Out-Law Analysis | 15 Oct 2020 | 9:37 am | 6 min. read
There is a risk of distraction and non-compliance with legal obligations where businesses do not manage data effectively.
Supply chains rank amongst the most data-rich of all business environments. Creation of a flexible, responsive, reliable and resilient supply chain is not possible without the necessary volume and quality of associated data. What that data unlocks is the ability to:
In short, the insights gained from effective use of data can help organisations make better business decisions and so create sustainable competitive advantage.
The journey towards a smart supply chain starts with data governance and data enhancement
Ironically, the biggest obstacle in the implementation of a data-driven transformation is data itself. The quality of available data determines the level of value that can be generated from any digitisation project. The volume of the data is of secondary importance and without access to suitably configured tools, the desire to gather and analyse big data sets can create a loss of focus.
Businesses have difficulty in identifying and gathering the right data, finding relevant data sets heavily fragmented and distributed between different systems which are subject to differing levels of control. The challenges associated with the identification and integration of data are compounded in a supply chain context by the myriad of ways in which businesses interface with different suppliers. The inconsistent use of processes, systems and relationship managers produces large degrees of variation, leading to data fragmentation, lack of accuracy, and over-reliance on outdated information.
The journey towards a smart supply chain starts with data governance and data enhancement. Quality data is hard to secure without suitable controls being adopted throughout the supply chain and the procurement lifecycle. Those data governance mechanisms must focus on availability, accessibility, consistency, data integrity and data security, as well as efficient risk management.
The current framework for data is fragmented and lacks legal certainty, which creates additional barriers to digital transformation in the supply chain
Data enhancement goes beyond simply assessing the quality of existing data. The process must begin with the conduct of a thorough gap analysis comparing the data needed against the data available. Identification of current and anticipated gaps in data availability allows a roadmap to be developed showing the way in which a given business should redesign and enhance its arrangements to create and feed a data hub. It is that hub which will in future hold the growing volume of high quality information that will in future drive supply chain efficiencies.
In practical terms, this means that all the required data, drawn from a variety of different sources – such as customer enterprise resource planning (ERP) data, supplier master and supply chain management (SCM) process data, supplier production data, carrier data and 'Internet of Things' (IoT) sensor data – will flow to one single place, where it can be transformed into intelligent data with the help of artificial intelligence (AI), machine learning and advanced analytics.
The law applicable to the digitisation of any supply chain is made up of many different elements. Formal primary and secondary legislation is overlaid with sector-specific regulations, with additional complexities created through the need to take account of national and international variations in approach. The main legal issues will include:
In addition, when processing data that relates to individuals, the need to comply with relevant data protection legislation will be vitally important. Within the EU and a post-Brexit UK, that compliance challenge is centred on the obligations imposed under the General Data Protection Regulation (GDPR), enhanced as necessary by local data protection laws.
More generally, relevant frameworks will involve compliance with privacy principles, which will typically require the identification of the appropriate legal basis for any processing that is being carried out, maintenance of transparency and preservation of the rights of the data subject whilst fulfilling specific technical and organisational requirements. Sector-specific regulatory obligations may also need to be taken into account, an example being the need to accommodate relevant telecommunications law if the smart supply chain system is considered to be an electronic communications network.
The European Commission is only planning to make data access mandatory where absolutely necessary, and in that context is exploring a form of data licensing on so-called FRAND terms – terms that are deemed fair, reasonable and non-discriminatory
Where the data that is being gathered and processed is not personal in nature, there is a lighter regulatory burden. In those circumstances, data ownership or licence rights will be of particular importance and the focus will be on the quality of the data that is available. On the basis that businesses are not generally obliged to share their data, particularly if it has commercial value, any proposed disclosure and use of third party data will need to be agreed and documented in some form of written agreement, the creation of which is likely to take time and resources.
There are only limited exceptions to the above constraints and generally those are linked to a legislator's requirement to evaluate the competitive environment in a particular area such as the automotive sector. In general, competition law may apply where the sharing of data is regulated by agreements, decisions or coordinated activities that violate competition law requirements, avoiding, limiting or distorting the competition in their purpose or effect. This may be the case where businesses share data on terms that preclude competition, are unfair or make market entry inefficient for third parties. It means that when describing the conditions on which data is made available, businesses are well advised to make sure that restrictions laid down by competition law do not apply.
The current framework for data is fragmented and lacks legal certainty, which creates additional barriers to digital transformation in the supply chain. Against this background, it is not a surprise that the management of data is at the heart of EU policy for the digital economy. In its European strategy for data, the European Commission outlined plans to propose a new Data Act in 2021.
Among other things, the new Act is intended to support data sharing between businesses, targeting in particular issues relating to rights of use in jointly generated information, including IoT data generated in an industrial environment. Part of the Commission's agenda is to try to remove any unreasonable barriers to data sharing and clarify the rules governing the responsible use of data so that associated liabilities can be identified and apportioned. In addition, the Commission intends to adopt a framework for management of intellectual property rights which should further improve data access and use, possibly by revising the existing Database Directive and clarifying how the Trade Secrets Directive applies.
As regards the governance of data sharing, the stated approach of the Commission is to facilitate voluntary data sharing instead of imposing compulsory data sharing obligations. The Commission is only planning to make data access mandatory where absolutely necessary, and in that context is exploring a form of data licensing on so-called FRAND terms – terms that are deemed fair, reasonable and non-discriminatory. As such, the future depends on the approach taken by the businesses that are involved in data sharing and whether they can find a way of working collaboratively through common policies and standards underpinned by suitably expanded contractual arrangements.
Further clues as to the latest Commission thinking on how it will balance the sensitivities associated with data sharing between businesses may be gleaned from the Commission's forthcoming review of data sharing mechanisms in the automotive industry.
In the near future, additional regulations are expected to be introduced which could impact smart supply chains generally or across specific sectors and industries. By way of example:
Businesses should monitor these developments as they have potential to shape their planned use of data in the years to come. Those with robust systems of data governance in place will be best placed to adapt to the evolving landscape.