On 10 January 2017, the European Commission (the "Commission") adopted the "Building the European Data Economy" package, consisting of a Communication and a Staff Working Document. The Commission seeks to develop an efficient and competitive single market for data services. In order to identify the main legal, economic and regulatory challenges, the Commission launched a public consultation which will collect information regarding (i) the localisation of data for storage and/or processing purposes; (ii) access to and re-use of non-personal data; (iii) liability; and (iv) miscellaneous matters such as portability of non-personal data, interoperability and standards. The Communication, which respondents are encouraged to read before participating in the consultation, provides useful insight in these topics.

Free flow of data

First, the Commission emphasises that, by reforming the ePrivacy Directive and by adopting the General Data Protection Regulation (the "GDPR") which will come into force in May 2018, European authorities built a strong regulatory framework for the protection of personal data that should contribute to creating the trust that will allow the digital economy to flourish. Nonetheless, the Commission recognises that privacy concerns, while legitimate, should not be used to restrict the free flow of data in an unjustified way. Therefore, the Commission maintains that Member States should be guided by a "principle of free movement of data within the EU" for actions affecting data storage or processing. Member States should thus carefully justify any current or new data location restriction. The Commission will continue the dialogue with Member States and the stakeholders on possible justifications for and the proportionality of data location measures. It also puts forward a potential prioritisation of infringement proceedings addressing unjustified or disproportionate data location measures.

Machine-generated data

Second, the Commission explains that ever-increasing amounts of data, including non-personal data, are now generated by machines or processes based on emerging technologies, such as smart sensors and mobile applications. Such data can be personal or non-personal in nature. When machine-generated data allow the identification of a natural person and therefore qualify as personal data, all rules governing personal data will apply. Conversely, non-personal raw machine-generated data are not governed by any rules. For example, they are not protected by any existing intellectual property right since they are not deemed to be the result of an intellectual effort and do not have any degree of originality. Only the Database Directive 96/9/EC provides a sui generis right for makers of databases to prevent the extraction and/or reutilisation of their content, in whole or in substantial part. Nonetheless, this type of protection only applies if the creation of the database involves substantial investment in obtaining, verifying or presenting its content. At the same time, access to large and diverse datasets has become key for market players, especially in the health, energy and smart-living sectors. However, overall, the exchange of machine-generated data remains a challenge as data market places are still rare. Consequently, the Commission intends to improve access to machine-generated data and facilitate and incentivise the sharing of such data. At the same time, the legitimate interests of market players should be protected and disclosure of confidential data avoided.

Third, the Commission plans to tackle the rules governing liability in the data economy, including the rules applying to services and products based on emerging technologies such as self-driving vehicles. This is because the nature of such systems makes it increasingly challenging to establish the exact cause or source of a problem that gives rise to injury. The Commission wishes to enhance legal certainty for both users and manufacturers of such devices, thereby also creating more favourable conditions for innovation. To this end, the Commission proposes two possible ways forward. A first solution would involve a "risk-generating approach", which assigns liability to market players generating a major risk or to market players best placed to minimise or avoid the realisation of such a risk. Alternatively, the Commission also puts forward an insurance scheme for compensating victims while providing legal protection to investments. Importantly, the Commission is also conducting a parallel public consultation on the evaluation of the application of the Product Liability Directive.

Miscellaneous

Finally, the Commission discusses the portability of non-personal data, the interoperability of services allowing data exchange and appropriate standards for implementing meaningful portability. Contemplated ways forward include developing further rights to data portability, building on the GDPR framework and developing recommended contract terms in order to facilitate a switching of service providers.

Public consultation

The public consultation targets a wide range of stakeholders, including manufacturers, operators and users of online platforms, public authorities, NGOs, research organisations and consumers. All economic sectors are potentially concerned, especially the manufacturing, energy, automotive, health, technology and consumer-facing commerce industries. Stakeholders should reply by 26 April 2017.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.