Skip to content

Wikimedia Europe

Visual Portfolio, Posts & Image Gallery for WordPress

Charles J. Sharp, CC BY-SA 4.0, via Wikimedia Commons

Michael S Adler, CC BY-SA 4.0, via Wikimedia Commons

NASA Goddard Space Flight Center from Greenbelt, MD, USA, Public domain, via Wikimedia Commons

Markus Trienke, CC BY-SA 2.0, via Wikimedia Commons

Benh LIEU SONG (Flickr), CC BY-SA 4.0, via Wikimedia Commons

Stefan Krause, Germany, FAL, via Wikimedia Commons

JohnDarrochNZ, CC BY-SA 4.0, via Wikimedia Commons

Hope and IoT Data: An Update on the EU’s Data Act 

The debate about the proposed Data Act is in full swing. The lead rapporteur for the Data Act, Pilar del Castillo Vera (EPP ES) in the Industry Committee, has published her draft report with proposed amendments. Other MEPs have until 28 October to propose their own changes. While there is some hope that amendments will effectively limit the sui generis database right (SGDR), the provisions for Internet of Things (IoT) data sharing that cement the factual data holders’ strong position currently remain largely unquestioned.

Authors: Aline Blankertz & Dimi Dimitrov

Hope for free databases

The sui generis database right (SGDR) is a property right first introduced in the European Union in 1996. It is comparable to but distinct from copyright and exists to recognise the investment that is made in compiling a database, even when this does not involve the “creative” aspect that is reflected by copyright. Even the European Commission’s own assessment struggles to find any proof of a positive economic impact of this right. At the same time, it makes the re-use of data and databases much more bureaucratic and costly. As the EU, together with Russia and the UK, seem to be the only jurisdictions that recognise such a right, it might even put the European data economy at a disadvantage vis-à-vis other continents. 

In its Data Act proposal, the European Commission seemingly recognises the SGDR as an obstacle for the data economy and proposes to restrict it so that it wouldn’t apply when a user asks for access to data generated by a product or service they use. The idea is to foster re-use and portability of user data to competitive services. 

In the Council, the Czech Presidency is moving ahead with the negotiations among Member States in the Council. They have brought forward a proposal to extend Article 35, which would limit the SGDR even further. Should the text be accepted the database right would never apply to machine generated data. We welcome this proposed change and hope the Council majority opts for it. We also encourage MEPs to pick up the idea.

Any hope for free(r) IoT data?

Chapter II of the Data Act delineates IoT data sharing provisions that allow users to access and port data generated by their device. In principle, more data sharing is to be welcomed and can foster competition and fairness, but the current draft, seemingly inadvertently, enshrines the position of the factual data holders, often the device manufacturers. The argumentation is reminiscent of the copyright debate: the provisions stipulate only minimal data sharing “to avoid undermining the investment incentives for the type of product from which the data are obtained” (Recital 28). The Data Act remains silent on whether those incentives are at risk in practice and how they are balanced with the benefits of wider data sharing obligations, thereby putting the data holders’ perspective front and centre. While some data will have to be shared (at the individual user’s request, with compensation from the third party that receives the data), the proposal makes sure not to step too much on the toes of those who have until now appropriated the value of data. The current technical-factual data holders are turned into factual data owners with IP-like claims on data, even though there is wide agreement that data ownership does not maximise welfare.

In particular, the exemptions to the data sharing obligations reveal that the Data Act implicitly assumes that the interests of the current data holders outweigh those of other stakeholders. For example, Article 4(4) stipulates that users may not use the data to produce a competing product (Article 6(2e) does the same for third parties that are granted access on behalf of the user). These provisions only make sense if the data holders’ interest in preventing competitors from gaining access to data generated by their devices take priority over the interest of the users in a more competitive market offering also for the devices. Either the Commission has undertaken an in-depth analysis of these interests and how they need to be balanced without publishing or explaining it or,more likely, it has just taken the status quo as a starting point without considering more radical, but potentially more welfare-increasing interventions.

Can amendments fix this?

It will be really difficult for amendments to turn the current proposal into a law that does not cement the current data holders’ strong position in the data value chain. The current reports do not suggest any appetite for fundamental changes or, if anything, they include more exemptions to the data sharing obligations, e.g. for products under development or SMEs. Less exemptions would help (such as that for the development of competing products), but will not take the Data Act very far. Bolder changes could include access rights for co-generators of data that are further up the value chain (e.g. sensor manufacturers producing for the car industry) and general access rights to aggregate data (making individual user consent obsolete) that could be used by anyone, including competitors.

In IoT data sharing, the Data Act could have much more impact if it started from the assumption that data access should be granted UNLESS there are tangible, welfare-enhancing reasons not to do so. There could indeed be cases where the benefits of investment incentives of exclusive data exceed those of data sharing. Instead, the Commission follows the opposite approach that data remains exclusively with the data holder UNLESS there are tangible, welfare-enhancing reasons to grant access. In theory, one should end up roughly in the same spot. In practice, however, we know that there is a lot of grey on the spectrum and much more data will remain a private resource as a consequence of the approach taken.

The Data Act also in the current form will require significant changes to how IoT device manufacturers design their products and processes relating to data access and processing. Compliance costs will be high, so we better make sure they are worth the effort. With the current, hesitant push for data sharing, an opportunity for a much more open IoT data economy is likely to be lost.