Data Access as the Next Transatlantic Digital Battleground
The long-term consequences of the coronavirus pandemic now sweeping the globe are unknown, but one probable outcome is the accelerated digitalization of societies and economies. The European Commission’s intent to promote “technological sovereignty” as a means to revitalize the EU economy thus bears watching. Steps it may take to compel businesses to grant access to their data in particular could have far-reaching implications, much as the General Data Protection Regulation (GDPR) did.
Climate, Digital Growth, and Technological Sovereignty
The new European Commission under President Ursula von der Leyen has adopted major policy papers outlining its strategy toward climate change, artificial intelligence (AI), the digital transition, and industrial policy. It argues that the EU can best promote its economic competitiveness and technological sovereignty by tackling the “twin transitions” of climate change and digitalization. Indeed, the mission to become carbon neutral by 2050 requires a digital disruption of the way Europeans live and work.
Steps the European Commission may take to compel businesses to grant access to their data in particular could have far-reaching implications.
This emphasis on “technological sovereignty” is driven by a widespread EU fear of the power of U.S. and Chinese digital giants (on the one side Google, Apple, Facebook, Amazon, and Microsoft, and on the other Huawei, Alibaba, Ten Cent, and TikTok), as well as a specific concern about the strength of the transatlantic alliance during the presidency of Donald Trump.
The European Commission insists that promoting technological sovereignty is about building the EU’s capabilities rather than “protecting” itself against U.S. or Chinese competition. Commissioner for Internal Market and Services Thierry Breton, a former minister in France who has a long history in French IT business circles and who now leads the work on digitalization and industrial policy, has repeatedly affirmed this.
Using the Power of the EU Market
Breton and the European Commission know that any business (U.S., Chinese, or other) that wants to access the EU’s $15.5 trillion market (without the United Kingdom) must comply with EU rules. This provides the EU leverage that it has every intention of using, just as with the GDPR. In the European Strategy for Data released in February, the European Commission says “all companies which sell goods or provide services to the data-agile economy in the EU must respect EU legislation and this should not be compromised by jurisdictional claims outside the EU.”
As a concrete example, its February White Paper on AI indicates the European Commission will propose legislation that will require AI/machine-learning programs used in the EU in “high risk” applications (for example, in healthcare, transport, or energy) to be certified as meeting EU standards concerning “fundamental rights, including personal data and privacy protection and non-discrimination” as well as “risks for safety and the effective functioning of the [EU’s] liability regime.” Among other things, the independent companies that certify the programs will need to inspect the robustness, accuracy, and integrity of the data used to train them, and the companies using the programs will need to demonstrate “human oversight” of their application in decision making that has significant consequences.
Data Access as the Key
Data is the key to AI/machine-learning and the entire digital economy. Accordingly, facilitating access to data is key to the European Strategy for Data. In it, the European Commission notes that “a small number of Big Tech firms hold a large part of the world’s data” and stresses that the EU needs to escape this stranglehold. It emphasizes in this connection that data is a “non-rivalrous” resource—companies that hold data lose nothing through sharing it. Indeed, the European Commission often refers to data as a “public good.”
An interest in facilitating access to data is not novel. Commission experts have worked on this concept since 2017, including in the Communication on Building a European Data Economy and the 2018 Guidance on Sharing Private Sector Data in the European Data Economy. But, where the 2014-2019 European Commission, under President Jean-Claude Juncker studied the issue, the von der Leyen one will execute.
Specifically, the European Commission will propose legislation to lay a general legal framework to facilitate broader access to public and privately held data and to permit regulations creating “data spaces” in specific applications. According to the Data Strategy, for the general “cross-sectoral governance framework for data access and use,” the commission says it will “abstain” from “overly detailed ex-ante regulation,” and lean toward an approach that favors experimentation (“regulatory sandboxes”), iteration, and differentiation.
This is good, but the European Commission then goes on to state that it wants the legislative framework to allow it to make decisions about what data can be used in which situations and to set interoperability standards for “common sectoral data spaces, involving both public and private players.” As such, it will explore the need for legislative action that fosters government-to-business, business-to-government, and business-to-business data sharing. While the European Commission clearly prefers voluntary data sharing, “where specific circumstances so dictate, access to data should be made compulsory, (including) where appropriate under fair, transparent, reasonable, proportionate and/or non-discriminatory conditions.”
