How to fix the European Union’s proposed Data Act
The proposed EU Data Act on industrial and non-personal data should be simpler and clearer, or the benefits could be limited.
The draft European Union Data Act, proposed by the European Commission in February 2022, aims to fill a big gap in data regulation. It is intended to tackle a situation in which manufacturers design machines to give themselves exclusive access to the data those machines generate. Manufacturers can then leverage this data monopoly to sell exclusive data-driven services to machine users. Businesses that want to access the industrial and commercial data their activities generate, or persons who want to access non-personal data that is relevant to their activities, cannot access the data and use it for other purposes or obtain competing data-based services. This distorts competition in markets for data-driven services related to machine usage.
For example, a farmer might want to access farm data collected by his tractor and share it with other machines used alongside the tractor, or with agronomical service providers. This could enable him to get better farming advice or fine-tune the use of seeding and spraying machines. But currently, farm machine manufacturers can prevent access to and transfer of the data, and force farmers to use their own related agronomic services.
Monopolistic data control by product manufacturers thus boils down to de-facto ownership of data. But allowing such exclusive ownership rights to one party denies the claims of other data co-generators and is economically inefficient because data is non-rival: it could be used for productive purposes by several parties simultaneously. The Data Act’s focus on access rights is a welcome and decisive step away from exclusive data-ownership. The Act, if approved by the European Parliament and Council of the EU, would complement other data laws, including the EU general data protection regulation (GDPR), which grants individuals access to their personal data but says nothing on businesses’ access to their industrial machine data.
Fuzzy definitions of ‘products’ and data
Unfortunately, the Data Act proposal limits access rights to ‘product’ data, or data generated by tangible physical devices. The distinction between ‘product’ and ‘non-product’ data is not clear. Smartphones and laptops, for example, are clearly tangible products. But the Data Act would not apply to them. This creates confusion, especially because smartphone apps and laptops are often used to operate industrial and consumer devices. The Data Act in effect creates two categories of tangible product – within the scope of the act or not – without any meaningful justification.
The focus on tangible products results from earlier Commission proposals to introduce an ownership right to ‘machine’ data. The authors of the draft Data Act may have wanted to maintain a distinction between ‘machines’ and other computing devices, resulting in a dividing line that is rather arbitrary and unnecessary. Other EU data laws, including the Digital Markets Act (2020) and the proposed European Health Data Space (2022), grant data access rights irrespective of any link with tangible products. The Data Act takes a step backwards in this respect.
The Data Act is ambiguous about the data that should be portable. In some instances, it refers to “raw data introduced by the user”; in other instances, it mentions “data generated by the use of a product”, or even “all data available to the manufacturer”. The Data Act has inherited the artificial distinction between user input data that supposedly belongs to the user present under the GDPR, and processed output data that is assumed to belong to the manufacturer. In fact, data is co-generated by the two parties. Output data would not exist without an input, and input would not be delivered without the expectation of an output. Moreover, all digital data is processed, from the moment it is picked up by a sensor and converted into a digital signal. This ambiguity in terms of what data is in scope would create uncertainty in the implementation of the Data Act. It could also lead to incoherence with other EU data regulations that do not make these distinctions. For example, the recently proposed European Health Data Space (2022) does not make a distinction between raw input and processed output data.
Anti-competitive provisions in the Data Act
More importantly, the Data Act contains three main anti-competitive restrictions on data access that defeat the purpose of the pro-competitive measure.
Charging a price for data transfers
First, the Data Act would grant manufacturers the right to charge a price for data transfers to third parties – similar to paying a license fee. Data pricing should be fair, reasonable and non-discriminatory (FRAND). FRAND conditions were first applied in essential patent pricing, where the legal interpretation of FRAND has already generated considerable controversy. Pricing will enable manufacturers to squeeze the profit margins of third-party service providers, who will be forced to pass on at least part of this cost to their customers. Such pricing would mean the data-based services provided by device manufacturers would have an advantage over those of third parties.
