggests otherwise.
• Introduce rebuttable presumption for a zero access price for third parties, instead of stipulating that access seekers need to negotiate a positive access price.
• In return, exclude not only micro- and small-sized enterprises, but also medium-sized enterprises from having to provide data access to connected products under the DA.
• Remove most product exclusions, such as for webcams.
• Allow users to transfer data to any third party that they deem useful, including gatekeepers under the DMA, to maximise innovation potential from data.

ACCESS TO PRIVATE SECTOR DATA FOR THE COMMON GOOD: A CRITICAL REVIEW OF CHAPTER V

Heiko Richter, author of this chapter, details the Business to Government data sharing provisions in Chapter V of the proposed Data Act that put forward mandatory rules on making privately held data available to public sector bodies (PSBs) based on exceptional need.

The report is generally supportive of the idea of stipulating duties for private businesses to share their data with the state for public purposes. There is, however, an important caveat: empowering the state to access privately held data is subject to the condition that the interests of data holders and data subjects are sufficiently safeguarded, and that abuse is effectively prevented. In addition, the provisions must account for the incentives of businesses to create and collect data when delineating the limits and modalities of state access to private data. All in all, the Commission proposal would benefit from additional thought and public discussion, which this paper aims to foster.

To this end, this report proposes, among others, the following policy recommendations:

• Limit the scope of B2G data sharing to ad hoc data access.
• Delete the exemption of small and micro enterprises in cases of public emergency and consider providing compensation to them in the form of an upfront payment of the compensation, based on a cursory estimate of the costs, if the data access request would endanger their existence.
• Require at least best efforts on the part of the data holders to provide information about available datasets.
• Limit compensation to cost recovery and specify which components fall under it.
• Implement a consent-based solution that leaves the decision of access and re-use of the shared data to the private data holder.
• Consider whether there are reasonable means to broaden the purpose or install a more flexible regime, while better safeguarding the interests of the data holder when it comes to using the provided data for research or statistical purposes.

SWITCHING AND INTEROPERABILITY BETWEEN DATA PROCESSING SERVICES

This chapter focuses exclusively on the third part of the DA, more specifically on the data processing services that can be equated with cloud and edge services in all varieties from Infrastructure-as-a-service (IaaS), over Platform-as-a-service (PaaS), to Software-as-a-service (SaaS) offerings.

Whilst the author, Daniel Schnurr (CERRE Research Fellow) agrees in essence with the rules to promote and facilitate effective data portability, he also argues in his report that the DA should be clearer regarding the goals it wants to achieve with the portability and interoperability obligations. Simplicity and clarity of the rules are of utmost importance for effectiveness, with a focus on strengthening data portability and facilitating the switching between providers.

The report presents six concrete recommendations for policymakers:

• Keep obligations that ensure effective data portability (Art. 24, Art. 25), but remove the general right of customers to terminate any contractual agreement (Art. 23 (1) (a));
• Make Art. 26 (4) and Art. 24 (1) (b) the default data portability requirement for all data processing services;
• Replace the functional equivalence criterion with a hypothetical “service replication test” that refers to the original service provider instead of the specific destination service;
• In case the original functional equivalence criterion is maintained, clarify that the original service provider can only be held responsible for its own best effort;
• Mandatory interoperability standardisation and interventions based on delegated acts should be tied to the ineffectiveness of data portability in specific markets or the identification of market failures (Art. 26 (3), Art. 29).