February 15, 2017

February 14, 2017

Subscribe to Latest Legal News and Analysis

February 13, 2017

Subscribe to Latest Legal News and Analysis

European Commission Unveils Data Economy Package: “Building a European Data Economy”

On January 10, 2017, the European Commission unveiled the “last major Digital Single Market initiatives” addressing Europe’s digital future.  These initiatives comprise the following:

  • A proposal for a Regulation on Privacy and Electronic Communications (E-Privacy Regulation) (see our post here);

  • A Communication on “Building a European Data Economy”; and

  • A Communication on exchanging and protecting personal data in a globalized world (see our post here).

(There is also a proposal for a Regulation on data protection rules applying to European institutions which InsidePrivacy is not reporting on.)

This post summarizes the Commission’s Communication on “Building a European Data Economy” (formerly referred to as the “Free Flow of Data Initiative”).

Background

The Data Protection Directive, and soon the GDPR, provides the foundation for the free flow of personal data throughout the EU.  However, Member States have imposed data localization restrictions for various reasons (e.g., in relation to patient health records, for auditing or law enforcement requirements).  In addition, the GDPR and Data Protection Directive only provide for the free flow of data within the EU in relation to personal data, not non-personal data.

The Communication sets out to address these data localization requirements and transfer barriers.  In addition, the Commission uses the document to address “emerging issues” that the Commission believes could lead to problems in the growing European “data economy” (a loose term that refers to the growing network of industrial data, machine-generated data related to the Internet of Things, and data pools generated by and for autonomous machinery, self-driving cars, and machine learning tools).”

Proposals

Free Flow of Data

Despite original intentions, the Commission avoided proposing legislation prohibiting data localization restrictions in the Communication.  Instead, it proposes engaging in “structured dialogues with the Member States and other stakeholders on the justifications for and proportionality of data location measures.”  Based on the results of the dialogues, the Commission may then “launch infringement proceedings to address unjustified or disproportionate data location measures.”

Emerging Issues in the Data Economy

In addition to the proposal to consult on data localization requirements, the Commission also floats proposals to address what it sees as “emerging issues” relating to the interdependent “data economy” (e.g., of machine-generated data, the Internet of Things (IoT), and machine-learning algorithms).  Proposals discussed include:

  • New ways to encourage exchange and transfer of data within the growing European data economy. This includes a variety of plans, including the potential institution of  default contract rules; extending the scope of the Unfair Contract Terms Directive requirements to B2B contracts (section 3.4 of the Communication); new incentives for businesses to share data; and new rules to permit access by public authorities for public interest and scientific purposes.

  • Mechanisms to apportion or clarify liability for emerging technologies such as the IoT and autonomous connected systems. The Commission’s concern is that existing EU law (e.g., the Product Liability Directive) will be evaluated in the context of IoT and autonomous connected systems (section 4.1 of the Communication).  The Communication considers assigning liability to the “market players generating a major risk for others or to those market players which are best placed to minimise or avoid the realisation of such risk.”  The Communication also suggests coupling such an approach with a voluntary or mandatory insurance scheme that could compensate injured parties.

  • Helping prevent customer “lock-in” to data economy products or systems (because customers may struggle to exchange, trade, or withdraw useful data from such products/systems). Suggested ways of addressing this include measures relating to the portability of non-personal data; the interoperability of services to allow data exchange; and technical standards for implementing portability.

Consultation

Also on January 10, 2017, the Commission launched a public consultation on the Communication.  The consultation is available online and will finish on April 26, 2017.

© 2017 Covington & Burling LLP

TRENDING LEGAL ANALYSIS


About this Author

Daniel Cooper, Information Technology, Attorney, Covington Burling, law firm
Partner

Daniel Cooper advises clients on information technology regulatory issues, particularly data protection, e-commerce and data security matters. 

Mr. Cooper has successfully represented clients in the pharmaceutical research, biotech, sports and financial services sectors, among others, before national data protection regulators and EU-level authorities, including European Union and Council of Europe institutions.  According to the latest edition of Chambers UK (2014), clients note that he "is extremely knowledgeable and provides practical and comprehensive advice."  The guide...

+442070672020
Legal, Business,  Ezra Steinhardt, Technology and Media Group Attorney, Covington
Associate

Ezra Steinhardt is an associate in the technology and media group in the London office.  His practice encompasses data privacy, information technology, international trade, and legislative advocacy.

Mr. Steinhardt advises leading internet, technology and pharmaceutical companies and trade consortia on a diverse range of regulatory compliance and law reform issues.  This includes policy advocacy and strategic advice on data protection and data security, consumer protection, interception of communications, copyright, and other internet-related issues. 

44 (0) 20 7067 2381
Joseph Jones, Covington Law Firm, Technology and Media Attorney
Associate

Joe Jones is an associate in the technology and media practice group, having joined the firm as a trainee solicitor in 2014.

Mr. Jones advises emerging and leading companies on data protection and intellectual property issues, including cybersecurity, copyright, trademarks, and e-commerce. He has experience advising companies in the technology, pharmaceutical, and media sectors. His practice encompasses regulatory compliance and advisory work. He regularly provides strategic advice to global companies on complying with data protection laws in...

207-067- 2193