The EU Data Act: Another Important Step in the EU Data Policy

The EU Data Act is a new regulation proposed by the European Commission in February 2022 and is part of a broader EU data strategy including several other legislative pieces. Some of these still need to be finalised – most notably the Digital Services Act, the Digital Markets Act and the Data Governance Act – whereas some are already adopted – most notably GDPR, the Regulation on the Free Flow of Non-Personal Data, the Database Directive and the Regulation on Platform-to-Business Relations.

The actual impact that data will have on European economies and societies, however, will depend as much on technological advancements as on the legal rules that will govern data use and data sharing.The Data Act aims at facilitating data sharing on a business-to-business and business-to-government basis (and thereby complements the Data Governance Act which focuses on reuse of public sector data) and is intended to address barriers that limit data sharing, as well as provide incentives.

Data is defined as “any digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audio-visual recording”. By including the word “compilation”, this proposal intends to (also) address the topic of databases, a well-known issue that has been on the Lotteries’ agenda for a long time. Data has a very peculiar characteristic called “non-rivalry”, which means that multiple individuals can use, re-use (even for other purposes) the same data in endless ways.

Up until now, companies do not seem to be ready to share their data easily due to various legal considerations (such as fear of misappropriating trade secrets, lack of trusted contracts, privacy issues, security, competition, etc.) and/or technical issues. With the Data Act, the European Commission intends to unleash the potential of data-driven innovation by creating legal obligations for data-sharing as connected devices (Internet of Things) are starting to be widespread.

A number of issues in the proposal of the Data Act, without being exhaustive, is interesting to address further.
 

Right to access

The proposal introduces the principle that every user should have access to the data it contributed to generating. Business-to-business data sharing is dependent upon the data holder having an incentive to share his data and that the negotiating power of the parties involved is balanced. When this is not the case, the strongest party could impose unfair/unreasonable conditions that may make access to data difficult or too onerous. Such aspects are already looked at in other areas of EU Law (such as chemical products where access to scientific data of an existing active substance is of crucial importance) and remain to a certain extent in the ambit of EU competition law. Guaranteeing that “unfair conditions” are excluded, it is one of the crucial elements of this proposal.

To address various issues, the Data Act promotes the understanding, use, and acceptance of the so-called smart contracts (the proposal defines additional conditions), which are based on the use of blockchain technology and are distributed among all the members of a network (DLT), or could be  based upon the creation of data spaces, which allow organisations to share data without a central data store through shared interfaces and standards, secure authentication, and governance layers  and conditions that define who can access which data (for example, restricting access to a competitor’s data). Common data spaces are already often used in M&A and in RFP processes, and for sectors such as public health, mobility, energy and also lotteries.
 

Preserve Trade Secrets, Specific IP Rights and Personal Data Rights

Data sharing agreements should of course respect the protection of personal data under the GDPR and of trade secrets. With the Data Act, the European Commission (also) intends to revise the well-known 1996 Database Directive, which introduced, among other things, a specific sui generis right for databases to the extent that the producer of a database substantially invested in obtaining, verifying and presenting the data. This Directive has been for many years in the middle of a debate, which started with the so-called “catalogue right”, among lotteries operating sport betting and certain leagues.

In various lottery related cases the Court of Justice of the EU has clarified the understanding of “substantial investments” in a database, clarifying that the sui generis right aims to protect the investments in the collection, not the creation of data (Fixtures Marketing Ltd v. Oy Veikkaus Ab (C-46/02, 9/11/2004), Fixtures Marketing Ltd v. Svenska Spel Ab (C-338/02, 9/11/2004) British Horseracing Board Ltd v. William Hill (C-203/02, 9/11/2004) Fixtures Marketing Ltd v. OPAP (C-444/02, 9/11/2004)).

The question again finds itself in the middle of the debate, in the context of the protection of sport integrity through monitoring platforms controlling the use of sport fixtures to be used for betting purposes. There is a need to balance the policy objectives of IP protection of such databases in the context of the data economy, where exclusivity of data is in general considered an impediment to innovation.
 

Enforcement

Enforcement will be at the national level in the hands of the competent authorities designated by Member States (which may be either existing or new ones) and any infringements will be sanctioned by administrative fines or financial penalties set at the national level.
 

And the next steps?

Given its nature and the various interests at stake, both the European Parliament and Member States in the Council of the EU will likely be paying serious attention to this proposal. In the European Parliament several Committees may well insist to be involved. In the Council, work might begin under the French Presidency of the EU, but with the Digital Services Act and the Digital Markets Act being priorities in the sphere of tech regulation, the Czech Presidency (from July 2022 onwards) will probably take the lead in finalising the Council’s position.

Due to the fact that the European Commission has opted for a regulation, i.e. a legal instrument binding in its entirety with direct effect and not leaving any room for differences amongst the Member States, it is of adamant importance to follow up on this proposal. This would be advised, especially in order to avoid that the interpretation reached by the Court of Justice of the EU on the sui generis right is affected, with another main point of interest being the importance of data for sport betting activities (and the monitoring of the integrity of sport).

EL closely monitors and – as appropriate – gets actively involved with the EU institutions and any other relevant stakeholders on the Data Act and will continue to do so in the best interest of its members. If you would like to know more about the Data Act or any other upcoming EU initiative with relevance for the gambling sector and how these might impact your business, please contact EL staff.

Interested in finding out more about our work on EU Affairs? Read more here.