Data Act: summary report on public consultation

The European Commission has published a summary report on the public consultation on its plans for a new Data Act. The new Data Act is a key aspect of the European strategy for data and very broadly speaking it aims to facilitate access to and use of data (both on business-to-business and business-to-government levels) and also to review the legal protection of databases - in particular, the extent to which database rights cover machine-generated data and present any impediment to data sharing and reuse in that context.  The main findings of the report are as follows:

The majority of respondents felt that action was required - whether at EU or national level - on business-to-government data sharing for the public interest. Such sharing is presently believed to be impeded by legal uncertainty (due to different legal regimes between Member States) legal barriers including competition law, lack of incentives to share, infrastructure and cost issues, lack of awareness and an absence of safeguards to ensure the data shared will be used only for the public interest purpose.

In relation to business-to-business data sharing:

• Many respondents shared data on a voluntary basis which was used for a variety of purposes, including designing innovative products/services, optimising supply chains, AI training and predictive maintenance. 
• A number of obstacles to data sharing were identified, including technical ones (formats and lack of standards), legal ones (refusal to allow access), lack of a legal basis to provide access, abuses of contractual imbalances and prohibitive cost. 
• Many respondents, and in particular SMEs and micro companies, were in favour of model contract terms to foster data sharing.
• There was significant support for a contractual fairness test to avoid the unilateral imposition of unfair conditions to sharing.
• There was strong support for the use of smart contracts to facilitate access to and use of data in the context of co-generated IoT data and also for data transfers when exercising data portability rights.
• Regarding IoT data arising from professional (rather than personal) use, there was a recognition of some new challenges for market fairness, particularly where information is stored by the manufacturer of IoT objects.
• Regarding the Article 20 GDPR portability right, the majority of respondents felt that decisions about data generated by connected objects should be made by owners/users of those objects rather than the manufacturers of them.
• Many respondents felt that the sui generis database right should be reviewed, particularly in relation to machine-generated data where there was some uncertainty about its application.

The report also considers responses to questions on improving data portability for business users of cloud services.

The consultation responses will help shape the Commission’s proposal for a Data Act. There is, of course, much for the Commission to ponder over not least because of the wide-ranging ambition of this initiative. Trying to create a one-size fits all sectors approach for data sharing and reuse is likely to present significant challenges and so some sector-specific regulation may also be needed. Similarly, a new Data Act would have to work in tandem with the GDPR regime as well as having due regard to intellectual property rights – in that respect, if and when reviewing the Database Directive, the Commission ought to have in mind that any proposed changes to the Database Directive in the context of machine-generated data could have unforeseen consequences in other contexts.