Proposals for a new data act should, as far as possible, allow businesses to share data based on trust and freedom of contract. Rules on mandatory data sharing must not contradict union laws that protect other interests, especially the protection of privacy, security and trade secrets.
Under the Data Act, businesses that sell, lease or rent products or services that generate data, for example household appliances, will be obliged to share the data generated with third parties. In their current form, the EU’s proposed new data regulation would stipulate that data generated during use would partly belong to users and partly to third-party actor(s) made known to the user.
The proposal needs clarification in several aspects. For example, it is unclear what applies if a party who is required to share data does not have access to that data. Does for instance data generated by and processed at or near the user, known as edge computing, fall inside or outside the legislation?
Another issue centres on what fees should be paid for sharing data. According to the current proposal, anyone who is obliged to share data with a third-party is entitled to demand reasonable compensation. However, this phrasing is far too vague and, if it is not supplemented with objective criteria for what can be included in calculating such payments, legal action could result.
The proposed mandatory data sharing rules seek to make access to and use of data fairer. The proposal may encourage innovation and growth among actors who, through the Data Act, will obtain access to more data. However, for those forced to share data with potentially unknown third parties, the proposal is a source of considerable concern.
It is not only legally and technically difficult to share data. Data sharing is also associated with costs and risks. Due to handling errors or hacks on data recipients, shared data can end up in the wrong hands. Shared data may also contain information, for example trade secrets, which should not be shared.
Trade secrets refers to information that businesses keep secret and that has value because other businesses do not have access to it. Trade secrets are protected by law based on an EU directive. For many businesses, trade secrets are just as important as patents and trademarks. But what use is this protection if information can no longer be kept secret because it must be shared with others?
The above issues must be prioritised and clarified in ongoing work in the Council and the European Parliament. Proposals for a new data act should, as far as possible, allow businesses to share data based on trust and freedom of contract. Rules on mandatory data sharing must not contradict union laws that protect other interests, especially the protection of privacy, security and trade secrets.EUData act