Major industry players, from tech companies to carmakers, are preparing to push back against the European Commission’s proposal for the new data law, according to a draft letter seen by EURACTIV.
The draft letter was circulated among trade associations on Thursday (3 February), following the release of the draft Data Act leaked by EURACTIV on Wednesday.
Its content included data sharing obligations, further safeguards to data transfers and regulation of access by public bodies, which did not go down well with the private actors who will be subject to the new rules.
The letter is addressed to Internal Market Commissioner Thierry Breton and the Commission’s executive vice-president, Margrethe Vestager, and dated 17 February – indicating it would be sent one week before the official publication of the proposal.
Two sources familiar with the matter told EURACTIV that the drivers of the initiative are the trade associations Computer & Communications Industry Association and Allied for Startups.
“We hope that the Data Act will create harmonised rules that will preserve economic incentives for all market operators, most of which already share or are looking to share their data and access third party data,” the letter said.
Leading tech trade associations, alongside organisations representing the automotive industry, appear to be involved in discussions around the signing of the letter. One source told EURACTIV that the draft proposal was seen in a negative light by many technology companies – therefore, they expect the list of signatories to be extensive.
For the industry representatives, “incentives, rather than obligations, would encourage companies to further share and access data responsibly.” They added that the legislation should build on existing best practices to create a governance framework for companies to share data at the conditions of their choosing.
The trade association argued that the Commission should encourage the development of practical tools to make non-personal data available and accessible in compliance with the relevant EU legislation on data protection, security, intellectual property, and trade secrets.
“Conversely, new constraints instructing when and how companies should share or re-use data from other businesses or individuals risk stifling market trends towards data sharing and data-driven innovation,” the letter continued.
The stakeholders were concerned that the Data Act might prevent “unilateral contractual terms” even if they are indispensable for entering or competing in a particular market, noting such situations might already be covered in the current competition rules.
Consistency with overlapping legislation, notably with the General Data Protection Regulation (GDPR), the EU’s privacy law, was underlined together with the need to make the data sharing rules “pragmatic, grounded on what is technically feasible and economically viable”.
The letter also warned against adopting “unilateral restrictions” to the international flow of non-personal data, as the draft proposal includes safeguards for data transfers to third countries.
For the industry players, these measures could “reduce cloud competition in the EU and fundamentally disrupt how businesses currently work with their subsidiaries, partners, suppliers and vendors, and undermine businesses’ efforts to scale up outside Europe.”
Alternatively, the letter proposed, the EU executive should work with like-minded partners to address “legitimate concerns about government data access.”
According to the draft regulation, private companies might have to open up their data at the request of public bodies in exceptional circumstances such as public emergencies. Private companies are pushing for voluntary partnerships instead of mandatory rules for business-to-government data-sharing.
The industry representatives noted that voluntary agreements are already happening, pointing to existing collaborations in the context of urban planning or health emergencies.
The letter hinted at potential security implications as “last year alone, public administrations and governments suffered from more security incidents than ever before.”
“Should the Commission consider introducing new rules for mandatory data access, the Data Act should set out clear and comprehensive conditions under which public sector bodies can request access to data held and controlled by businesses, starting with narrow and well-defined “public interests”, the letter added.
[Edited by Nathalie Weatherald]