In order to increase competitiveness and innovation and ensure sustainable economic growth the EU Data Act “on harmonized rules on fair access to and use of data” aims at fostering “the emergence of liquid, fair and efficient markets for non-personal data” of connected products and services (recital 26). More particularly, the objectives of the Act are to enhance the incentives for data holders to enter voluntarily into data sharing agreements and to remove or lower barriers to data sharing. However, due to concerns about both existing asymmetries between the bargaining positions of the market actors and possibly negative effects of exclusive property rights in data, the legislature introduces a mandatory access regime that directly regulates the interactions of the participants of the Internet of Things. This regulatory regime essentially rests on three principles: First, upon attributing the user a non-waivable right to claim access to those data of connected products and services that are readily available for the data holder, and on extending this claim to third parties acting on the user’s behalf. Second, upon the rule that the data holder and/or a third party may use the product or service data only upon consent by the user and within the limits of this consent; third, upon recognizing the legitimacy of the data holder controlling access to and use of the data by virtue of the mere fact of holding the data. The rules implementing these principles provide for a consensus-based use of the readily available data by the parties concerned, on the one hand, and, on the other, for a delimitation of the business spheres of the parties that essentially favors the data holder. More particularly, the user and third parties may not on the basis of the use data compete with the data holder’s product, and rules on technical protection measures, on confidentiality agreements and on tort liability specifically ensure the data holder’s de facto control over the data.
The result is a rather complex regulatory regime that by relying on multilateral consensus on the use of the data rather than on competition for and with the data, creates both high transaction costs and a high potential for conflicts regarding the sharing and use of data and the distribution of their plus value. The regime places the user in a legally central but essentially inadequate position, preserves the data holder’s dominant role regarding the exploitation of the data, and relegates third parties to a position of outsiders. Given these deficits, the Data Act’s access regime will hardly contribute to the emergence of liquid, fair and efficient markets for non-personal data. It is not these deficits alone, however, that will make the Act miss its objectives. Rather, the fundamental reason is that by not in any way defining the legal status of data, but instead accepting de facto control of data by data holders as the rule of the market the legislature failed to enhance the very thing that renders markets liquid and efficient: the reasonably practical and safe tradability of the subject matter of a market transaction.
External Link (DOI)