The Commission argues that charging a price for data transfers to third parties (other than the device user) will be an incentive for device manufacturers to invest in data collection and processing. But revenue from data sales to third parties will in most cases be marginal compared to revenue from sales of devices and related services to device users. Moreover, device users already pay for the data when they buy a device or a related service. Making data transfers to third parties free would avoid double payment for the same data and would not discourage investment in data collection.
A general prohibition on the use of data for competition purposes
Second, the Data Act contains a general prohibition on the use of data to compete with the product and related services offered by the device manufacturer. Data holders should not use data to affect the commercial positions of users or third parties. These provisions reduce competition and innovation in data-driven services and product markets. They seem to suggest that maintaining the private welfare of product manufacturers, data holders, users and third parties is preferable to innovation. Non-use of information seems to be preferable to efficiency and welfare-enhancing use.
Data transfers to very large ‘gatekeeper’ platforms
Third, the Data Act would prohibit transfers of device data to very large platforms that hold a monopolistic market position and are likely to be designated as ‘gatekeepers’ – or almost unavoidable platforms – under the EU Digital Markets Act (DMA). This will likely include core services such as operating systems and app stores operated by Google, Apple, Amazon or Microsoft. The prohibition would stop users from transferring data to apps in the most popular smartphones, computers and app ecosystems. It would create data portability bottlenecks that would reduce user choice. There is no need for this restriction because the DMA already contains data-sharing obligation that force gatekeepers to make this data available to users.
The rapidly growing market for smart home appliances illustrates this problem. Google and Amazon have developed strong market positions with their standardised operating systems that connect seamlessly with many smart home devices from a wide range of smaller producers. That gives these small producers access to a wide market. It also benefits users who can integrate a wide variety of brands and models of smart fridges, heating systems or security devices into their Google or Amazon-operated devices. The Data Act’s prohibition on porting data to gatekeeper platforms would prevent that. Consequently, consumers will face a very fragmented market with many hurdles to integrate devices from different manufacturers into a single home network. Producers of smart home devices will have to develop their own home systems, without the leverage of network effects that larger platforms can generate.
Producer rights
In addition to its anti-competitive provisions, there are gaps in the Data Act architecture that should be filled to make it more effective. It is silent on the rights of product manufacturers to access and use data. It assumes that producers already have access to product and (related) services data. This is not necessarily true. Producers may sell parts and components to other producers who assemble them into a new product or service. Parts producers do not necessarily have access to the data generated by their use inside other products. The big advantage producers have over users is access to the combined dataset across all the products and services they sell to users. Aggregating all this data may generate valuable insights that can be leveraged for innovation purposes. Without access to the data, producers may not be in a position to realise these benefits.
This data-driven innovation bottleneck can be overcome by giving data access rights to producers as well as users. Producers and users should both have the right to use product and service data as they wish, subject only to restrictions imposed by pre-existing rights for the other party – such as GDPR rights for people’s personal data, or intellectual property rights and trade secrets for businesses (as users or as producers of devices). In a business-to-business setting, this would level the playing field between both parties.
Furthermore, the interpretation of trade secrets in a data-economy context is subject to considerable uncertainty and would therefore need further clarification of the protection offered to business data. Defining the appropriate scope of trade secrets in business-to-business data sharing can have a substantial impact on the pace of data-driven innovation. This requires further research.
Overall, the interpretation and implementation of the Data Act would be greatly simplified if fuzzy definitions and the anti-competitive third-party pricing rule were replaced by a single and simplified data-access rule: all users of data-generating devices and services should be granted free-of-charge real-time data access and portability rights to any destination they want, for all data generated by usage of a device or a service, irrespective of the type of device. Other anti-competitive prohibitions and restrictions on data transfers to very large DMA gatekeeper platforms should be dropped. To stimulate innovation, data access and portability rights for users could also be complemented with similar rights for product manufacturers.