The European Data Strategy

Data as an intangible asset is becoming increasingly important for companies. In order to promote access to and thus use of data on the one hand, and to protect consumers in the process on the other hand, the EU has published a number of draft regulations in the area of data protection and artificial intelligence over the past two years as part of the European data strategy.

Regulatory goal

The goal of the proposed legislation is for the EU to be a global leader in data and AI, protecting consumers and users alike from "data giants" from non-EU countries. The EU wants to achieve this ambitious goal by interfering as little as possible with innovation and progress.

Overview of the draft regulations

For companies, the regulation on data governance will play a decisive role, which is intended to establish a so-called "Schengen for data." The regulation, a draft of which has already been available since November 2020, is intended to facilitate the sharing of data via so-called data intermediaries and prevent corporations from further expanding their market power by linking their data pools with other offerings. Intermediaries provide a neutral marketplace for data, hosting large data sets and making them available to third parties. The regulation could come into force in 2023 already.

The EU Digital Markets Act regulation is also intended to limit the power of large digital companies (at least 6.5 billion in revenue per year in the EU region and more than 45 million end users per month) as so-called gatekeepers by requiring gatekeepers to provide smaller companies with access to data and to cooperate with them. Gatekeepers are not allowed to give preference to their own products on their platforms.

Consumers are affected by the EU Data Act and the Digital Service Act. The EU Data Act is intended to grant private individuals access to information generated in particular by the use of smart machines and products. This is intended to enable users to break away from a provider's ecosystem more easily. The Digital Service Act contains regulations for all intermediary online services and is intended to facilitate the removal of illegal content and combat illegal goods, services and content on the Internet.

In the area of AI, in April 2021, the EU published a proposal for a regulation to ensure that AI systems placed on the market and used in the EU are safe and that the fundamental rights of EU citizens are respected. The risk-based approach divides AI systems into four risk groups and requires compliance with certain transparency and control measures for high-risk AI systems.

It can be assumed that, as part of the European data strategy, the adoption of the ePrivacy Regulation, which was originally once scheduled to enter into force together with the General Data Protection Regulation in May 2018, will once again become the focus of the European legislator. This regulation is intended to standardize and update the data protection legal framework for electronic communications in the EU; the current draft is dated February 2021.

Outlook

Business models, particularly from the USA and China, show that in the context of "big fata" the main issue is that data may be collected, utilized and sold without any hurdles as far as possible. The EU would like to dissolve the competitive advantage attributed to the two countries in this respect and free European companies from existing dependencies. Against the backdrop of the ECJ's „Schrems“ rulings and the decisions of, for example, the Austrian and French data protection authorities on illegal third-country transfers in connection with Google Analytics, the intended strengthening of "European data" is to be welcomed in principle - although at the same time it is to be hoped that the increasing regulation of (not only personal) data does not lead to increased legal uncertainty and make it unattractive for companies to turn to data-driven business models.