The Data Act is important for Cities, but barely affects Big Tech
Some brief notes about the new regulation proposed by the European Commission
On February 23 of this year the European Commission released its proposal for a Regulation of the European Parliament and of the Council on harmonized rules on fair access to and use of data, better known as the Data Act. This is an important building block of the EU’s digital policy and a central pillar (along with the Data Governance Act published in November 2020) of the European strategy for data adopted in February 2020.
The stated goal of the Data Act is to “ensure fairness in the allocation of value from data among actors in the data economy and to foster access to and use of data.” For that purpose, the new Data Act establishes new requirements for data holders to provide access to the data that they collect to the users of their products or services. The Data Act also protects users of cloud (and edge) services by facilitating switching between providers and establishes some rules for the access to private sector data by public bodies in cases of exceptional need.
The first thing it should be noted is that the bulk of the regulation affects data exchanges between businesses and between businesses and consumers. The access to data by public bodies is limited to exceptional situations. This is aligned with the main goal of this Act of leveling the playing field regarding data access to generate a thriving market in the data economy.
To evaluate the reach of the Act, we need to analyze what data does it cover and therefore subject to the accessibility and sharing obligations established by it. The Act defines this aspect in the following sections:
(14) Physical products that obtain, generate or collect, by means of their components, data concerning their performance, use or environment and that are able to communicate that data via a publicly available electronic communications service (often referred to as the Internet of Things) should be covered by this Regulation. Electronic communications services include land-based telephone networks, television cable networks, satellite-based networks and near-field communication networks. Such products may include vehicles, home equipment and consumer goods, medical and health devices or agricultural and industrial machinery. The data represent the digitalisation of user actions and events and should accordingly be accessible to the user, while information derived or inferred from this data, where lawfully held, should not be considered within scope of this Regulation. Such data are potentially valuable to the user and support innovation and the development of digital and other services protecting the environment, health and the circular economy, in particular though facilitating the maintenance and repair of the products in question.
(15) In contrast, certain products that are primarily designed to display or play content, or to record and transmit content, amongst others for the use by an online service should not be covered by this Regulation. Such products include, for example, personal computers, servers, tablets and smart phones, cameras, webcams, sound recording systems and text scanners. They require human input to produce various forms of content, such as text documents, sound files, video files, games, digital maps.
This delimitation of the scope of the Data Act has, at least, two important implications.
First, data collected by Big Tech, digital platforms and Telcos (through smart phones) are out of the scope of this regulation and not subject to the accessibility requirements established in it. The data collected by these companies represents the largest chunk of the “data economy” and therefore the impact of this regulation is probably smaller than what some grandiose headlines may imply. The Data Act explicitly acknowledges this absence (section 36), arguing that these platforms (not Telcos) are regulated in the Regulation on contestable and fair markets in the digital sector, the Digital Markets Act. It does stipulate, however, that these gatekeepers cannot benefit from the accessibility requirements that the Data Act establishes for other businesses. In other words, businesses operating IoT products and services are obliged to give access to the data they generate to their users and certain third parties, but not if these users and third parties are a gatekeeper under the Digital Markets Act (since these gatekeepers do not need any help in accessing data and they already accumulate vast volumes of it).
The second implication is that the Data Act is important for cities. A large part of the data generated in cities comes from sensors and other smart city devices, which are within the scope of the Act. Users and third parties can request the data generated from their use of sensors, for example. This may unlock a large part of the data generated in cities and make it available for other businesses to develop innovative products and services leveraging that data. True, the data generated in platforms, such as AirBnB, seem to remain out of the scope of the Act. The case of data from ride-sharing and micro-mobility services is less clear. If the data is understood as generated in the platform or in the smart phone, it will not be covered by the Data Act, but if it is interpreted that the data is generated by the vehicles (i.e. a shared scooter), then the mobility data created by these companies is subject to the Act, and therefore these companies are obliged to make the data accessible to their users and to share it with third parties under certain circumstances.
This does not directly impact the ability of city governments to access this coveted data, which has often been identified as a necessary tool for city governments’ to be able to regulate these services and to make policy decisions in a more informed manner. The Data Act establishes that only in exceptional situations can public entities demand access to this data. Apparently, however, there could be ways to bypass that, for example, if a user demands from a data holder that they share the data with a third party of their choosing (allowed under Article 5 of the Data Act) and if this third party is a public entity. That seems to be possible under the current terms of the Data Act.
It is too early to say whether the Data Act will truly foster the access and use of data by startups and small and medium enterprises, generating a more thriving market for data-related products and innovations. This will largely depend on whether the implementation of the Act truly makes it easier for such parties to access data in the time and format that they need to design such new products and services, while not making it too burdensome (in costs, time, as well as potential losses of competitive advantage and return on investment) for data holders to make that data accessible. What seems clear, however, is that Big Tech and Telcos will not be highly impacted by this regulation, and that city governments, by contrast, should pay attention to the details of the regulation and its implementation, since it may open interesting avenues for greater access to data, with a potential positive impact on public value through (i) increased ability to make policy decisions based on newly accessed granular and real-time data, and (ii) more accessible data, generating a new market for innovations on top of that data infrastructure.