Developers Alliance Feedback To The EU Commission On Data Sharing In The EU – Common European Data Spaces (New Rules)
The free flow of data and strengthening the use and re-use of data in certain sectors have great potential to drive increased economic and societal benefits, but it should be done entirely under a voluntary approach. We reiterate our strong recommendation to base any future framework on the principle of voluntary sharing of data between individuals or businesses, in full respect of contractual freedom. Mandated sharing of data related assets between private actors may pose risks related to privacy and cybersecurity, but also inhibits the commercial incentive to innovate. The legislative initiative should not affect existing rights and obligations, such as IPRs, trade secrets or legitimate commercial interests.
One of the problems that the proposed initiative seeks to address is the “low availability of data for research and innovative uses resulting from transaction costs that hinder data exchanges”, which “may result from the absence of relevant standards”. Standardization is always triggered by market demand and industry needs. The stakeholders will always attempt to find ways to satisfy this demand, by developing and utilizing the necessary tools, including technical standards. Therefore the markets should be left to find, in a natural way, the particular areas where data exchanges are needed and the best interoperability solutions. The IIA doesn’t indicate how the proposed initiatives correlate with the relevant European and international frameworks for standards development.
Legal uncertainty and the burdens related to the implementation of the legal framework for data protection and privacy represent clear obstacles in data access and sharing for large and small companies, but especially for SMEs. In this sense, the IIA rightly identifies “the cost of giving and maintaining permissions on use of data (consent for personal data and permissions for other data)”. It should be noted that it is difficult, sometimes impossible, to separate personal from non-personal data and industrial data.
The problem of making data available in accordance with the GDPR rules on consent can only be solved with clear legal solutions. A forced mandate for “certification or labelling of tools or apps for communicating data and consent” will not necessarily guarantee innovation and definitely will not solve the issues related to the legal uncertainty caused by the evolving GDPR implementation. It is very important to avoid overlaps between any new mechanisms with the current certification framework provided by art. 42 of the GDPR.
The IIA is also proposing support “to be given to the commercial uptake of novel data intermediaries”. The future legal framework should be future-proof. One should let the market decide the best technologies and business models in this area.
The IIA mentions that “when designing the options, conditions to data access from outside the EU will also have to be assessed”. We strongly recommend against any measures that impose data localisation or restrict EU companies from benefiting from global datasets. An obstruction of the data flows will prevent European developers from expanding their businesses at global scale.
The future legislative proposal should be correlated with other initiatives and existing legislation both at the EU and national level. The potential cumulative burden for SMEs should be properly reflected by the impact assessment.
We support the objective to “make more data held by the public sector usable for research and innovative uses”. The IA must consider, however, the difficult problems encountered by the public sector in this area, such as: a low level of digitalisation of administrative processes and certain public archives, the discrepancies between the level of digitalisation of different administrative sectors and between Member States and regions, or limited incentives for data normalisation and interoperability between different public services.