The Center for Data Innovation submitted a response to the public consultation of the European Commission on the European Strategy for Data, which aims to build a single market for data so it can be more competitive in the global data economy. To this end, the European Commission proposes to adopt new legislation on data governance, access, and use; invest in Europe’s data infrastructure; invest in skill development and data literacy, and establish “personal data spaces” to provide users with a set of tools that give them more control over their data; and create common “European data spaces.”
The strategy’s main objective is laudable—the EU should “become a leading role model for a society empowered by data to make better decisions—in business and the public sector.” The strategy rightly emphasizes that “more accessible data” is critical to the creation of new products and services. The Commission acknowledges the role of data in empowering society, and aims to address long-lasting EU handicaps that stand on the way, such as interoperability issues, the fragmentation of the digital single market, and the digital skills gap. In addition, the Commission has indicated that it recognizes the dynamic nature of the data economy and will not pursue heavy-handed regulations.
Unfortunately, the EU data strategy is based on premises and notions that are fundamentally flawed. First, it calls for the creation of “personal data spaces” without providing evidence that consumers want these or providing specifics on how it would work, and while it calls for expanding data portability requirements provided by the GDPR, it fails to account for the cost and feasibility this would entail for companies. These proposals are likely to stumble on the roadblocks laid out by existing EU data protection laws. Second, it asserts that the EU needs cloud providers owned and operated in Europe; it assumes that the dominant U.S. cloud providers are neither secure nor trustworthy and therefore European cloud providers should be given preferences for hosting European data; it is based on the mistaken belief that data is more private and secure when it is stored within a country’s borders; and it pushes for data localization, which is at best a misguided temptation, at worse a counterproductive strategy. Third, it assumes that private sector providers are incapable of creating shared sectoral data spaces themselves. Finally, it concludes that forced data sharing is the right solution, particularly to benefit European SMEs and if it comes at the expense of large foreign companies. But most business-to-business (B2B) data sharing is mutually beneficial.
The EU data strategy’s ambitions merit that the Commission takes another look and updates it where it lacks precision, before proposing legislative rules through the Data Act expected for 2021. The EU should preserve and protect freedom of contract for B2B data sharing as long as it does not present competition concerns. Moreover, the EU data strategy and the future Data Act should balance data sharing with the EU’s privacy rules, while respecting and upholding intellectual property rights, factor in the safety and security risks data sharing can represent for companies, and encourage experiments with data sharing mechanisms such as data trusts. Rather than creating an EU data and cloud system, the EU should harmonize its data governance frameworks and avoid the unnecessary duplication or expansion of rules. The EU should also engage with its partners—including allied countries in areas where it is mutually beneficial to do so, as well as the private sector, and it should invest in strategic technologies where it can still lead. The strategy should work to exclude non-democratic systems and embrace digital free trade with allied, rule-or-law, democratic nations outside of the EU.