Why is the Commission acting on data?
Digital data-based products and services can transform fields including environment, agriculture and food security, climate, and resource efficiency to energy, intelligent transport systems, and smart cities. Data analysis improves processes and decisions, innovation and the prediction of future events. For example, businesses building their decision-making process on facts coming from data can improve productivity by up to 6% (study).
- The EU data market (where digital data is exchanged as products or services derived from raw data) was worth €54.5 billion in 2015 (7% growth a year), and would be up to €84 billion by 2020.
- The EU data economy (which measures the overall impacts of the data market on the economy as a whole) employed 6 million people in 2015 and could employ 7.4 million people by 2020 in the EU. In 2015, its value was estimated to €272 billion. If the right policy and legal conditions are put in place, the data economy could represent 3.17% of EU GDP (€643 billion) by 2020 (source: European Data Market study).
What is the problem?
The EU lacks a digital single market for data. This results from a combination of barriers to the free movement of data within the EU and many legal uncertainties regarding data. As a result, Europe is missing out economic, social and business opportunities. The EU needs to make sure that data flows across borders and across sectors, and that it can be accessed and re-used in an optimal way. A coordinated European approach is essential for the development of the data economy as part of the Digital Single Market.
What is the Commission doing?
The Commission is exploring potential obstacles to the free movement of data and looking into issues raised by new technologies like the Internet of Things and autonomous products. The Communication released today looks at national rules and regulations that impede the free flow of data and presents options to remove unjustified or disproportionate data location restrictions. The Commission also outlines legal issues regarding access to and transfer of data, data portability and liability of non-personal, machine-generated digital data. The Commission is launching two public consultations and a dialogue with Member States and other stakeholders on these topics. These will gather further evidence to help identify future policy or legislative measures that will help build the European data economy.
What types of data are concerned?
The data economy combines a mixture of public and private sector data, personal and non-personal data. For example, machine-generated data can be personal and non-personal. Where machine-generated data allows the identification of a natural person, it qualifies as personal data with the consequence that all the rules on personal data apply until such data has been fully anonymised (e.g. location data of a satellite navigation system).
The General Data Protection Regulation (GDPR) fully regulates the processing of personal data within the EU, including machine-generated or industrial data that identifies or makes identifiable a natural person. It covers the collection, use of, access to and portability of personal data, as well as the possibilities to transmit or to transfer personal data. It is the foundation for the free flow of data in the EU. However, the GDPR does not cover non-personal data
What has the Commission done so far to support the European Data Economy?
In its 2012 Communication"Safeguarding Privacy in a Connected World - A European Data Protection Framework for the 21st Century", the Commission laid down the basis for trust and data protection in the European data economy. The Commission also recognised that modern, coherent rules across the EU are needed for data to flow freely from one Member State to another.
In 2014, the European Commission proposed measures to accelerate the transition towards a data-driven economy, in particular to develop an EU-wide data ecosystem and promote data-driven innovation. The Commission is investing €534 million through its research and innovation programme Horizon 2020 in the Big Data Value Public-Private Partnership. The Commission has teamed up with European industry (large players and SMEs), researchers and academia to cooperate on data-related research and innovation. It has set up an open data incubator helping SMEs and startups to create commercial added value from open data. It also supports the European Data Science Academy to bridge the skills gap by designing curricula for data science training and data science education.
- Free flow of data
Why is the free flow of data necessary?
The free movement of services, freedom of establishment and free movement of personal data are important principles of our data economy. Providers and users of data-driven services and products (such as Internet of Things, Big Data, cloud computing) benefit from free flow of data across borders.
Removing existing data localisation measures will drive down the costs of data services, while expanding their use and choice. This could boost GDP by up to €8 billion per year and create €7.2 billion in additional benefits for cloud users between 2015 and 2020.
What are the main obstacles?
The Commission has identified numerous restrictions to data location for data storage and/or data processing through studies (SMART 2015/0016 and SMART 2015/0054), stakeholder discussions and in several public consultations (including the 2015 Public Consultation on Online Platforms). Data localisation requirements that either directly or indirectly restrict the free flow of data take different forms and exist in various sectors, such as in the public sector. For example:
- Supervisory authorities obliging financial service providers to store their data locally
- Professional secrecy rules (e.g. in the health sector) implying local data storage or processing
- Sweeping regulations requiring the local storage of archived information generated by the public sector, whatever its sensitivity
Data localisation requirements may be justified and proportionate in particular contexts (e.g. public security). Unfortunately, the trend, both globally and in Europe, is towards more unjustified data localisation, an approach often based on the misconception that localised services are automatically safer than cross-border services. This can prevent data-driven services, in particular startups and SMEs, from scaling-up their activities (e.g. by having to invest in data centres in 28 Member States). These barriers should be avoided in a Digital Single Market. The Commission wants to get more detailed insights into the extent, nature and impacts of data localisation restrictions, before deciding on possible policy and legal actions.
