Car manufacturers and other firms that increasingly rely on consumer data to make money could be subject to new EU rules that would force them to share that data with other firms, according to a leaked draft of the plans obtained by euractiv.com.
The plan to upend rules governing how companies can own and share access to customer data has been dogged by delays and squabbles within the European Commission, and was pushed from a November announcement date down to next January.
Companies in a range of industries that have moved to cash in on data will be jarred by the Commission’s bid to change the rules. The executive could wrest control over data away from big firms and make it difficult for them to seal lucrative contract agreements with partnering companies.
Car companies, energy providers and companies that make internet-connected home devices, healthcare services and financial technologies could all be hard hit if the Commission moves to regulate how they access and share large amounts of data, according to the document.
The Commission is wary of allowing manufacturers to “lock in” consumers to deals they cannot opt out of that would give other companies access to their personal data. Car companies that own personal data detailing drivers’ habits could, for example, sell that data to in-car entertainment companies or internet providers that have signed partnerships with the manufacturers.
Consumer groups will likely be happy with that decision. Car companies won’t be. The European Automobile Manufacturers’ Association has argued that car companies should own drivers’ data and be allowed to sell access to it to other firms.
For now, the ideas in the document are not legally binding. But the strategy suggests that the executive is still considering whether or not it will introduce new legislation that would require companies to apply its suggestions on data sharing.
Andrus Ansip, the Commission vice-president in charge of technology policies, told reporters last month that his office is considering proposing a new law about data ownership by next June. After the executive publishes the strategy paper in January, officials in the executive’s technology policy unit will spend several months gathering information to determine whether legislation makes sense.
A new law on data ownership and access would be controversial and could conflict with what some experts have been advising in Brussels. There isn’t enough data on the economic effects that new legislation could have, according to a study the Juncker Commission published last week. The report was commissioned from law firm Osborne Clarke LLP, which recommended that EU policy chiefs hold off on their plans to propose a new law.
As part of the draft plan, the Commission is also considering a proposal to update insurance rules to apply to machines that use huge amounts of data or operate autonomously, like driverless cars.
Firms that take on major risk and benefit from an internet-connected device would be held liable for any problems, while a consumer or anyone who suffers damages would be reimbursed, according to the the strategy.
The executive is also considering legislation to prevent companies from storing data in one EU member state.
As part of a move to get rid of restrictions on where firms keep data in the 28-member state bloc, the executive wants to introduce “enforcement actions” that would stop companies from storing data in one country and preventing it from traveling between different EU states.
The Commission names the “principle of free movement of data within the EU” as a new kind of freedom on a par with the guarantee for the free movement of services, which is already outlined in EU law.
The executive has already faced backlash over its plan to lift those restrictions. Some countries including France and Germany pushed back against suggestions to get rid of so-called data localisation. Many companies store their data in only one EU country as part of a business strategy based on the assumption that privacy-conscious consumers think some EU countries have stronger privacy rules.
“In some countries they think they’ll only be able to keep data protected if they keep them inside those countries,” Ansip told reporters last month.
