Establishing a Suitable EU Data Governance Framework for Data Commodification
Leuven/Vienna. Privacy and data protection supporting the compliance of data sharing with EU rules is a new challenge for our society. A specific legal framework that protects relevant data from unauthorised use but also does not put European businesses at a disadvantage in global competition, is urgently needed. That is what TRUSTS is working on. In the project’s deliverable 6.2. (Legal and Ethical Requirements) the issue of controllership of personal data, the ensuing allocation of data protection responsibilities and the legal basis for processing personal data are determined. It informs about the main concepts of the ePrivacy legal frameworks and their relation with GDPR and provides further conceptual legal information on privacy-preserving techniques that might be relevant for TRUSTS partners, stakeholders as well as the European data community.
The legal patchwork for data transactions
“Industry players are increasingly considering data as a commodity to be traded in their own rights. This is particularly seen in data markets. In addition, there is a growing interest of policy makers in data markets and the exchange of data across industries. Still, the legal framework does not sufficiently address data rights in this respect towards commodification of data,” states Lidia Dutkiewicz, researcher at the Centre for IT & IP Law, KU Leuven.
The legal frameworks have increased over time with various rationales. In contrast, the question of whether and how data could be turned into a tradeable asset is rather new. Even data as a subject matter is a rather new construct in legal thinking. The patchwork of legal frameworks applying to data (transactions) might make it more difficult to trade data because of uncertainty that it brings about and because of the context-specific nature of legal analysis. This being said, a great array of options can be arranged by transacting parties by means of a contract. “However, a major issue lies in the fear of data providers to lose control over their data upon sharing them. Given the absence of clear rights on data, we will further investigate whether data sovereignty can be a solution without hindering core legal principles,” adds Charlotte Ducuing, researcher at the Centre for IT & IP Law, KU Leuven.
Data markets: step by step into a secure and sovereign future of data usage
Charlotte Ducuing, Lidia Dutkiewicz and Yuliya Miadzvetskaya from the Centre for IT & IP Law, KU Leuven (www.kuleuven.be), analysed the European laws and regulations relevant to the TRUSTS platform, defined legal and ethical requirements and identified potential legal and ethical obstacles. The emphasis of this deliverable was put on the most relevant legal and ethical aspects regarding data markets, data sharing, etc. This should enable important pioneering steps to be taken towards a future with sovereign data use. (see full text of deliverable at the end)
On the one hand, there is no ownership right in general on data in the EU member states. Many of the consulted legal scholars also consider that such an ownership right should not be set up due to the specific nature of data. Therefore, data cannot be sold legally like a table or watch. On the other hand, a variety of legal frameworks may apply to data and data transactions, which is subject to context-specific analysis. To provide a little insight: data protection law is applicable when personal data are processed, copyright protection may apply as well as the legal protection of databases. The dataset may be legally protected as trade secret or otherwise be subject to contractual arrangements such as non-disclosure agreements or limitations of (re)use. In addition, sectoral legislation may determine or lead to various types of obligations relating to data directly or indirectly, including an obligation to provide access for third parties to reuse data or alternatively confidentiality or secrecy obligations, etc.
Strong demand for research remains
Yuliya Miadzvetskaya, researcher at the Centre for IT & IP Law, KU Leuven, concludes: “Whether and how the EU should intervene to regulate data sharing from a legal perspective needs to be further analysed. This lies at the core of TRUSTS interdisciplinary research”.