What does the Commission plan to do?
On the basis of evidence gathered so far, and in consultations launched today, the Commission will explore regulatory and enforcement measures that support a free flow of data within the EU. The Commission will consider legal initiatives, as necessary, complementing the current and future EU personal data protection framework to address requirements imposed by Member States which restrict the free flow of data.
- Data access and transfer
What is the issue with access to and transfer of data?
Ever-increasing amounts of data are generated by machines, sensors or processes based on emerging technologies, such as the Internet of Things, industrial processes and autonomous, connected systems. EU legislation is currently ill-equipped to deal with new ways of generating, collecting, acquiring, processing and using non-personal data related to these fields. The Commission wants to explore these issues further in both public consultations launched today, and through the accompanying dialogue with stakeholders.
How does the Commission propose to improve data access and transfer?
The Commission will consult on whether and to what extent non-personal, digital machine-generated data can and should be shared and exchanged. Sector-specific discussions will also explore the nature and magnitude of any barriers to accessing such data.
The Commission wants to hear views on a range of policy options including guidance on how to incentivise businesses to share data, development of technical means (such as Application Programming Interfaces), contractual solutions or access against remuneration.
The Commission has no pre-determined view on the most appropriate way forward. Any action would take full account of contractual freedom and avoid side-effects that could stifle innovation or hinder competition.
- Liability in data-based products and services
What is the problem?
In the Internet of Things, or for autonomous products and services, several suppliers or market players often provide interdependent hardware; the software; the software maintenance; the digital infrastructure or the processing and use of data. This makes it very difficult to identify who is liable. For example, in the case of a fire, your smart home security system is supposed to contact fire services, warn you of the fire at home and, unlock doors and switch on electric lights so that people inside can escape safely. Given that such complex environments involve a mixture of products and services, who is liable if the lights do not go on? The sensor providers? The data service? Or the company certifying the safety of the product? These issues may result in legal uncertainty affecting the development and uptake of data-driven products and services. It is also unclear whether liability rules should be modelled around existing rules on liability for defective products in general or other options should be considered.
What does the Commission propose?
The Commission wants to enhance legal certainty around liability to increase investment and innovation in the area of the Internet of Things and autonomous systems. The Commission will consult stakeholders on the adequacy of current product and service liability rules and on how to overcome difficulties in assigning this liability. The debate will explore approaches, including risk-generating and risk-management. This liability approaches could also be completed by voluntary or mandatory insurance schemes that would compensate parties who suffer the damage. A parallel public consultation on the overall evaluation of the application of the Product Liability Directive is also being conducted. The Commission will assess the results and consider options for future action.
- Data portability, interoperability and standards
What is the current situation?
The General Data Protection Regulation establishes the right to portability of personal data. For non-personal data, portability is offered by service providers only when contracts stipulate so. There is no legal obligation to do so. This means that a business has to negotiate data portability rights on a case-by-case basis, and consumers generally depend on specific offers. Common technical standards and data interoperability can enable data portability in specific sectors, but they are not sufficiently used.
Why is data portability needed?
When services offer the possibility of data portability, businesses and consumers implicitly face lower costs when they wish to change service provider. Data portability could stimulate competition among service providers, especially in cloud services. However, the Commission wants to clarify how portability of non-personal data could impact all sides of the market.
What does the Commission propose to do?
The Commission is launching a public consultation to understand the economic and legal implications of data portability, and where this could unlock opportunities. Options to encourage data portability include: recommended contract terms to facilitate switching of service providers, sector-specific standards enabling portability of data, or extending data portability rights to non-personal data. The Commission has also launched a study to gather evidence on the importance of data and application portability when businesses or individual users wish to switch cloud service providers.
- Experimentation and testing
How will the Commission test this in real-life?
Experimentation is an important part of the exploration of emerging issues in the data economy. Some projects on cooperative, connected and automated mobility (CAD) are already underway in some Member States, allowing vehicles to connect with each other and with roadside infrastructure such as traffic lights and road signs. Building on this, the Commission intends to work with a group of interested Member States to create a legal testing framework for conducting experiments on the basis of harmonized rules on access to and use of data and liability. The tests, which will use cross-border corridors for connected and autonomous vehicles, will serve to examine the digital aspects of CAD technologies, such as the use of 5G, liability issues, spectrum deployment, the use of the Internet of Things. They will also help to establish how these elements interact. The tests will be deployed first on advanced cellular and eventually on 5G technology, in co-existence with already available Wi-Fi based technology.
What are the next steps?
The Commission is launching a wide dialogue with Member States and other stakeholders. This includes two public consultations: one on the free flow and data, on acces to and transfer of data, on portability, and on liability in the context of the Internet of Things and robotics, and a second one evaluating the application of the Defective Product Liability Directive. This broad dialogue will help the Commission develop most appropriate actions to reap the full potential of the European data economy.