EU “Data Spaces”
The European Commission has thankfully steered away from social media data as an issue (too much of the discussion in Europe about data focuses on the big social-media companies) and instead cites nine other areas where it seeks to foster data sharing. Specifically, it wants to create common EU “data spaces” in sectors that are deemed to be of strategic value, to enable innovators to draw data from large sectoral data pools. The data spaces that most affect businesses include the following.
Industrial (manufacturing) data space: The European Commission argues EU industrial engineering prowess can be a real source of strength in the digital world if the EU accelerates digitalization in the industrial internet of things. Data sharing from connected devices will be essential, not just for the equipment producer or customer, but also others who can use the data to devise new services.
Green Deal data space: The GreenData4All initiative will update the Infrastructure for Spatial Information in the EU (INSPIRE), and will promote data sharing to ensure compliance with the Green Deal’s standards, encourage circular value chains and build a high-precision model of the Earth to track resource usage, population movements, etc.
Mobility data space: This space aims to harness the vast amount of data generated by vehicles to better program connected cars and public-transportation systems. The European Commission wants to expand the amount of data made available by car manufacturers, but also wants to ensure data about the sky, water bodies, and railways is accessible, interoperable, and available for reuse to facilitate efficient transportation mechanisms.
Health space: This focuses mainly on ongoing efforts to provide EU citizens portable Electronic Health Records (EHR), but will also include a draft of a code of conduct to regulate data processing in the sector as well as infrastructure to facilitate cross-border transfer of health data surrounding prescriptions, genomic data, EHRs, medical images, laboratory results, etc.
Financial data space: This seeks to make financial disclosures more accessible and to complete the implementation of the revised Payment Services Directive.
Agricultural space: This builds on the communication on smart agriculture adopted in 2019. The European Commission will review the existing shared data spaces in this sector and the current code of conduct for data sharing and use.
Obstacles to Data Sharing
The EU has long promoted the sharing of publicly generated data with the private sector as a way to promote innovation. It has worked also to facilitate the sharing of private-sector information with the public sector. But encouraging, or even compelling, businesses to share their data as a “public good” with one another will be far more sensitive. As cars computerized, the EU (like the United States) had to use anti-trust tools to compel auto manufacturers to share on-board engine data with independent repair shops, which compete with the auto companies’ after-service sales. The same manufacturers now argue that the terabytes of data generated through connected driving must be proprietary for cybersecurity reasons.
Deciding what data a company must share with others is bound to be highly contentious.
Stories like this are bound to multiply. For instance, electricity distributors (which often are state-owned) are loath to share data with “over-the-top” digital innovators that have programs to optimize household and commercial property generation and use of electricity, although managing these “distributed energy resources” is critical to the EU’s climate-change goals. While data may be a non-rivalrous resource, deciding what data a company must share with others is bound to be highly contentious.
That said, one of the more interesting aspects of the Data Strategy is that it suggests the application of the GDPR can be reviewed in light of the importance of data to EU competitiveness and climate change goals. Specifically, the European Commission’s communication notes that the GDPR’s “design to enable switching of service providers rather than enabling data reuse in digital ecosystems … has practical limitations.” This is clearly so in the area of greenhouse-gas reduction, where the GDPR’s opt-in requirement prevents smart meters from being used to control unnecessary energy use.
Prepping for a Digital Battle
The European Commission will publish its general proposal on data sharing in the last quarter of 2020 and will follow up with specific regulations for the cited sectors (and possibly more) over the course of the next two years. Commission officials, as well as von der Leyen and Breton, clearly want to draw the line in those sectors in a way that promotes data sharing, including data that many firms might consider proprietary. They argue that the firms that hold data will broadly benefit from this, and that those firms can be compensated, albeit on “fair” terms.
The general proposal will be reviewed, amended and eventually adopted by the member states acting together in the Council of the European Union in conjunction with the European Parliament. But individual sectors, where the real battles will arise, may be addressed through EU implementing and delegated acts, where the European Commission’s power is much greater.
The world will have to live with those decisions. Mandates governing data sharing in the EU are bound to spill over to other jurisdictions. U.S. companies, in particular, are bound to be affected as they are so heavily invested in Europe.
The European Commission may well be right in believing that government-nudged or -required data sharing among businesses promotes global innovation and EU competitiveness and can even help humanity address threats such as the coronavirus. But the approach it takes could also unnecessarily increase transatlantic tensions. To avoid this, the EU and the United States need to talk and ideally together decide where the line between proprietary and public data should be drawn.
The views expressed in GMF publications and commentary are the views of the author alone.