Where the data that is being gathered and processed is not personal in nature, there is a lighter regulatory burden. In those circumstances, data ownership or licence rights will be of particular importance and the focus will be on the quality of the data that is available. On the basis that businesses are not generally obliged to share their data, particularly if it has commercial value, any proposed disclosure and use of third party data will need to be agreed and documented in some form of written agreement, the creation of which is likely to take time and resources.
There are only limited exceptions to the above constraints and generally those are linked to a legislator's requirement to evaluate the competitive environment in a particular area such as the automotive sector. In general, competition law may apply where the sharing of data is regulated by agreements, decisions or coordinated activities that violate competition law requirements, avoiding, limiting or distorting the competition in their purpose or effect. This may be the case where businesses share data on terms that preclude competition, are unfair or make market entry inefficient for third parties. It means that when describing the conditions on which data is made available, businesses are well advised to make sure that restrictions laid down by competition law do not apply.
What the future holds in the EU
The current framework for data is fragmented and lacks legal certainty, which creates additional barriers to digital transformation in the supply chain. Against this background, it is not a surprise that the management of data is at the heart of EU policy for the digital economy. In its European strategy for data, the European Commission outlined plans to propose a new Data Act in 2021.
Among other things, the new Act is intended to support data sharing between businesses, targeting in particular issues relating to rights of use in jointly generated information, including IoT data generated in an industrial environment. Part of the Commission's agenda is to try to remove any unreasonable barriers to data sharing and clarify the rules governing the responsible use of data so that associated liabilities can be identified and apportioned. In addition, the Commission intends to adopt a framework for management of intellectual property rights which should further improve data access and use, possibly by revising the existing Database Directive and clarifying how the Trade Secrets Directive applies.
As regards the governance of data sharing, the stated approach of the Commission is to facilitate voluntary data sharing instead of imposing compulsory data sharing obligations. The Commission is only planning to make data access mandatory where absolutely necessary, and in that context is exploring a form of data licensing on so-called FRAND terms – terms that are deemed fair, reasonable and non-discriminatory. As such, the future depends on the approach taken by the businesses that are involved in data sharing and whether they can find a way of working collaboratively through common policies and standards underpinned by suitably expanded contractual arrangements.
Further clues as to the latest Commission thinking on how it will balance the sensitivities associated with data sharing between businesses may be gleaned from the Commission's forthcoming review of data sharing mechanisms in the automotive industry.
In the near future, additional regulations are expected to be introduced which could impact smart supply chains generally or across specific sectors and industries. By way of example:
- new vehicle type approval regulations imposing additional data sharing obligations on automotive OEMs will apply from September 2020;
- the European Electronic Communications Code reforming the EU telecommunications framework will be implemented by EU countries before the end of the year, with new rules coming into force in 2021; and
- whilst the scope of the long-awaited e-Privacy Regulation is still not yet clear, the possibility of extensive regulation of machine-to-machine communications raises material concerns, even though the new Regulation is not expected to be applicable before 2024-2025.
Businesses should monitor these developments as they have potential to shape their planned use of data in the years to come. Those with robust systems of data governance in place will be best placed to adapt to the evolving landscape.